3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/services/security/aesmd.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

237 lines
7.6 KiB
Nix
Raw Normal View History

2021-12-18 08:28:37 +00:00
{ config, options, pkgs, lib, ... }:
with lib;
let
cfg = config.services.aesmd;
2021-12-18 08:28:37 +00:00
opt = options.services.aesmd;
sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; };
configFile = with cfg.settings; pkgs.writeText "aesmd.conf" (
concatStringsSep "\n" (
optional (whitelistUrl != null) "whitelist url = ${whitelistUrl}" ++
optional (proxy != null) "aesm proxy = ${proxy}" ++
optional (proxyType != null) "proxy type = ${proxyType}" ++
optional (defaultQuotingType != null) "default quoting type = ${defaultQuotingType}" ++
# Newline at end of file
[ "" ]
)
);
in
{
options.services.aesmd = {
enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX";
debug = mkOption {
type = types.bool;
default = false;
description = "Whether to build the PSW package in debug mode.";
};
settings = mkOption {
description = "AESM configuration";
default = { };
type = types.submodule {
options.whitelistUrl = mkOption {
type = with types; nullOr str;
default = null;
example = "http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin";
description = "URL to retrieve authorized Intel SGX enclave signers.";
};
options.proxy = mkOption {
type = with types; nullOr str;
default = null;
example = "http://proxy_url:1234";
description = "HTTP network proxy.";
};
options.proxyType = mkOption {
type = with types; nullOr (enum [ "default" "direct" "manual" ]);
default = if (cfg.settings.proxy != null) then "manual" else null;
2021-12-18 08:28:37 +00:00
defaultText = literalExpression ''
if (config.${opt.settings}.proxy != null) then "manual" else null
'';
example = "default";
description = ''
Type of proxy to use. The <literal>default</literal> uses the system's default proxy.
If <literal>direct</literal> is given, uses no proxy.
A value of <literal>manual</literal> uses the proxy from
<option>services.aesmd.settings.proxy</option>.
'';
};
options.defaultQuotingType = mkOption {
type = with types; nullOr (enum [ "ecdsa_256" "epid_linkable" "epid_unlinkable" ]);
default = null;
example = "ecdsa_256";
description = "Attestation quote type.";
};
};
};
};
config = mkIf cfg.enable {
assertions = [{
assertion = !(config.boot.specialFileSystems."/dev".options ? "noexec");
message = "SGX requires exec permission for /dev";
}];
hardware.cpu.intel.sgx.provision.enable = true;
nixos/intel-sgx: add option for Intel SGX DCAP compatibility The Intel SGX DCAP driver makes the SGX application enclave device and the SGX provisioning enclave available below the path `/dev/sgx/`. Since Linux 5.11, a derivation of the DCAP driver is part of the kernel and available through the X86_SGX config option; NixOS enables this option by default. In contrast to the out-of-tree DCAP driver, the in-tree SGX driver uses a flat hierarchy for the SGX devices resulting in the paths `/dev/sgx_enclave` for the application enclave device and `/dev/sgx_provison` for the provisioning enclave device. As of this commit, even the latest version of the Intel SGX PSW libraries still tries to open the (legacy) DCAP paths only. This means that SGX software currently cannot find the required SGX devices even if the system actually supports SGX through the in-tree driver. Intel wants to change this behavior in an upcoming release of intel/linux-sgx. Having said that, SGX software assuming the SGX devices below `/dev/sgx/` will prevail. Therefore, this commit introduces the NixOS configuration option `hardware.cpu.intel.sgx.enableDcapCompat` which creates the necessary symlinks to support existing SGX software. The option defaults to true as it is currently the only way to support SGX software. Also, enabling the SGX AESM service enables the option. The permissions of the devices `/dev/sgx_enclave` and `/dev/sgx_provison` remain the same, i.e., are not affected regardless of having the new option enabled or not.
2022-01-11 11:10:09 +00:00
# Make sure the AESM service can find the SGX devices until
# https://github.com/intel/linux-sgx/issues/772 is resolved
# and updated in nixpkgs.
hardware.cpu.intel.sgx.enableDcapCompat = mkForce true;
systemd.services.aesmd =
let
storeAesmFolder = "${sgx-psw}/aesm";
# Hardcoded path AESM_DATA_FOLDER in psw/ae/aesm_service/source/oal/linux/aesm_util.cpp
aesmDataFolder = "/var/opt/aesmd/data";
aesmStateDirSystemd = "%S/aesmd";
in
{
description = "Intel Architectural Enclave Service Manager";
wantedBy = [ "multi-user.target" ];
after = [
"auditd.service"
"network.target"
"syslog.target"
];
environment = {
NAME = "aesm_service";
AESM_PATH = storeAesmFolder;
LD_LIBRARY_PATH = storeAesmFolder;
};
# Make sure any of the SGX application enclave devices is available
unitConfig.AssertPathExists = [
# legacy out-of-tree driver
"|/dev/isgx"
# DCAP driver
"|/dev/sgx/enclave"
# in-tree driver
"|/dev/sgx_enclave"
];
serviceConfig = rec {
ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" ''
set -euo pipefail
whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin"
if [[ ! -f "$whiteListFile" ]]; then
${pkgs.coreutils}/bin/install -m 644 -D \
"${storeAesmFolder}/data/white_list_cert_to_be_verify.bin" \
"$whiteListFile"
fi
'';
ExecStart = "${sgx-psw}/bin/aesm_service --no-daemon";
ExecReload = ''${pkgs.coreutils}/bin/kill -SIGHUP "$MAINPID"'';
Restart = "on-failure";
RestartSec = "15s";
DynamicUser = true;
Group = "sgx";
SupplementaryGroups = [
config.hardware.cpu.intel.sgx.provision.group
];
Type = "simple";
WorkingDirectory = storeAesmFolder;
StateDirectory = "aesmd";
StateDirectoryMode = "0700";
RuntimeDirectory = "aesmd";
RuntimeDirectoryMode = "0750";
# Hardening
# chroot into the runtime directory
RootDirectory = "%t/aesmd";
BindReadOnlyPaths = [
builtins.storeDir
# Hardcoded path AESM_CONFIG_FILE in psw/ae/aesm_service/source/utils/aesm_config.cpp
"${configFile}:/etc/aesmd.conf"
];
BindPaths = [
# Hardcoded path CONFIG_SOCKET_PATH in psw/ae/aesm_service/source/core/ipc/SocketConfig.h
"%t/aesmd:/var/run/aesmd"
"%S/aesmd:/var/opt/aesmd"
];
# PrivateDevices=true will mount /dev noexec which breaks AESM
PrivateDevices = false;
DevicePolicy = "closed";
DeviceAllow = [
# legacy out-of-tree driver
"/dev/isgx rw"
# DCAP driver
"/dev/sgx rw"
# in-tree driver
"/dev/sgx_enclave rw"
"/dev/sgx_provision rw"
];
# Requires Internet access for attestation
PrivateNetwork = false;
RestrictAddressFamilies = [
# Allocates the socket /var/run/aesmd/aesm.socket
"AF_UNIX"
# Uses the HTTP protocol to initialize some services
"AF_INET"
"AF_INET6"
];
# True breaks stuff
MemoryDenyWriteExecute = false;
# needs the ipc syscall in order to run
SystemCallFilter = [
"@system-service"
"~@aio"
"~@chown"
"~@clock"
"~@cpu-emulation"
"~@debug"
"~@keyring"
"~@memlock"
"~@module"
"~@mount"
"~@privileged"
"~@raw-io"
"~@reboot"
"~@resources"
"~@setuid"
"~@swap"
"~@sync"
"~@timer"
];
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
CapabilityBoundingSet = "";
KeyringMode = "private";
LockPersonality = true;
NoNewPrivileges = true;
NotifyAccess = "none";
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
UMask = "0066";
};
};
};
}