Questions regarding the use of unmap_alias and sim_reload about sgx-step HOT 3 CLOSED

Hi kmarzouq,

Nice to see you're interested and got the code working!

It's been a while I looked at this code, but to answer your questions:

, I commented out unmap_alias from the program and found it didn't really change much.

for unmap_alias: you definitely need a faulting non-present page to trigger Foreshadow. The reason it still works I think is because of this call further to unmap_alias:

, I commented out sim_reload from the program and found it didn't really change much.

This will not do anything if SIM_ENCLAVE is not set. This is only added to demonstrate the effect on patched CPUs or CPUs without SGX support. It "simulates" the enclave in a different C file without any hardware protection, just demonstrating you can leak from the L1D cache transiently (see #34)

Hope it helps! Closing this for now (feel free to re-open if needed)

from sgx-step.

for unmap_alias: you definitely need a faulting non-present page to trigger Foreshadow. The reason it still works I think is because of this call further to unmap_alias:

I commented that one too and it "worked"

This will not do anything if SIM_ENCLAVE is not set. This is only added to demonstrate the effect on patched CPUs or CPUs without SGX support. It "simulates" the enclave in a different C file without any hardware protection, just demonstrating you can leak from the L1D cache transiently (see #34)

I had to set SIM_ENCLAVE to 1 for Foreshadow to work. When I set it to 0, it isn't able to extract any data, even when I uncomment unmap_alias and sim_reload. Also what is to purpose of var rv in the sim_destroy_secret?

Also, I can't re-open the issue. I am not a collaborator.

from sgx-step.

I commented that one too and it "worked"

Then you're not doing a transient-execution attack, but simply an architectural access and encoding it in a cache side channel. This will of course also work, but is not showing the Foreshadow effect..

I had to set SIM_ENCLAVE to 1 for Foreshadow to work. When I set it to 0, it isn't able to extract any data, even when I uncomment unmap_alias and sim_reload.

That likely means your CPU is not vulnerable to Foreshadow: either it's too recent, or you have the ucode update that flushes L1D after SGX exit.

Also what is to purpose of var rv in the sim_destroy_secret?

No purpose, it seems this is leftover code from an older version or so. The whole "sim-enclave" mode was hacked in rather quickly just as a PoC so not necessarily high-quality code :)

Also, I can't re-open the issue. I am not a collaborator.

Ok, I'll leave it closed for now as I don't see an "issue" that needs fixing in the code. You can always reply here if needed.

from sgx-step.