[Pal/Linux-SGX] Remove support for Intel SGX drivers version 1.8-

.ci/prfilter

@@ -44,7 +44,6 @@ THE_BIG_LIST_OF_NAUGHTY_FILES = list(map(pathlib.Path, [
     'LibOS/shim/test/apps/python-simple/run-tests.sh',
     'LibOS/shim/test/native',
     'Pal/src/host/Linux-SGX/debugger/gdb',
-    'Pal/src/host/Linux-SGX/sgx-driver/load.sh',
     'Scripts/list-all-graphene.sh',
     'Scripts/memusg',
     '.ci/run-pylint',

.ci/run-shellcheck

@@ -10,7 +10,6 @@ shellcheck "$@" \
     LibOS/shim/test/apps/python-simple/run-tests.sh \
     LibOS/shim/test/native/*.sh \
     Pal/src/host/Linux-SGX/debugger/gdb \
-    Pal/src/host/Linux-SGX/sgx-driver/load.sh \
     Runtime/pal_loader \
     Scripts/clean-check \
     Scripts/clean-check-prepare \

Documentation/oldwiki/Graphene-SGX-Quick-Start.md

@@ -33,7 +33,7 @@ The first command should list `isgx` and the second command should list the proc
     cd $GRAPHENE_DIR/Pal/src/host/Linux-SGX/sgx-driver
     make
     # the console will prompt you for the path of the Intel SGX driver code
-    sudo ./load.sh
+    sudo insmod gsgx.ko
 
 ### 5. Build Graphene-SGX
 

Documentation/oldwiki/Introduction-to-Graphene-SGX.md

@@ -94,7 +94,7 @@ following commands to build the driver:
     cd Pal/src/host/Linux-SGX/sgx-driver
     make
     # the console will prompt you for the path of the Intel SGX driver code
-    sudo ./load.sh
+    sudo insmod gsgx.ko
 
 If the Graphene SGX driver is successfully installed, and the Intel SDK aesmd service is up and
 running (see [here](https://github.com/01org/linux-sgx#start-or-stop-aesmd-service) for more

Documentation/oldwiki/Introduction-to-Graphene.md

@@ -129,7 +129,7 @@ To make Graphene aware of the SGX driver, run the following commands:
     cd Pal/src/host/Linux-SGX/sgx-driver
     make
     # the console will prompt you for the path of the Intel SGX driver code
-    sudo ./load.sh
+    sudo insmod gsgx.ko
 
 #### Build Graphene for SGX
 

Pal/src/host/Linux-SGX/Makefile

@@ -61,7 +61,7 @@ urts-asm-objs = sgx_entry.o
 graphene_lib = .lib/graphene-lib.a
 
 .PHONY: all
-all: sgx-driver/isgx_version.h $(host_files)
+all: sgx-driver/sgx.h $(host_files)
 
 libpal-Linux-SGX.a: $(enclave-objs) $(enclave-asm-objs)
 	$(call cmd,ar_a_o)
@@ -114,7 +114,7 @@ debugger/sgx_gdb.so: debugger/sgx_gdb.c
 
 enclave_entry.o sgx_entry.o: asm-offsets.h
 
-sgx-driver/isgx_version.h:
+sgx-driver/sgx.h:
 	$(MAKE) -C sgx-driver $(notdir $@)
 
 ifeq ($(filter %clean,$(MAKECMDGOALS)),)

Pal/src/host/Linux-SGX/sgx-driver

@@ -1 +1 @@
-Subproject commit 30d4b9400afb5fd78c600717340d6883ea128dd4
+Subproject commit ff8bab5ef58cca3ccc93674b62c0c16fe6668c93

Pal/src/host/Linux-SGX/sgx_framework.c

@@ -1,16 +1,15 @@
+#include <asm/errno.h>
 #include <hex.h>
 #include <pal_linux.h>
 #include <pal_rtld.h>
-#include "sgx_internal.h"
+
+#include "gsgx.h"
 #include "sgx_arch.h"
 #include "sgx_enclave.h"
-#include "graphene-sgx.h"
-
-#include <asm/errno.h>
+#include "sgx_internal.h"
 
 int gsgx_device = -1;
 int isgx_device = -1;
-#define ISGX_FILE "/dev/isgx"
 
 void * zero_page;
 
@@ -19,7 +18,7 @@ int open_gsgx(void)
     gsgx_device = INLINE_SYSCALL(open, 3, GSGX_FILE, O_RDWR | O_CLOEXEC, 0);
     if (IS_ERR(gsgx_device)) {
         SGX_DBG(DBG_E, "Cannot open device " GSGX_FILE ". Please make sure the"
-                " \'graphene_sgx\' kernel module is loaded.\n");
+                " Graphene SGX kernel module is loaded.\n");
         return -ERRNO(gsgx_device);
     }
 
@@ -127,7 +126,7 @@ bool is_wrfsbase_supported (void)
 
     if (!(cpuinfo[1] & 0x1)) {
         SGX_DBG(DBG_E, "The WRFSBASE instruction is not permitted on this"
-                " platform. Please make sure the \'graphene_sgx\' kernel module"
+                " platform. Please make sure the Graphene SGX kernel module"
                 " is loaded properly.\n");
         return false;
     }
@@ -178,19 +177,10 @@ int create_enclave(sgx_arch_secs_t * secs,
 
     assert(secs->base == addr);
 
-#if SDK_DRIVER_VERSION >= KERNEL_VERSION(1, 8, 0)
     struct sgx_enclave_create param = {
         .src = (uint64_t) secs,
     };
-    int ret = INLINE_SYSCALL(ioctl, 3, isgx_device, SGX_IOC_ENCLAVE_CREATE,
-                         &param);
-#else
-    struct gsgx_enclave_create param = {
-        .src = (uint64_t) secs,
-    };
-    int ret = INLINE_SYSCALL(ioctl, 3, gsgx_device, GSGX_IOCTL_ENCLAVE_CREATE,
-                         &param);
-#endif
+    int ret = INLINE_SYSCALL(ioctl, 3, isgx_device, SGX_IOC_ENCLAVE_CREATE, &param);
 
     if (IS_ERR(ret)) {
         SGX_DBG(DBG_I, "enclave ECREATE failed in enclave creation ioctl - %d\n", ERRNO(ret));
@@ -267,7 +257,6 @@ int add_pages_to_enclave(sgx_arch_secs_t * secs,
                 addr, addr + size, t, p, comment, m);
 
 
-#if SDK_DRIVER_VERSION >= KERNEL_VERSION(1, 8, 0)
     struct sgx_enclave_add_page param = {
         .addr       = secs->base + (uint64_t) addr,
         .src        = (uint64_t) (user_addr ? : zero_page),
@@ -288,28 +277,6 @@ int add_pages_to_enclave(sgx_arch_secs_t * secs,
         if (param.src != (uint64_t) zero_page) param.src += g_page_size;
         added_size += g_page_size;
     }
-#else
-    struct gsgx_enclave_add_pages param = {
-        .addr       = secs->baseaddr + (uint64_t) addr,
-        .user_addr  = (uint64_t) user_addr,
-        .size       = size,
-        .secinfo    = (uint64_t) &secinfo,
-        .flags      = skip_eextend ? GSGX_ENCLAVE_ADD_PAGES_SKIP_EEXTEND : 0,
-    };
-
-    if (!user_addr) {
-        param.user_addr = (unsigned long) zero_page;
-        param.flags |= GSGX_ENCLAVE_ADD_PAGES_REPEAT_SRC;
-    }
-
-    ret = INLINE_SYSCALL(ioctl, 3, gsgx_device,
-                         GSGX_IOCTL_ENCLAVE_ADD_PAGES,
-                         &param);
-    if (IS_ERR(ret)) {
-        SGX_DBG(DBG_I, "Enclave add page returned %d\n", ret);
-        return -ERRNO(ret);
-    }
-#endif
 
     return 0;
 }
@@ -328,7 +295,6 @@ int init_enclave(sgx_arch_secs_t * secs,
         SGX_DBG(DBG_I, " %02x", sigstruct->body.enclave_hash.m[i]);
     SGX_DBG(DBG_I, "\n");
 
-#if SDK_DRIVER_VERSION >= KERNEL_VERSION(1, 8, 0)
     struct sgx_enclave_init param = {
         .addr           = enclave_valid_addr,
         .sigstruct      = (uint64_t) sigstruct,
@@ -336,15 +302,6 @@ int init_enclave(sgx_arch_secs_t * secs,
     };
     int ret = INLINE_SYSCALL(ioctl, 3, isgx_device, SGX_IOC_ENCLAVE_INIT,
                              &param);
-#else
-    struct gsgx_enclave_init param = {
-        .addr           = enclave_valid_addr,
-        .sigstruct      = (uint64_t) sigstruct,
-        .einittoken     = (uint64_t) token,
-    };
-    int ret = INLINE_SYSCALL(ioctl, 3, gsgx_device, GSGX_IOCTL_ENCLAVE_INIT,
-                             &param);
-#endif
 
     if (IS_ERR(ret)) {
         return -ERRNO(ret);

README.rst

@@ -115,7 +115,7 @@ Prerequisites
       cd Pal/src/host/Linux-SGX/sgx-driver
       make
       # The console will be prompted to ask for the path of Intel SGX driver code
-      sudo ./load.sh
+      sudo insmod gsgx.ko
       sudo sysctl vm.mmap_min_addr = 0
 
    We note that this last command is a tempoarary work-around for some issues with the Intel SGX