gitweb.dragonflybsd.org Git - freebsd.git/commit

author	br <br@FreeBSD.org>
	Wed, 16 Aug 2017 10:38:06 +0000 (10:38 +0000)
committer	br <br@FreeBSD.org>
	Wed, 16 Aug 2017 10:38:06 +0000 (10:38 +0000)
commit	c51ad5f03afcb47b406efadbcb35cb71864b1771
tree	40823c28b974aaf6597564a799f120e36d28ad37	tree \| snapshot
parent	bc66f23e1640170e5384cf6bec4226fbcdc298a6	commit \| diff

Add support for Intel Software Guard Extensions (Intel SGX).

Intel SGX allows to manage isolated compartments "Enclaves" in user VA
space. Enclaves memory is part of processor reserved memory (PRM) and
always encrypted. This allows to protect user application code and data
from upper privilege levels including OS kernel.

This includes SGX driver and optional linux ioctl compatibility layer.
Intel SGX SDK for FreeBSD is also available.

Note this requires support from hardware (available since late Intel
Skylake CPUs).

Many thanks to Robert Watson for support and Konstantin Belousov
for code review.

Project wiki: https://wiki.freebsd.org/Intel_SGX.

Reviewed by: kib
Relnotes: yes
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D11113

sys/amd64/include/cpufunc.h		diff \| blob \| blame \| history
sys/amd64/include/sgx.h	[new file with mode: 0644]	blob
sys/amd64/include/sgxreg.h	[new file with mode: 0644]	blob
sys/amd64/sgx/sgx.c	[new file with mode: 0644]	blob
sys/amd64/sgx/sgx_linux.c	[new file with mode: 0644]	blob
sys/amd64/sgx/sgx_support.S	[new file with mode: 0644]	blob
sys/amd64/sgx/sgxvar.h	[new file with mode: 0644]	blob
sys/modules/Makefile		diff \| blob \| blame \| history
sys/modules/sgx/Makefile	[new file with mode: 0644]	blob
sys/modules/sgx_linux/Makefile	[new file with mode: 0644]	blob