1.1.1. FU540 Platform Support

The FU540 module makes use of the L2 controller to provide cache partitioning for enclaves as a side-channel defense mechanism.

1.1.1.1. Building with the FU540 module

You can re-configure and re-build the bbl in the build directory:

--with-target-platform=fu540

1.1.1.2. Waymasking internals

The L2 controller of FU540 provides waymasking, which allows the SM to mask specific ways of the L2 cache.

Let’s take a look at fu540/fu540_internal.c:

void platform_init(struct platform_enclave_data_t* ped){
  ped->num_ways = WM_NUM_WAYS/2;
  ped->saved_mask = 0;
}

platform_init hook is called at SM initialization. This sets the number of ways each enclave gets.

Currently, we have hard-coded the number of ways to 8, which is the half of the L2.

On each context switch between the enclave and the host, platform_switch_to_enclave and platform_switch_from_enclave will be called. These functions configures the way mask such that the half of the L2 is allocated to the enclave.

void platform_switch_to_enclave(struct platform_enclave_data_t* ped){

  // Each hart gets special access to some
  unsigned int core = read_csr(mhartid) + 1;

  /* Allocate ways, fresh every time we enter */
  size_t remaining = waymask_allocate_ways(ped->num_ways,
                                           core,
                                           &ped->saved_mask);

  /* Assign the ways to all cores */
  waymask_apply_allocated_mask(ped->saved_mask, core);

  /* Clear out these ways MUST first apply mask to other masters */
  waymask_clear_ways(ped->saved_mask, core);

}
void platform_switch_from_enclave(struct platform_enclave_data_t* ped){
  /* Free all our ways */
  waymask_free_ways(ped->saved_mask);

  /* We don't need to clean them, see docs */

}