Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linuxPackages.isgx: init at 2.11 #109013

Merged
merged 3 commits into from Mar 31, 2021
Merged

linuxPackages.isgx: init at 2.11 #109013

merged 3 commits into from Mar 31, 2021

Conversation

oxalica
Copy link
Contributor

@oxalica oxalica commented Jan 11, 2021

Motivation for this change

Add Linux driver for Intel Software Guard Extention (SGX).
Repository url.

When loaded on supported CPU with SGX enabled in BIOS, /dev/{isgx,mei0} will be available.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
    • There is only an isgx.ko. Tested to be loaded and it works.
  • Determined the impact on package closure size (by running nix path-info -S before and after)
    • 98.0K
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@SuperSandro2000
Copy link
Member

This is a semi-automatic executed nixpkgs-review which does not build all packages (e.g. lumo, tensorflow or pytorch)
If you find some bugs or got suggestions for further things to search or run please reach out to SuperSandro2000 on IRC.

Result of nixpkgs-review pr 109013 run on x86_64-linux 1

2 packages marked as broken and skipped:
  • linuxPackages_hardkernel_4_14.isgx
  • linuxPackages_hardkernel_latest.isgx
15 packages failed to build and are new build failures:
4 packages built:
  • linuxPackages.isgx (linuxPackages_5_4.isgx)
  • linuxPackages_hardened.isgx
  • linuxPackages_xen_dom0.isgx
  • linuxPackages_xen_dom0_hardened.isgx

@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/how-to-upstream-a-working-kernel-module-derivation/11040/3

@Pacman99
Copy link
Contributor

Pacman99 commented Jan 27, 2021
edited

I'm getting this error while building this:

error: --- EvalError ------------------------------------------------------- nix
at: (28:13) in file: /home/pachums/.cache/nixpkgs-review/pr-109013/nixpkgs/pkgs/os-specific/linux/isgx/default.nix

    27|     "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
    28|     "ARCH=${stdenv.hostPlatform.platform.kernelArch}"
      |             ^
    29|   ] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [

attribute 'platform' missing
(use '--show-trace' to show detailed location information)

I think this will get fixed by @lzmartinico's suggestion

@oxalica
Copy link
Contributor Author

oxalica commented Jan 30, 2021

Rebased and fixed build error.

Mic92
Mic92 reviewed Jan 30, 2021
View reviewed changes
pkgs/os-specific/linux/isgx/default.nix Outdated
meta = with lib; {
description = "Intel SGX Linux Driver";
homepage = "https://github.com/intel/linux-sgx-driver";
license = with licenses; [ bsd3 gpl2 ];
Copy link
Member

@Mic92 Mic92 Jan 30, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am inclined to say we no longer need this package because current linux testing adds an upstream sgx driver. Nevertheless you should mark this as broken for kernel newer or equal to 5.11.0.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Btw this is what you need to enable to have it in the kernel: https://github.com/Mic92/doctor-cluster-config/commit/bb70ed032ec876b93e2c4263af3542aa56fd7bdd#diff-d33b7b1f936a6f8f74abe312c8ef8737c4b53a525878f08564a4d0c163f2be5cR15

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also gpl2Only or gpl2Plus?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Mic92 Broken predicate is added. BTW: Kernel 5.11 is not in master currently. I'll check it later.

@SuperSandro2000 It's gpl2Only. Fixed.

@oxalica
Copy link
Contributor Author

oxalica commented Feb 1, 2021

It seems that the Makefile doesn't support cross compiling flags. I just removed related codes to simplify.

@Mic92
Copy link
Member

Mic92 commented Feb 1, 2021

Result of nixpkgs-review pr 109013 run on x86_64-linux 1

2 packages marked as broken and skipped:
  • linuxPackages_hardkernel_4_14.isgx
  • linuxPackages_hardkernel_latest.isgx
1 package failed to build:
  • linuxPackages-libre.isgx
16 packages built:
  • linuxPackages.isgx (linuxPackages_5_4.isgx)
  • linuxPackages_4_14.isgx
  • linuxPackages_4_19.isgx
  • linuxPackages_4_4.isgx
  • linuxPackages_4_9.isgx
  • linuxPackages_5_10.isgx (linuxPackages_latest.isgx)
  • linuxPackages_hardened.isgx
  • linuxPackages_latest-libre.isgx
  • linuxPackages_latest_hardened.isgx
  • linuxPackages_latest_xen_dom0.isgx
  • linuxPackages_latest_xen_dom0_hardened.isgx
  • linuxPackages_lqx.isgx
  • linuxPackages_testing_bcachefs.isgx
  • linuxPackages_xen_dom0.isgx
  • linuxPackages_xen_dom0_hardened.isgx
  • linuxPackages_zen.isgx

@Mic92
Copy link
Member

Mic92 commented Feb 1, 2021

Looks like linuxPackages-libre is broken again.

@SuperSandro2000
Copy link
Member

Looks like linuxPackages-libre is broken again.

I don't think I have seen it working since I started reviewing.

@Mic92
Copy link
Member

Mic92 commented Feb 2, 2021

Looks like linuxPackages-libre is broken again.

I don't think I have seen it working since I started reviewing.

#111594

@oxalica
Copy link
Contributor Author

oxalica commented Feb 5, 2021

@Mic92 Can we have this merged now?

@adaszko
Copy link

adaszko commented Mar 31, 2021

@Mic92 Can we have this merged now?

+1. Is there something that's blocking this? Is help needed for something?

@SuperSandro2000
Copy link
Member

This is a semi-automatic executed nixpkgs-review with nixpkgs-review-checks extension. It is checked by a human on a best effort basis and does not build all packages (e.g. lumo, tensorflow or pytorch).
If you have any questions or problems please reach out to SuperSandro2000 on IRC.

Result of nixpkgs-review pr 109013 run on x86_64-linux 1

10 packages marked as broken and skipped:
  • linuxPackages-libre.isgx
  • linuxPackages_hardkernel_4_14.isgx
  • linuxPackages_hardkernel_latest.isgx
  • linuxPackages_latest-libre.isgx
  • linuxPackages_latest.isgx
  • linuxPackages_latest_hardened.isgx
  • linuxPackages_latest_xen_dom0.isgx
  • linuxPackages_latest_xen_dom0_hardened.isgx
  • linuxPackages_lqx.isgx
  • linuxPackages_zen.isgx
10 packages built:
  • linuxPackages.isgx (linuxPackages_5_10.isgx)
  • linuxPackages_4_14.isgx
  • linuxPackages_4_19.isgx
  • linuxPackages_4_4.isgx
  • linuxPackages_4_9.isgx
  • linuxPackages_5_4.isgx
  • linuxPackages_hardened.isgx
  • linuxPackages_testing_bcachefs.isgx
  • linuxPackages_xen_dom0.isgx
  • linuxPackages_xen_dom0_hardened.isgx

@SuperSandro2000 SuperSandro2000 merged commit 72e1e31 into NixOS:master Mar 31, 2021
@oxalica oxalica deleted the isgx branch April 1, 2021 09:53
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/overriding-patchflags-in-buildlinux/6316/2

@adaszko
Copy link

adaszko commented Jun 12, 2021

This kernel module loads up fine for me with insmod: /root/.nix-profile/lib/modules/5.10.40/kernel/drivers/intel/sgx/isgx.ko but doesn't autoload on boot, even though I have boot.kernelModules = [ "isgx" ]; in /etc/nixos/configuration.nix. It errors during boot:

% journalctl -b | grep sgx
Jun 12 10:48:09 pierun systemd-modules-load[1647]: Failed to find module 'isgx'

@oxalica
Copy link
Contributor Author

oxalica commented Jun 12, 2021

@adaszko The module is not in-tree. I think you need to add the package to boot.extraModulePackages and then enable it in boot.kernelModules.

@adaszko
Copy link

adaszko commented Jun 12, 2021

Correct, this has worked for me:

boot.extraModulePackages = with config.boot.kernelPackages; [ isgx ];

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

@lzmartinico lzmartinico lzmartinico left review comments

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

Assignees
No one assigned
Labels
8.has: package (new) 10.rebuild-darwin: 0 10.rebuild-linux: 11-100 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@oxalica @SuperSandro2000 @nixos-discourse @Pacman99 @Mic92 @adaszko @lzmartinico