remove launch token dependency for DCAP enclaves

Pal/src/host/Linux-SGX/sgx_framework.c

@@ -110,13 +110,13 @@ bool is_wrfsbase_supported(void) {
     return true;
 }
 
-int create_enclave(sgx_arch_secs_t* secs, sgx_arch_token_t* token) {
+int create_enclave(sgx_arch_secs_t* secs, sgx_arch_enclave_css_t* sigstruct) {
     assert(secs->size && IS_POWER_OF_2(secs->size));
     assert(IS_ALIGNED(secs->base, secs->size));
 
     secs->ssa_frame_size = SSA_FRAME_SIZE / g_page_size; /* SECS expects SSA frame size in pages */
-    secs->misc_select    = token->masked_misc_select_le;
-    memcpy(&secs->attributes, &token->body.attributes, sizeof(sgx_attributes_t));
+    secs->misc_select    = sigstruct->body.misc_select;
+    memcpy(&secs->attributes, &sigstruct->body.attributes, sizeof(sgx_attributes_t));
 
     /* Do not initialize secs->mr_signer and secs->mr_enclave here as they are
      * not used by ECREATE to populate the internal SECS. SECS's mr_enclave is

Pal/src/host/Linux-SGX/sgx_internal.h

@@ -72,7 +72,7 @@ bool is_wrfsbase_supported(void);
 int read_enclave_token(int token_file, sgx_arch_token_t* token);
 int read_enclave_sigstruct(int sigfile, sgx_arch_enclave_css_t* sig);
 
-int create_enclave(sgx_arch_secs_t* secs, sgx_arch_token_t* token);
+int create_enclave(sgx_arch_secs_t* secs, sgx_arch_enclave_css_t* sigstruct);
 
 enum sgx_page_type { SGX_PAGE_SECS, SGX_PAGE_TCS, SGX_PAGE_REG };
 int add_pages_to_enclave(sgx_arch_secs_t* secs, void* addr, void* user_addr, unsigned long size,

Pal/src/host/Linux-SGX/sgx_main.c

@@ -14,6 +14,7 @@
 #include "asan.h"
 #include "debug_map.h"
 #include "gdb_integration/sgx_gdb.h"
+#include "gsgx.h"
 #include "linux_utils.h"
 #include "pal_internal-arch.h"
 #include "pal_linux_defs.h"
@@ -200,15 +201,20 @@ static int load_enclave_binary(sgx_arch_secs_t* secs, int fd, unsigned long base
 static int initialize_enclave(struct pal_enclave* enclave, const char* manifest_to_measure) {
     int ret = 0;
     int enclave_image = -1;
-    sgx_arch_token_t enclave_token;
-    sgx_arch_enclave_css_t enclave_sigstruct;
+    int enclave_mem = -1;
     sgx_arch_secs_t enclave_secs;
     unsigned long enclave_entry_addr;
     unsigned long enclave_heap_min;
+
+    sgx_arch_enclave_css_t enclave_sigstruct;
     char* sig_path = NULL;
+    int sigfile_fd = -1;
+
+    /* Launch Token (aka EINITTOKEN) is used only on EPID (non-FLC-based) platforms and completely
+     * ignored on DCAP (FLC-based) platforms */
+    sgx_arch_token_t enclave_token;
     char* token_path = NULL;
-    int sigfile_fd = -1, token_fd = -1;
-    int enclave_mem = -1;
+    int token_fd = -1;
 
     /* this array may overflow the stack, so we allocate it in BSS */
     static void* tcs_addrs[MAX_DBG_THREADS];
@@ -246,6 +252,13 @@ static int initialize_enclave(struct pal_enclave* enclave, const char* manifest_
         goto out;
     }
 
+    ret = read_enclave_sigstruct(sigfile_fd, &enclave_sigstruct);
+    if (ret < 0) {
+        log_error("Reading enclave sigstruct failed: %d", ret);
+        goto out;
+    }
+
+#ifndef SGX_DCAP
     token_path = alloc_concat(g_pal_enclave.application_path, -1, ".token", -1);
     if (!token_path) {
         ret = -ENOMEM;
@@ -266,10 +279,11 @@ static int initialize_enclave(struct pal_enclave* enclave, const char* manifest_
         log_error("Reading enclave token failed: %d", ret);
         goto out;
     }
+#endif
 
 #ifdef DEBUG
     if (enclave->profile_enable) {
-        if (!(enclave_token.body.attributes.flags & SGX_FLAGS_DEBUG)) {
+        if (!(enclave_sigstruct.body.attributes.flags & SGX_FLAGS_DEBUG)) {
             log_error("Cannot use 'sgx.profile' with a production enclave");
             ret = -EINVAL;
             goto out;
@@ -288,16 +302,10 @@ static int initialize_enclave(struct pal_enclave* enclave, const char* manifest_
     }
 #endif
 
-    ret = read_enclave_sigstruct(sigfile_fd, &enclave_sigstruct);
-    if (ret < 0) {
-        log_error("Reading enclave sigstruct failed: %d", ret);
-        goto out;
-    }
-
     memset(&enclave_secs, 0, sizeof(enclave_secs));
     enclave_secs.base = enclave->baseaddr;
     enclave_secs.size = enclave->size;
-    ret = create_enclave(&enclave_secs, &enclave_token);
+    ret = create_enclave(&enclave_secs, &enclave_sigstruct);
     if (ret < 0) {
         log_error("Creating enclave failed: %d", ret);
         goto out;

python/graminelibos/sgx_get_token.py

@@ -89,20 +89,6 @@ def connect_aesmd(mrenclave, modulus, flags, xfrms):
 
     return ret_msg.ret.token
 
-def create_dummy_token(flags, xfrms, misc_select):
-    '''
-    Create dummy token with a few fields initialized with real values and others
-    with a placeholder ('\\0')
-    '''
-    token = bytearray(304)
-
-    # fields read by create_enclave() in sgx_framework.c
-    struct.pack_into('<Q', token, 48, flags)
-    struct.pack_into('<Q', token, 56, xfrms)
-    struct.pack_into('<L', token, 236, misc_select)
-
-    return token
-
 def get_token(sig, verbose=False):
     """Get SGX token (aka EINITTOKEN).
 
@@ -128,6 +114,10 @@ def get_token(sig, verbose=False):
     mrsigner = mrsigner.hexdigest()
 
     if verbose:
+        if is_dcap():
+            print('INFO: DCAP platform was detected. SGX launch tokens (EINITTOKEN) are not '
+                  'required on DCAP platforms. This tool will output an empty dummy token which '
+                  'can be - but not required to - supplied during Gramine launch.')
         print('Attributes:')
         print(f'    mr_enclave:  {sig["enclave_hash"].hex()}')
         print(f'    mr_signer:   {mrsigner}')
@@ -146,7 +136,7 @@ def get_token(sig, verbose=False):
               f'{sig["date_day"]:02d}')
 
     if is_dcap():
-        token = create_dummy_token(sig['attribute_flags'], xfrms, sig['misc_select'])
+        token = bytearray(0)
     else:
         token = connect_aesmd(sig['enclave_hash'], sig['modulus'], sig['attribute_flags'], xfrms)