inject nsm.ko from enclaveos

add enclaveos shim to test something
2025-07-11 17:55:28 -04:00 · 2025-07-11 17:30:35 -04:00
1 changed files with 64 additions and 1 deletions
--- a/src/platform/aws.rs
+++ b/src/platform/aws.rs
@ -63,7 +63,70 @@ impl super::Platform for Aws {
    }

    fn init(&self) -> Result<()> {
-        Self::init_heartbeat()?;
+        // Self::init_heartbeat()?;
+        enclaveos_shim::init_platform();
        Ok(())
    }
 }
+
+mod enclaveos_shim {
+
+    mod system {
+        use std::os::fd::AsRawFd;
+
+        pub fn insmod(path: &str) {
+            use libc::{syscall, SYS_finit_module};
+            let file = std::fs::File::open(path).unwrap();
+            let fd = file.as_raw_fd();
+            if unsafe { syscall(SYS_finit_module, fd, &[0u8; 1], 0) } < 0 {
+                eprintln!("bad insert kernel module: {path}");
+            }
+        }
+        pub fn socket_connect(
+            family: libc::c_int,
+            port: u32,
+            cid: u32,
+        ) -> libc::c_int {
+            use libc::{connect, socket, sockaddr, sockaddr_vm, SOCK_STREAM};
+            let fd = unsafe { socket(family, SOCK_STREAM, 0) };
+            if unsafe {
+                let mut sa: sockaddr_vm = std::mem::zeroed();
+                sa.svm_family = family as _;
+                sa.svm_port = port;
+                sa.svm_cid = cid;
+                connect(
+                    fd,
+                    &sa as *const _ as *mut sockaddr,
+                    size_of::<sockaddr_vm>() as _,
+                )
+            } < 0 {
+                panic!("yikes")
+            } else {
+                fd
+            }
+        }
+    }
+
+    pub fn init_platform(){
+        use system::insmod;
+        // TODO: error handling
+        nitro_heartbeat();
+
+        eprintln!("Loading nsm.ko");
+        insmod("/nsm.ko");
+    }
+
+    fn nitro_heartbeat() {
+        use system::socket_connect;
+        use libc::{write, read, close, AF_VSOCK};
+        let mut buf: [u8; 1] = [0; 1];
+        buf[0] = 0xB7; // AWS Nitro heartbeat value
+        let fd = socket_connect(AF_VSOCK, 9000, 3);
+        unsafe {
+            write(fd, buf.as_ptr() as _, 1);
+            read(fd, buf.as_ptr() as _, 1);
+            close(fd);
+        }
+        eprintln!("Sent NSM heartbeat");
+    }
+}
Author	SHA1	Message	Date
Ryan Heywood	fa87bd8088	inject nsm.ko from enclaveos	2025-07-11 17:55:28 -04:00
Ryan Heywood	61a8ff9537	add enclaveos shim to test something	2025-07-11 17:30:35 -04:00