From 68b8de00ef9ae53bc9e9f9985665f357b00a8a8d Mon Sep 17 00:00:00 2001 From: Rodolfo Marinho Date: Mon, 21 Oct 2019 23:16:51 -0300 Subject: [PATCH] Support SGX 2.6 Signed-off-by: Rodolfo Marinho --- Dockerfile | 32 ++++++++++---------------------- README.md | 3 ++- entrypoint.sh | 5 ++--- install-psw.patch | 22 +++++++++++++--------- 4 files changed, 27 insertions(+), 35 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3d264a3..b851ffd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,34 +1,22 @@ FROM ubuntu:bionic -WORKDIR /usr/src/sdk - -RUN apt-get update && apt-get install -yq --no-install-recommends ca-certificates build-essential ocaml ocamlbuild automake autoconf libtool wget python libssl-dev libssl-dev libcurl4-openssl-dev protobuf-compiler git libprotobuf-dev alien cmake debhelper uuid-dev libxml2-dev - -RUN wget --progress=dot:mega -O iclsclient.rpm http://registrationcenter-download.intel.com/akdlm/irc_nas/11414/iclsClient-1.45.449.12-1.x86_64.rpm && \ - alien --scripts -i iclsclient.rpm && \ - rm iclsclient.rpm +WORKDIR /usr/src/app -RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz && \ - cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \ - cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && \ - make install && \ - cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b +RUN apt-get update && apt-get install -yq --no-install-recommends ca-certificates build-essential ocaml ocamlbuild automake autoconf libtool wget python libssl-dev libssl-dev libcurl4-openssl-dev protobuf-compiler git libprotobuf-dev alien cmake debhelper uuid-dev libxml2-dev lsb-release COPY install-psw.patch ./ -RUN git clone -b sgx_2.5 --depth 1 https://github.com/intel/linux-sgx && \ - cd linux-sgx && \ +RUN git clone -b sgx_2.6 --depth 1 https://github.com/intel/linux-sgx + +RUN cd linux-sgx && \ patch -p1 -i ../install-psw.patch && \ ./download_prebuilt.sh 2> /dev/null && \ - make -s -j$(nproc) sdk_install_pkg psw_install_pkg && \ - ./linux/installer/bin/sgx_linux_x64_sdk_2.5.100.49891.bin --prefix=/opt/intel && \ - ./linux/installer/bin/sgx_linux_x64_psw_2.5.100.49891.bin && \ - cd .. && rm -rf linux-sgx/ - -WORKDIR /usr/src/app + make -s -j$(nproc) && make -s -j$(nproc) sdk_install_pkg deb_pkg && \ + ./linux/installer/bin/sgx_linux_x64_sdk_2.6.100.51363.bin --prefix=/opt/intel && \ + cd linux/installer/deb/ && \ + dpkg -i libsgx-urts_2.6.100.51363-bionic1_amd64.deb libsgx-enclave-common_2.6.100.51363-bionic1_amd64.deb && \ + cd ../../../.. && rm -rf linux-sgx/ COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] -# For debug purposes -# COPY jhi.conf /etc/jhi/jhi.conf diff --git a/README.md b/README.md index 03d6875..07eb397 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ Instructions: * sgx_2.3.1 * sgx_2.4 * sgx_2.5 +* sgx_2.6 ## Example Dockerfile @@ -26,7 +27,7 @@ Example using `SampleEnclave` shipped with the official SDK **Dockerfile** ```Dockerfile -FROM sebvaucher/sgx-base:sgx_2.5 +FROM sebvaucher/sgx-base:sgx_2.6 COPY . ./ RUN make SGX_DEBUG=0 SGX_PRERELEASE=1 SGX_MODE=HW diff --git a/entrypoint.sh b/entrypoint.sh index 607e30d..47e3caf 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,10 +1,9 @@ #!/bin/bash source /opt/intel/sgxsdk/environment -export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/opt/intel/sgxpsw/aesm/ +export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/opt/intel/libsgx-enclave-common/aesm/ -jhid -d -/opt/intel/sgxpsw/aesm/aesm_service & +/opt/intel/libsgx-enclave-common/aesm/aesm_service & pid=$! trap "kill ${pid}" TERM INT diff --git a/install-psw.patch b/install-psw.patch index 1bdbd18..b1a3766 100644 --- a/install-psw.patch +++ b/install-psw.patch @@ -1,5 +1,5 @@ diff --git a/linux/installer/bin/install-sgx-psw.bin.tmpl b/linux/installer/bin/install-sgx-psw.bin.tmpl -index 3510e97c..751831ab 100755 +index 3510e97..751831a 100755 --- a/linux/installer/bin/install-sgx-psw.bin.tmpl +++ b/linux/installer/bin/install-sgx-psw.bin.tmpl @@ -30,34 +30,10 @@ @@ -38,7 +38,7 @@ index 3510e97c..751831ab 100755 ARCH=$(uname -m) diff --git a/linux/installer/common/libsgx-enclave-common/install.sh b/linux/installer/common/libsgx-enclave-common/install.sh -index 296879af..851d520b 100755 +index 20d8b17..23fe7b8 100755 --- a/linux/installer/common/libsgx-enclave-common/install.sh +++ b/linux/installer/common/libsgx-enclave-common/install.sh @@ -33,11 +33,6 @@ @@ -53,23 +53,27 @@ index 296879af..851d520b 100755 SCRIPT_DIR=$(dirname "$0") source ${SCRIPT_DIR}/installConfig -@@ -95,7 +90,7 @@ elif [ -d /etc/init/ ]; then +@@ -93,9 +88,7 @@ elif [ -d /etc/init/ ]; then + /sbin/initctl reload-configuration + retval=$? else - echo " failed." - echo "Unsupported platform - neither systemctl nor initctl is found." +- echo " failed." +- echo "Unsupported platform - neither systemctl nor initctl is found." - exit 5 + retval=0 fi if test $retval -ne 0; then diff --git a/linux/installer/common/psw/install.sh b/linux/installer/common/psw/install.sh -index 59f3ed61..8ba940a3 100755 +index 49fd2f7..637a5fe 100755 --- a/linux/installer/common/psw/install.sh +++ b/linux/installer/common/psw/install.sh -@@ -96,7 +96,7 @@ elif [ -d /etc/init/ ]; then +@@ -94,9 +94,7 @@ elif [ -d /etc/init/ ]; then + /sbin/initctl reload-configuration + retval=$? else - echo " failed." - echo "Unsupported platform - neither systemctl nor initctl is found." +- echo " failed." +- echo "Unsupported platform - neither systemctl nor initctl is found." - exit 5 + retval=0 fi