diff --git a/Makefile b/Makefile index 7db805fa..229c5b59 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,11 @@ else OCCLUM_GIT_OPTIONS += endif +# Enclaves using by tools are running in simulation mode by default to run faster. +# If a user really wants to run the tools in SGX hardware mode, please use command +# `OCCLUM_TOOLS_SIM_MODE_ONLY=N make submodule`. +OCCLUM_TOOLS_SIM_MODE_ONLY ?= Y + submodule: githooks git submodule init git submodule update $(OCCLUM_GIT_OPTIONS) @@ -25,17 +30,29 @@ submodule: githooks cd deps/rust-sgx-sdk && git apply ../rust-sgx-sdk.patch >/dev/null 2>&1 || git apply ../rust-sgx-sdk.patch -R --check cd deps/serde-json-sgx && git apply ../serde-json-sgx.patch >/dev/null 2>&1 || git apply ../serde-json-sgx.patch -R --check - @# Build tools and sefs-fuse for both HW mode and SIM mode +ifeq ($(OCCLUM_TOOLS_SIM_MODE_ONLY), Y) + @# Tools and sefs-fuse are used in SIM mode by default + @rm -rf build build_sim @$(MAKE) SGX_MODE=SIM --no-print-directory -C tools @$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean @$(MAKE) SGX_MODE=SIM --no-print-directory -C deps/sefs/sefs-fuse @cp deps/sefs/sefs-fuse/bin/sefs-fuse build_sim/bin @cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build_sim/lib - @$(MAKE) --no-print-directory -C tools + @cp -r build_sim build +else + @# Tools and sefs-fuse are built for both HW mode and SIM mode + @rm -rf build build_sim + @$(MAKE) SGX_MODE=HW --no-print-directory -C tools @$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean - @$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse + @$(MAKE) SGX_MODE=HW --no-print-directory -C deps/sefs/sefs-fuse @cp deps/sefs/sefs-fuse/bin/sefs-fuse build/bin @cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build/lib + @$(MAKE) SGX_MODE=SIM --no-print-directory -C tools + @$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean + @$(MAKE) SGX_MODE=SIM --no-print-directory -C deps/sefs/sefs-fuse + @cp deps/sefs/sefs-fuse/bin/sefs-fuse build_sim/bin + @cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build_sim/lib +endif src: @$(MAKE) --no-print-directory -C src diff --git a/README.md b/README.md index 0223488e..96ce866b 100644 --- a/README.md +++ b/README.md @@ -155,7 +155,7 @@ To build Occlum from the latest source code, do the following steps in an Occlum mkdir occlum && cd occlum git clone https://github.com/occlum/occlum . ``` -2. Prepare the submodules required by Occlum +2. Prepare the submodules and tools required by Occlum. ``` make submodule ``` diff --git a/tools/occlum b/tools/occlum index 9ff5dc10..4132ca9a 100755 --- a/tools/occlum +++ b/tools/occlum @@ -40,6 +40,11 @@ Usage: EOF } +get_conf_root_fs_mac() { + LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" \ + "$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/mount/__ROOT/metadata" +} + get_conf_default_stack_size() { cat "$working_dir/Occlum.json" | \ python -c "import sys, json; print json.load(sys.stdin)['process']['default_stack_size']" @@ -71,6 +76,7 @@ get_conf_entry_points() { } get_occlum_conf_file_mac() { + LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" \ "$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/Occlum.json.protected" } @@ -173,13 +179,13 @@ cmd_build() { chmod 531 -R $working_dir/image/lib mkdir -p build/mount/ cd "$occlum_dir/$build_dir/bin/" && \ - ./sefs-fuse \ + LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" ./sefs-fuse \ --integrity-only \ "$context_dir/build/mount/__ROOT" \ "$working_dir/image" \ zip - export OCCLUM_CONF_ROOT_FS_MAC=`"$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/mount/__ROOT/metadata"` + export OCCLUM_CONF_ROOT_FS_MAC=`get_conf_root_fs_mac` export OCCLUM_CONF_USER_SPACE_SIZE=`get_conf_user_space_size` export OCCLUM_CONF_DEFAULT_STACK_SIZE=`get_conf_default_stack_size` export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`get_conf_default_heap_size` @@ -189,7 +195,7 @@ cmd_build() { cd "$context_dir/build" "$occlum_dir/$build_dir/bin/occlum-gen-default-occlum-json"\ > "Occlum.json" - "$occlum_dir/$build_dir/bin/occlum-protect-integrity" protect Occlum.json + LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" "$occlum_dir/$build_dir/bin/occlum-protect-integrity" protect Occlum.json export OCCLUM_BUILTIN_CONF_FILE_MAC=`get_occlum_conf_file_mac` echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC"