general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Build Occlum tools in SGX simulation mode by default

Browse Source
This commit is contained in:
Hui, Chunyang 2020-05-12 04:05:32 +00:00 committed by Tate, Hongliang Tian
parent 0bb1cbfbb5
commit 255f277f30
3 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Makefile
View File

@ -18,6 +18,11 @@ else
OCCLUM_GIT_OPTIONS += OCCLUM_GIT_OPTIONS +=
endif endif
# Enclaves using by tools are running in simulation mode by default to run faster.
# If a user really wants to run the tools in SGX hardware mode, please use command
# `OCCLUM_TOOLS_SIM_MODE_ONLY=N make submodule`.
OCCLUM_TOOLS_SIM_MODE_ONLY ?= Y
submodule: githooks submodule: githooks
git submodule init git submodule init
git submodule update $(OCCLUM_GIT_OPTIONS) git submodule update $(OCCLUM_GIT_OPTIONS)
@ -25,17 +30,29 @@ submodule: githooks
cd deps/rust-sgx-sdk && git apply ../rust-sgx-sdk.patch >/dev/null 2>&1 || git apply ../rust-sgx-sdk.patch -R --check cd deps/rust-sgx-sdk && git apply ../rust-sgx-sdk.patch >/dev/null 2>&1 || git apply ../rust-sgx-sdk.patch -R --check
cd deps/serde-json-sgx && git apply ../serde-json-sgx.patch >/dev/null 2>&1 || git apply ../serde-json-sgx.patch -R --check cd deps/serde-json-sgx && git apply ../serde-json-sgx.patch >/dev/null 2>&1 || git apply ../serde-json-sgx.patch -R --check
@# Build tools and sefs-fuse for both HW mode and SIM mode ifeq ($(OCCLUM_TOOLS_SIM_MODE_ONLY), Y)
@# Tools and sefs-fuse are used in SIM mode by default
@rm -rf build build_sim
@$(MAKE) SGX_MODE=SIM --no-print-directory -C tools @$(MAKE) SGX_MODE=SIM --no-print-directory -C tools
@$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean @$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean
@$(MAKE) SGX_MODE=SIM --no-print-directory -C deps/sefs/sefs-fuse @$(MAKE) SGX_MODE=SIM --no-print-directory -C deps/sefs/sefs-fuse
@cp deps/sefs/sefs-fuse/bin/sefs-fuse build_sim/bin @cp deps/sefs/sefs-fuse/bin/sefs-fuse build_sim/bin
@cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build_sim/lib @cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build_sim/lib
@$(MAKE) --no-print-directory -C tools @cp -r build_sim build
else
@# Tools and sefs-fuse are built for both HW mode and SIM mode
@rm -rf build build_sim
@$(MAKE) SGX_MODE=HW --no-print-directory -C tools
@$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean @$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean
@$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse @$(MAKE) SGX_MODE=HW --no-print-directory -C deps/sefs/sefs-fuse
@cp deps/sefs/sefs-fuse/bin/sefs-fuse build/bin @cp deps/sefs/sefs-fuse/bin/sefs-fuse build/bin
@cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build/lib @cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build/lib
@$(MAKE) SGX_MODE=SIM --no-print-directory -C tools
@$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean
@$(MAKE) SGX_MODE=SIM --no-print-directory -C deps/sefs/sefs-fuse
@cp deps/sefs/sefs-fuse/bin/sefs-fuse build_sim/bin
@cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build_sim/lib
endif
src: src:
@$(MAKE) --no-print-directory -C src @$(MAKE) --no-print-directory -C src

2
README.md
View File

@ -155,7 +155,7 @@ To build Occlum from the latest source code, do the following steps in an Occlum
mkdir occlum && cd occlum mkdir occlum && cd occlum
git clone https://github.com/occlum/occlum . git clone https://github.com/occlum/occlum .
``` ```
2. Prepare the submodules required by Occlum 2. Prepare the submodules and tools required by Occlum.
``` ```
make submodule make submodule
``` ```

12
tools/occlum
View File

@ -40,6 +40,11 @@ Usage:
EOF EOF
} }
get_conf_root_fs_mac() {
LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" \
"$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/mount/__ROOT/metadata"
}
get_conf_default_stack_size() { get_conf_default_stack_size() {
cat "$working_dir/Occlum.json" | \ cat "$working_dir/Occlum.json" | \
python -c "import sys, json; print json.load(sys.stdin)['process']['default_stack_size']" python -c "import sys, json; print json.load(sys.stdin)['process']['default_stack_size']"
@ -71,6 +76,7 @@ get_conf_entry_points() {
} }
get_occlum_conf_file_mac() { get_occlum_conf_file_mac() {
LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" \
"$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/Occlum.json.protected" "$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/Occlum.json.protected"
} }
@ -173,13 +179,13 @@ cmd_build() {
chmod 531 -R $working_dir/image/lib chmod 531 -R $working_dir/image/lib
mkdir -p build/mount/ mkdir -p build/mount/
cd "$occlum_dir/$build_dir/bin/" && \ cd "$occlum_dir/$build_dir/bin/" && \
./sefs-fuse \ LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" ./sefs-fuse \
--integrity-only \ --integrity-only \
"$context_dir/build/mount/__ROOT" \ "$context_dir/build/mount/__ROOT" \
"$working_dir/image" \ "$working_dir/image" \
zip zip
export OCCLUM_CONF_ROOT_FS_MAC=`"$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/mount/__ROOT/metadata"` export OCCLUM_CONF_ROOT_FS_MAC=`get_conf_root_fs_mac`
export OCCLUM_CONF_USER_SPACE_SIZE=`get_conf_user_space_size` export OCCLUM_CONF_USER_SPACE_SIZE=`get_conf_user_space_size`
export OCCLUM_CONF_DEFAULT_STACK_SIZE=`get_conf_default_stack_size` export OCCLUM_CONF_DEFAULT_STACK_SIZE=`get_conf_default_stack_size`
export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`get_conf_default_heap_size` export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`get_conf_default_heap_size`
@ -189,7 +195,7 @@ cmd_build() {
cd "$context_dir/build" cd "$context_dir/build"
"$occlum_dir/$build_dir/bin/occlum-gen-default-occlum-json"\ "$occlum_dir/$build_dir/bin/occlum-gen-default-occlum-json"\
> "Occlum.json" > "Occlum.json"
"$occlum_dir/$build_dir/bin/occlum-protect-integrity" protect Occlum.json LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" "$occlum_dir/$build_dir/bin/occlum-protect-integrity" protect Occlum.json
export OCCLUM_BUILTIN_CONF_FILE_MAC=`get_occlum_conf_file_mac` export OCCLUM_BUILTIN_CONF_FILE_MAC=`get_occlum_conf_file_mac`
echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC" echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC"