Build Occlum tools in SGX simulation mode by default

2020-05-12 04:05:32 +00:00 · 2020-05-12 04:05:32 +00:00 · 255f277f30
commit 255f277f30
parent 0bb1cbfbb5
3 changed files with 30 additions and 7 deletions
--- a/23
+++ b/23
@ -18,6 +18,11 @@ else
 	OCCLUM_GIT_OPTIONS +=
 endif

+# Enclaves using by tools are running in simulation mode by default to run faster.
+# If a user really wants to run the tools in SGX hardware mode, please use command
+# `OCCLUM_TOOLS_SIM_MODE_ONLY=N make submodule`.
+OCCLUM_TOOLS_SIM_MODE_ONLY ?= Y
+
 submodule: githooks
 	git submodule init
 	git submodule update $(OCCLUM_GIT_OPTIONS)
@ -25,17 +30,29 @@ submodule: githooks
 	cd deps/rust-sgx-sdk && git apply ../rust-sgx-sdk.patch >/dev/null 2>&1 || git apply ../rust-sgx-sdk.patch -R --check
 	cd deps/serde-json-sgx && git apply ../serde-json-sgx.patch >/dev/null 2>&1 || git apply ../serde-json-sgx.patch -R --check

-	@# Build tools and sefs-fuse for both HW mode and SIM mode
+ifeq ($(OCCLUM_TOOLS_SIM_MODE_ONLY), Y)
+	@# Tools and sefs-fuse are used in SIM mode by default
+	@rm -rf build build_sim
 	@$(MAKE) SGX_MODE=SIM --no-print-directory -C tools
 	@$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean
 	@$(MAKE) SGX_MODE=SIM --no-print-directory -C deps/sefs/sefs-fuse
 	@cp deps/sefs/sefs-fuse/bin/sefs-fuse build_sim/bin
 	@cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build_sim/lib
-	@$(MAKE) --no-print-directory -C tools
+	@cp -r build_sim build
+else
+	@# Tools and sefs-fuse are built for both HW mode and SIM mode
+	@rm -rf build build_sim
+	@$(MAKE) SGX_MODE=HW --no-print-directory -C tools
 	@$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean
-	@$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse
+	@$(MAKE) SGX_MODE=HW --no-print-directory -C deps/sefs/sefs-fuse
 	@cp deps/sefs/sefs-fuse/bin/sefs-fuse build/bin
 	@cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build/lib
+	@$(MAKE) SGX_MODE=SIM --no-print-directory -C tools
+	@$(MAKE) --no-print-directory -C deps/sefs/sefs-fuse clean
+	@$(MAKE) SGX_MODE=SIM --no-print-directory -C deps/sefs/sefs-fuse
+	@cp deps/sefs/sefs-fuse/bin/sefs-fuse build_sim/bin
+	@cp deps/sefs/sefs-fuse/lib/libsefs-fuse.signed.so build_sim/lib
+endif

 src:
 	@$(MAKE) --no-print-directory -C src
--- a/README.md
+++ b/README.md
@ -155,7 +155,7 @@ To build Occlum from the latest source code, do the following steps in an Occlum
    mkdir occlum && cd occlum
    git clone https://github.com/occlum/occlum .
    ```
-2. Prepare the submodules required by Occlum
+2. Prepare the submodules and tools required by Occlum.
    ```
    make submodule
    ```
--- a/tools/occlum
+++ b/tools/occlum
@ -40,6 +40,11 @@ Usage:
 EOF
 }

+get_conf_root_fs_mac() {
+    LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" \
+    "$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/mount/__ROOT/metadata"
+}
+
 get_conf_default_stack_size() {
    cat "$working_dir/Occlum.json" | \
        python -c "import sys, json; print json.load(sys.stdin)['process']['default_stack_size']"
@ -71,6 +76,7 @@ get_conf_entry_points() {
 }

 get_occlum_conf_file_mac() {
+    LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" \
    "$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/Occlum.json.protected"
 }

@ -173,13 +179,13 @@ cmd_build() {
    chmod 531 -R $working_dir/image/lib
    mkdir -p build/mount/
    cd "$occlum_dir/$build_dir/bin/" && \
-    ./sefs-fuse \
+    LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" ./sefs-fuse \
        --integrity-only \
        "$context_dir/build/mount/__ROOT" \
        "$working_dir/image" \
        zip

-    export OCCLUM_CONF_ROOT_FS_MAC=`"$occlum_dir/$build_dir/bin/occlum-protect-integrity" show-mac "$context_dir/build/mount/__ROOT/metadata"`
+    export OCCLUM_CONF_ROOT_FS_MAC=`get_conf_root_fs_mac`
    export OCCLUM_CONF_USER_SPACE_SIZE=`get_conf_user_space_size`
    export OCCLUM_CONF_DEFAULT_STACK_SIZE=`get_conf_default_stack_size`
    export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`get_conf_default_heap_size`
@ -189,7 +195,7 @@ cmd_build() {
    cd "$context_dir/build"
    "$occlum_dir/$build_dir/bin/occlum-gen-default-occlum-json"\
        > "Occlum.json"
-    "$occlum_dir/$build_dir/bin/occlum-protect-integrity" protect Occlum.json
+    LD_LIBRARY_PATH="$SGX_SDK/sdk_libs" "$occlum_dir/$build_dir/bin/occlum-protect-integrity" protect Occlum.json

    export OCCLUM_BUILTIN_CONF_FILE_MAC=`get_occlum_conf_file_mac`
    echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC"