general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add install target for Makefile

Browse Source
This commit is contained in:
Tate, Hongliang Tian 2019-08-31 06:01:16 +00:00
parent 5c5b0ea429
commit 347791f235
12 changed files with 139 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Makefile
View File

@ -1,4 +1,4 @@
.PHONY: all submodule githooks src test clean .PHONY: all submodule githooks src test tools install clean
all: src all: src
@ -11,7 +11,7 @@ submodule: githooks
git submodule update git submodule update
cd deps/rust-sgx-sdk && git apply ../rust-sgx-sdk.patch cd deps/rust-sgx-sdk && git apply ../rust-sgx-sdk.patch
cd deps/sefs/sefs-fuse && make cd deps/sefs/sefs-fuse && make
cd tools/protect-integrity && make cd tools/ && make
src: src:
@$(MAKE) --no-print-directory -C src @$(MAKE) --no-print-directory -C src
@ -19,6 +19,23 @@ src:
test: test:
@$(MAKE) --no-print-directory -C test test @$(MAKE) --no-print-directory -C test test
OCCLUM_PREFIX ?= /opt/occlum
install:
install -d $(OCCLUM_PREFIX)/deps/sefs/sefs-fuse/bin/
install -t $(OCCLUM_PREFIX)/deps/sefs/sefs-fuse/bin/ deps/sefs/sefs-fuse/bin/*
install -d $(OCCLUM_PREFIX)/build/bin/
install -t $(OCCLUM_PREFIX)/build/bin/ -D build/bin/*
install -d $(OCCLUM_PREFIX)/build/lib/
install -t $(OCCLUM_PREFIX)/build/lib/ -D build/lib/*
install -d $(OCCLUM_PREFIX)/src/
install -t $(OCCLUM_PREFIX)/src/ -m 444 src/sgxenv.mk
install -d $(OCCLUM_PREFIX)/src/libos/
install -t $(OCCLUM_PREFIX)/src/libos/ -m 444 src/libos/Makefile src/libos/Enclave.lds
install -d $(OCCLUM_PREFIX)/src/libos/src/builtin/
install -t $(OCCLUM_PREFIX)/src/libos/src/builtin/ -m 444 src/libos/src/builtin/*
install -d $(OCCLUM_PREFIX)/etc/template/
install -t $(OCCLUM_PREFIX)/etc/template/ -m 444 etc/template/*
clean: clean:
@$(MAKE) --no-print-directory -C src clean @$(MAKE) --no-print-directory -C src clean
@$(MAKE) --no-print-directory -C test clean @$(MAKE) --no-print-directory -C test clean

4
test/Makefile
View File

@ -39,7 +39,7 @@ prebuild:
@$(RM) -rf $(BUILD_DIR)/test/* @$(RM) -rf $(BUILD_DIR)/test/*
@mkdir -p $(BUILD_DIR)/test @mkdir -p $(BUILD_DIR)/test
@cd $(BUILD_DIR)/test && \ @cd $(BUILD_DIR)/test && \
$(PROJECT_DIR)/src/cli/occlum init $(PROJECT_DIR)/build/bin/occlum init
@cp Occlum.json Enclave.xml $(BUILD_DIR)/test/ @cp Occlum.json Enclave.xml $(BUILD_DIR)/test/
$(BUILD_TARGETS): %: $(BUILD_TARGETS): %:
@ -49,7 +49,7 @@ $(BUILD_TARGETS): %:
postbuild: postbuild:
@cd $(BUILD_DIR)/test && \ @cd $(BUILD_DIR)/test && \
$(PROJECT_DIR)/src/cli/occlum build $(PROJECT_DIR)/build/bin/occlum build
############################################################################# #############################################################################
# Test targets # Test targets

2
test/test_common.mk
View File

@ -59,7 +59,7 @@ $(BUILD_DIR)/test/obj/$(TEST_NAME)/%.o: %.cc
test: test:
@cd $(BUILD_DIR)/test && \ @cd $(BUILD_DIR)/test && \
$(PROJECT_DIR)/src/cli/occlum run /bin/$(TEST_NAME) $(BIN_ARGS) $(PROJECT_DIR)/build/bin/occlum run /bin/$(TEST_NAME) $(BIN_ARGS)
test-native: test-native:
@LD_LIBRARY_PATH=/usr/local/occlum/lib cd $(IMAGE_DIR) && ./bin/$(TEST_NAME) $(BIN_ARGS) @LD_LIBRARY_PATH=/usr/local/occlum/lib cd $(IMAGE_DIR) && ./bin/$(TEST_NAME) $(BIN_ARGS)

11
tools/Makefile Normal file
View File

@ -0,0 +1,11 @@
.PHONY: all clean
all:
@mkdir -p ../build/bin/
@ln -s -f ../../tools/occlum ../build/bin/occlum
@ln -s -f ../../tools/occlum-build-enclave ../build/bin/occlum-build-enclave
@ln -s -f ../../tools/occlum-gen-default-occlum-json ../build/bin/occlum-gen-default-occlum-json
@$(MAKE) --no-print-directory -C protect-integrity
clean:
@$(MAKE) --no-print-directory -C protect-integrity clean

1
tools/bin/.gitignore vendored
View File

@ -1 +0,0 @@
protect-integrity

2
tools/docker/Dockerfile
View File

@ -58,6 +58,6 @@ RUN curl https://sh.rustup.rs -sSf | \
WORKDIR /tmp WORKDIR /tmp
COPY build_toolchain.sh /tmp COPY build_toolchain.sh /tmp
RUN ./build_toolchain.sh RUN ./build_toolchain.sh
ENV PATH="/usr/local/occlum/bin:$PATH" ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
WORKDIR /root WORKDIR /root

31
src/cli/occlum → tools/occlum
View File

@ -1,8 +1,9 @@
#!/bin/bash #!/bin/bash
working_dir=`pwd`
this_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" this_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
project_dir="$( cd "$( dirname "$this_dir/../../../" )" >/dev/null 2>&1 && pwd )" occlum_dir="$( cd "$( dirname "$this_dir/../../../" )" >/dev/null 2>&1 && pwd )"
working_dir=`pwd`
context_dir="$working_dir/.occlum" context_dir="$working_dir/.occlum"
SGX_SDK="${SGX_SDK:-/opt/intel/sgxsdk}" SGX_SDK="${SGX_SDK:-/opt/intel/sgxsdk}"
@ -39,7 +40,7 @@ get_conf_default_mmap_size() {
get_occlum_conf_file_mac() { get_occlum_conf_file_mac() {
"$project_dir/tools/bin/protect-integrity" show-mac "$context_dir/build/Occlum.json.protected" "$occlum_dir/build/bin/occlum-protect-integrity" show-mac "$context_dir/build/Occlum.json.protected"
} }
parse_occlum_user_space_size() { parse_occlum_user_space_size() {
@ -69,7 +70,7 @@ cmd_init() {
/usr/local/occlum/lib/libunwind.so.1 \ /usr/local/occlum/lib/libunwind.so.1 \
image/lib/ image/lib/
cp "$project_dir"/etc/template/* "$working_dir"/ cp "$occlum_dir"/etc/template/* "$working_dir"/
echo "Initialized an Occlum context in $working_dir" echo "Initialized an Occlum context in $working_dir"
} }
@ -81,29 +82,29 @@ cmd_build() {
rm -rf build rm -rf build
mkdir -p build/bin mkdir -p build/bin
cp "$project_dir/build/bin/occlum-pal" build/bin/ cp "$occlum_dir/build/bin/occlum-pal" build/bin/
mkdir -p build/lib mkdir -p build/lib
cp "$project_dir/build/lib/libocclum_core.a" build/lib/ cp "$occlum_dir/build/lib/libocclum_core.a" build/lib/
cp "$project_dir/build/lib/libcompiler-rt-patch.a" build/lib/ cp "$occlum_dir/build/lib/libcompiler-rt-patch.a" build/lib/
mkdir -p build/src/libos/src/builtin mkdir -p build/src/libos/src/builtin
mkdir -p build/mount/ mkdir -p build/mount/
cd "$project_dir/deps/sefs/sefs-fuse/bin/" && \ cd "$occlum_dir/deps/sefs/sefs-fuse/bin/" && \
./app \ ./app \
--integrity-only \ --integrity-only \
"$context_dir/build/mount/__ROOT" \ "$context_dir/build/mount/__ROOT" \
"$working_dir/image" \ "$working_dir/image" \
zip zip
export OCCLUM_CONF_ROOT_FS_MAC=`"$project_dir/tools/bin/protect-integrity" show-mac "$context_dir/build/mount/__ROOT/0"` export OCCLUM_CONF_ROOT_FS_MAC=`"$occlum_dir/build/bin/occlum-protect-integrity" show-mac "$context_dir/build/mount/__ROOT/0"`
export OCCLUM_CONF_USER_SPACE_SIZE=`get_conf_user_space_size` export OCCLUM_CONF_USER_SPACE_SIZE=`get_conf_user_space_size`
export OCCLUM_CONF_DEFAULT_STACK_SIZE=`get_conf_default_stack_size` export OCCLUM_CONF_DEFAULT_STACK_SIZE=`get_conf_default_stack_size`
export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`get_conf_default_heap_size` export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`get_conf_default_heap_size`
export OCCLUM_CONF_DEFAULT_MMAP_SIZE=`get_conf_default_mmap_size` export OCCLUM_CONF_DEFAULT_MMAP_SIZE=`get_conf_default_mmap_size`
cd "$context_dir/build" cd "$context_dir/build"
"$project_dir/src/cli/occlum-gen-default-occlum-json"\ "$occlum_dir/build/bin/occlum-gen-default-occlum-json"\
> "Occlum.json" > "Occlum.json"
"$project_dir/tools/bin/protect-integrity" protect Occlum.json "$occlum_dir/build/bin/occlum-protect-integrity" protect Occlum.json
export OCCLUM_BUILTIN_CONF_FILE_MAC=`get_occlum_conf_file_mac` export OCCLUM_BUILTIN_CONF_FILE_MAC=`get_occlum_conf_file_mac`
echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC" echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC"
@ -112,10 +113,10 @@ cmd_build() {
cd "$context_dir" cd "$context_dir"
mkdir -p src/libos/src/ mkdir -p src/libos/src/
cp "$project_dir/src/sgxenv.mk" src/ cp "$occlum_dir/src/sgxenv.mk" src/
cp "$project_dir/src/libos/Makefile" src/libos/ cp "$occlum_dir/src/libos/Makefile" src/libos/
cp "$project_dir/src/libos/Enclave.lds" src/libos/ cp "$occlum_dir/src/libos/Enclave.lds" src/libos/
cp -r "$project_dir/src/libos/src/builtin" src/libos/src/builtin cp -r "$occlum_dir/src/libos/src/builtin" src/libos/src/builtin
cd src/libos && \ cd src/libos && \
make clean-builtin && \ make clean-builtin && \
make "$context_dir/build/lib/libocclum.so" ONLY_REBUILD_BUILTIN=1 make "$context_dir/build/lib/libocclum.so" ONLY_REBUILD_BUILTIN=1

0
tools/bin/build-enclave → tools/occlum-build-enclave
View File

0
src/cli/occlum-gen-default-occlum-json → tools/occlum-gen-default-occlum-json
View File

4
tools/protect-integrity/App/App.cpp
View File

@ -18,7 +18,7 @@
#define MAX_PATH FILENAME_MAX #define MAX_PATH FILENAME_MAX
#define TOKEN_FILENAME "enclave.token" #define TOKEN_FILENAME "enclave.token"
#define ENCLAVE_FILENAME "protect-integrity-enclave.signed.so" #define ENCLAVE_FILENAME "occlum-protect-integrity.signed.so"
// ========================================================================== // ==========================================================================
// Enclave Initialization // Enclave Initialization
@ -138,7 +138,7 @@ static const char* get_enclave_absolute_path() {
// Get the absolute path of the containing directory // Get the absolute path of the containing directory
dirname(enclave_path); dirname(enclave_path);
// Get the absolute path of the enclave // Get the absolute path of the enclave
strncat(enclave_path, "/", sizeof(enclave_path)); strncat(enclave_path, "/../lib/", sizeof(enclave_path));
strncat(enclave_path, ENCLAVE_FILENAME, sizeof(enclave_path)); strncat(enclave_path, ENCLAVE_FILENAME, sizeof(enclave_path));
return (const char*)enclave_path; return (const char*)enclave_path;
} }

0
tools/protect-integrity/Enclave/Enclave.edl → tools/protect-integrity/Enclave.edl
View File

161
tools/protect-integrity/Makefile
View File

@ -1,5 +1,10 @@
######## SGX SDK Settings ######## ######## SGX SDK Settings ########
CUR_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
PROJECT_DIR := $(realpath $(CUR_DIR)/../../)
BUILD_DIR := $(PROJECT_DIR)/build
OBJS_DIR := $(BUILD_DIR)/tools/protect-integrity
SGX_SDK ?= /opt/intel/sgxsdk SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= HW SGX_MODE ?= HW
SGX_ARCH ?= x64 SGX_ARCH ?= x64
@ -40,58 +45,61 @@ endif
######## App Settings ######## ######## App Settings ########
ifneq ($(SGX_MODE), HW) ifneq ($(SGX_MODE), HW)
Urts_Library_Name := sgx_urts_sim URTS_LIBRARY_NAME := sgx_urts_sim
else else
Urts_Library_Name := sgx_urts URTS_LIBRARY_NAME := sgx_urts
endif endif
App_Cpp_Files := App/App.cpp APP_C_FILES := App/Enclave_u.c
App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include APP_CPP_FILES := App/App.cpp
APP_INCLUDE_PATHS := -IInclude -IApp -I$(SGX_SDK)/include -I$(OBJS_DIR)/App
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) APP_C_FLAGS := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(APP_INCLUDE_PATHS)
# Three configuration modes - Debug, prerelease, release # Three configuration modes - Debug, prerelease, release
# Debug - Macro DEBUG enabled. # Debug - Macro DEBUG enabled.
# Prerelease - Macro NDEBUG and EDEBUG enabled. # Prerelease - Macro NDEBUG and EDEBUG enabled.
# Release - Macro NDEBUG enabled. # Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1) ifeq ($(SGX_DEBUG), 1)
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG APP_C_FLAGS += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1) else ifeq ($(SGX_PRERELEASE), 1)
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG APP_C_FLAGS += -DNDEBUG -DEDEBUG -UDEBUG
else else
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG APP_C_FLAGS += -DNDEBUG -UEDEBUG -UDEBUG
endif endif
App_Cpp_Flags := $(App_C_Flags) -std=c++11 APP_CPP_FLAGS := $(APP_C_FLAGS) -std=c++11
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lsgx_uprotected_fs -lpthread APP_LINK_FLAGS := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(URTS_LIBRARY_NAME) -lsgx_uprotected_fs -lpthread
ifneq ($(SGX_MODE), HW) ifneq ($(SGX_MODE), HW)
App_Link_Flags += -lsgx_uae_service_sim APP_LINK_FLAGS += -lsgx_uae_service_sim
else else
App_Link_Flags += -lsgx_uae_service APP_LINK_FLAGS += -lsgx_uae_service
endif endif
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) APP_C_OBJS := $(addprefix $(OBJS_DIR)/,$(APP_C_FILES:.c=.o))
APP_CPP_OBJS := $(addprefix $(OBJS_DIR)/,$(APP_CPP_FILES:.cpp=.o))
APP_OBJS := $(APP_C_OBJS) $(APP_CPP_OBJS)
App_Name := protect-integrity APP_NAME := $(BUILD_DIR)/bin/occlum-protect-integrity
######## Enclave Settings ######## ######## Enclave Settings ########
ifneq ($(SGX_MODE), HW) ifneq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim TRTS_LIBRARY_NAME := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim SERVICE_LIBRARY_NAME := sgx_tservice_sim
else else
Trts_Library_Name := sgx_trts TRTS_LIBRARY_NAME := sgx_trts
Service_Library_Name := sgx_tservice SERVICE_LIBRARY_NAME := sgx_tservice
endif endif
Crypto_Library_Name := sgx_tcrypto CRYPTO_LIBRARY_NAME := sgx_tcrypto
Enclave_Cpp_Files := Enclave/Enclave.cpp ENCLAVE_C_FILES := Enclave/Enclave_t.c
Enclave_C_Files := ENCLAVE_CPP_FILES := Enclave/Enclave.cpp
Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport ENCLAVE_INCLUDE_PATHS := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(OBJS_DIR)/Enclave
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fPIC -fstack-protector $(Enclave_Include_Paths) ENCLAVE_C_FLAGS := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fPIC -fstack-protector $(ENCLAVE_INCLUDE_PATHS)
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++ ENCLAVE_CPP_FLAGS := $(ENCLAVE_C_FLAGS) -std=c++03 -nostdinc++
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries: # To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options, # 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
@ -100,105 +108,110 @@ Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++
# Use `--start-group' and `--end-group' to link these libraries. # Use `--start-group' and `--end-group' to link these libraries.
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options. # Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
# Otherwise, you may get some undesirable errors. # Otherwise, you may get some undesirable errors.
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ ENCLAVE_LINK_FLAGS := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ -Wl,--whole-archive -l$(TRTS_LIBRARY_NAME) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -lsgx_tprotected_fs -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -lsgx_tprotected_fs -l$(CRYPTO_LIBRARY_NAME) -l$(SERVICE_LIBRARY_NAME) -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--defsym,__ImageBase=0 \ -Wl,--defsym,__ImageBase=0 \
-Wl,--version-script=Enclave/Enclave.lds -Wl,--version-script=Enclave/Enclave.lds
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o) ENCLAVE_C_OBJS := $(addprefix $(OBJS_DIR)/,$(ENCLAVE_C_FILES:.c=.o))
Enclave_C_Objects := $(Enclave_C_Files:.c=.o) ENCLAVE_CPP_OBJS := $(addprefix $(OBJS_DIR)/,$(ENCLAVE_CPP_FILES:.cpp=.o))
ENCLAVE_OBJS := $(ENCLAVE_C_OBJS) $(ENCLAVE_CPP_OBJS)
Enclave_Name := protect-integrity-enclave.so ENCLAVE_NAME := $(BUILD_DIR)/lib/occlum-protect-integrity.so
Signed_Enclave_Name := protect-integrity-enclave.signed.so SIGNED_ENCLAVE_NAME := $(BUILD_DIR)/lib/occlum-protect-integrity.signed.so
Enclave_Config_File := Enclave/Enclave.config.xml ENCLAVE_CONFIG_FILE := Enclave/Enclave.config.xml
ALL_BUILD_SUBDIRS := $(sort $(patsubst %/,%,$(dir $(APP_NAME) $(SIGNED_ENCLAVE_NAME) $(ENCLAVE_OBJS) $(APP_OBJS))))
ifeq ($(SGX_MODE), HW) ifeq ($(SGX_MODE), HW)
ifneq ($(SGX_DEBUG), 1) ifneq ($(SGX_DEBUG), 1)
ifneq ($(SGX_PRERELEASE), 1) ifneq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_RELEASE BUILD_MODE = HW_RELEASE
endif endif
endif endif
endif endif
.PHONY: all run .PHONY: all test clean
ifeq ($(Build_Mode), HW_RELEASE) ifeq ($(BUILD_MODE), HW_RELEASE)
all: $(App_Name) $(Enclave_Name) all: $(APP_NAME) $(ENCLAVE_NAME)
@echo "The project has been built in release hardware mode." @echo "The project has been built in release hardware mode."
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." @echo "Please sign the $(ENCLAVE_NAME) first with your signing key before you run the $(APP_NAME) to launch and access the enclave."
@echo "To sign the enclave use the command:" @echo "To sign the enclave use the command:"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" @echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(ENCLAVE_NAME) -out <$(SIGNED_ENCLAVE_NAME)> -config $(ENCLAVE_CONFIG_FILE)"
@echo "You can also sign the enclave using an external signing tool." @echo "You can also sign the enclave using an external signing tool."
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
else else
all: $(App_Name) $(Signed_Enclave_Name) all: $(ALL_BUILD_SUBDIRS) $(APP_NAME) $(SIGNED_ENCLAVE_NAME)
endif endif
$(ALL_BUILD_SUBDIRS):
@mkdir -p $@
######## App Objects ######## ######## App Objects ########
App/Enclave_u.c: $(SGX_EDGER8R) Enclave/Enclave.edl $(OBJS_DIR)/App/Enclave_u.c: $(SGX_EDGER8R) Enclave.edl
@cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include @cd $(OBJS_DIR)/App && $(SGX_EDGER8R) --untrusted $(CUR_DIR)/Enclave.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@" @echo "GEN <= $@"
App/Enclave_u.o: App/Enclave_u.c $(OBJS_DIR)/App/Enclave_u.o: $(OBJS_DIR)/App/Enclave_u.c
@$(CC) $(App_C_Flags) -c $< -o $@ @$(CC) $(APP_C_FLAGS) -c $< -o $@
@echo "CC <= $<" @echo "CC <= $@"
App/%.o: App/%.cpp $(OBJS_DIR)/App/%.o: App/%.cpp
@$(CXX) $(App_Cpp_Flags) -c $< -o $@ @$(CXX) $(APP_CPP_FLAGS) -c $< -o $@
@echo "CXX <= $<" @echo "CXX <= $@"
$(App_Name): App/Enclave_u.o $(App_Cpp_Objects) $(OBJS_DIR)/App/%.o: App/%.c
@$(CXX) $^ -o $@ $(App_Link_Flags) @$(CC) $(APP_C_FLAGS) -c $< -o $@
@cp $(App_Name) ../bin/ @echo "CC <= $@"
$(APP_NAME): $(APP_OBJS)
@$(CXX) $^ -o $@ $(APP_LINK_FLAGS)
@echo "LINK => $@" @echo "LINK => $@"
######## Enclave Objects ######## ######## Enclave Objects ########
Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave/Enclave.edl $(OBJS_DIR)/Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave.edl
@cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include @cd $(OBJS_DIR)/Enclave && $(SGX_EDGER8R) --trusted $(CUR_DIR)/Enclave.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@" @echo "GEN <= $@"
Enclave/Enclave_t.o: Enclave/Enclave_t.c $(OBJS_DIR)/Enclave/Enclave_t.o: $(OBJS_DIR)/Enclave/Enclave_t.c
@$(CC) $(Enclave_C_Flags) -c $< -o $@ @$(CXX) $(ENCLAVE_CPP_FLAGS) -c $< -o $@
@echo "CC <= $<" @echo "CXX <= $@"
$(Enclave_Cpp_Objects): Enclave/%.o: Enclave/%.cpp $(OBJS_DIR)/Enclave/%.o: Enclave/%.cpp
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@ @$(CXX) $(ENCLAVE_CPP_FLAGS) -c $< -o $@
@echo "CXX <= $<" @echo "CXX <= $@"
$(Enclave_C_Objects): Enclave/%.o: Enclave/%.c $(OBJS_DIR)/Enclave/%.o: Enclave/%.c
@$(CC) $(Enclave_C_Flags) -c $< -o $@ @$(CC) $(ENCLAVE_C_FLAGS) -c $< -o $@
@echo "CC <= $<" @echo "CC <= $@"
$(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects) $(Enclave_C_Objects) $(ENCLAVE_NAME): $(ENCLAVE_OBJS)
$(CXX) $^ -o $@ $(Enclave_Link_Flags) @$(CXX) $^ -o $@ $(ENCLAVE_LINK_FLAGS)
@echo "LINK => $@" @echo "LINK => $@"
$(Signed_Enclave_Name): $(Enclave_Name) $(SIGNED_ENCLAVE_NAME): $(ENCLAVE_NAME)
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File) @$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(ENCLAVE_NAME) -out $@ -config $(ENCLAVE_CONFIG_FILE)
@cp $(Signed_Enclave_Name) ../bin/
@echo "SIGN => $@" @echo "SIGN => $@"
.PHONY: test
test: all random.txt test: all random.txt
./protect-integrity protect random.txt $(APP_NAME) protect random.txt
./protect-integrity show random.txt.protected > random.txt.unprotected $(APP_NAME) show random.txt.protected > random.txt.unprotected
./protect-integrity show-mac random.txt.protected $(APP_NAME) show-mac random.txt.protected
diff random.txt random.txt.unprotected diff random.txt random.txt.unprotected
@echo "Pass ^_^" @echo "Pass ^_^"
random.txt: random.txt:
@base64 /dev/urandom | head -c 10000000 > random.txt @base64 /dev/urandom | head -c 10000000 > random.txt
.PHONY: clean
clean: clean:
@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) $(Enclave_C_Objects) Enclave/Enclave_t.* *.test.txt random.txt* @rm -f $(APP_NAME) $(ENCLAVE_NAME) $(SIGNED_ENCLAVE_NAME) $(APP_OBJS) $(OBJS_DIR)/App/Enclave_u.* $(ENCLAVE_OBJS) $(OBJS_DIR)/Enclave/Enclave_t.* *.test.txt random.txt*