diff --git a/Makefile b/Makefile index a0991229..d2b9ddb5 100644 --- a/Makefile +++ b/Makefile @@ -28,17 +28,10 @@ VERSION_NUM = $(MAJOR_VER_NUM).$(MINOR_VER_NUM).$(PATCH_VER_NUM) EXCLUDE_FILES = "libocclum-libos.so.$(MAJOR_VER_NUM)\$$|libocclum-pal.so.$(MAJOR_VER_NUM)\$$|libocclum-pal.so\$$|.a\$$|occlum-protect-integrity.so.*" SHELL := bash - -submodule: githooks - git submodule init - git submodule update $(OCCLUM_GIT_OPTIONS) - @# Try to apply the patches. If failed, check if the patches are already applied - cd deps/serde-json-sgx && git apply ../serde-json-sgx.patch >/dev/null 2>&1 || git apply ../serde-json-sgx.patch -R --check - cd deps/ringbuf && git apply ../ringbuf.patch >/dev/null 2>&1 || git apply ../ringbuf.patch -R --check - cd deps/resolv-conf && git apply ../resolv-conf.patch >/dev/null 2>&1 || git apply ../resolv-conf.patch -R --check - +ifneq ($(SGX_MODE), HYPER) +submodule: githooks init-submodule + @rm -rf build @# Enclaves used by tools are running in simulation mode by default to run faster. - @rm -rf build build_sim @$(MAKE) SGX_MODE=SIM --no-print-directory -C tools @$(MAKE) --no-print-directory -C deps/sefs/sefs-cli clean @$(MAKE) --no-print-directory -C deps/sefs/sefs-cli no_sign SGX_MODE=HW @@ -49,9 +42,35 @@ submodule: githooks @cp deps/sefs/sefs-cli/lib/libsefs-cli_sim.so build/lib @cp deps/sefs/sefs-cli/lib/libsefs-cli.signed.so build/lib @cp deps/sefs/sefs-cli/enclave/Enclave.config.xml build/sefs-cli.Enclave.xml - @# Build and install Occlum dcap lib @cd tools/toolchains/dcap_lib && ./build.sh +else +submodule: githooks init-submodule + @rm -rf build + @# Enclaves used by tools are running in simulation mode by default to run faster. + @$(MAKE) SGX_MODE=SIM MS_BUFFER=1 --no-print-directory -C tools + @# Apply the sefs-cli's patch for HYPER mode + cd deps/sefs && git apply ../sefs-cli_hyper.patch >/dev/null 2>&1 || git apply ../sefs-cli_hyper.patch -R --check + @$(MAKE) --no-print-directory -C deps/sefs/sefs-cli clean + @$(MAKE) --no-print-directory -C deps/sefs/sefs-cli no_sign SGX_MODE=HYPER + @cp deps/sefs/sefs-cli/bin/sefs-cli_hyper build/bin + @cp deps/sefs/sefs-cli/lib/libsefs-cli_hyper.so build/lib + @# Cleanup the Enclave_u.* and Enclave_t.* generated in HYPER mode + @$(MAKE) --no-print-directory -C deps/sefs/sefs-cli clean + @$(MAKE) --no-print-directory -C deps/sefs/sefs-cli SGX_MODE=SIM + @cp deps/sefs/sefs-cli/bin/sefs-cli_sim build/bin + @cp deps/sefs/sefs-cli/lib/libsefs-cli_sim.so build/lib + @cp deps/sefs/sefs-cli/lib/libsefs-cli.signed.so build/lib + @cp deps/sefs/sefs-cli/enclave/Enclave.config.xml build/sefs-cli.Enclave.xml +endif + +init-submodule: + git submodule init + git submodule update $(OCCLUM_GIT_OPTIONS) + @# Try to apply the patches. If failed, check if the patches are already applied + cd deps/serde-json-sgx && git apply ../serde-json-sgx.patch >/dev/null 2>&1 || git apply ../serde-json-sgx.patch -R --check + cd deps/ringbuf && git apply ../ringbuf.patch >/dev/null 2>&1 || git apply ../ringbuf.patch -R --check + cd deps/resolv-conf && git apply ../resolv-conf.patch >/dev/null 2>&1 || git apply ../resolv-conf.patch -R --check src: @$(MAKE) --no-print-directory -C src @@ -63,22 +82,7 @@ test-glibc: @$(MAKE) --no-print-directory -C test test-glibc OCCLUM_PREFIX ?= /opt/occlum -install: minimal_sgx_libs - @# Install both libraries for HW mode and SIM mode - @$(MAKE) SGX_MODE=HW --no-print-directory -C src - @$(MAKE) SGX_MODE=SIM --no-print-directory -C src - - @echo "Install libraries ..." - @mkdir -p $(OCCLUM_PREFIX)/build/bin/ - @cp build/bin/* $(OCCLUM_PREFIX)/build/bin - @mkdir -p $(OCCLUM_PREFIX)/build/lib/ - @# Don't copy libos library and pal library symbolic files to install dir - @cd build/lib && cp --no-dereference `ls | grep -Ev $(EXCLUDE_FILES)` $(OCCLUM_PREFIX)/build/lib/ && cd - - @# Create symbolic for pal library and libos (hardware mode) - @cd $(OCCLUM_PREFIX)/build/lib && ln -sf libocclum-pal.so.$(VERSION_NUM) libocclum-pal.so.$(MAJOR_VER_NUM) && \ - ln -sf libocclum-pal.so.$(MAJOR_VER_NUM) libocclum-pal.so && \ - ln -sf libocclum-libos.so.$(VERSION_NUM) libocclum-libos.so.$(MAJOR_VER_NUM) && ln -sf libocclum-libos.so.$(MAJOR_VER_NUM) libocclum-libos.so - +install: minimal_sgx_libs install_bins_and_libs @echo "Install headers and miscs ..." @mkdir -p $(OCCLUM_PREFIX)/include/ @cp -r src/pal/include/*.h $(OCCLUM_PREFIX)/include @@ -91,7 +95,49 @@ install: minimal_sgx_libs @echo "Installation is done." +ifneq ($(SGX_MODE), HYPER) +install_bins_and_libs: + @# Install both libraries for HW mode and SIM mode + @$(MAKE) SGX_MODE=HW --no-print-directory -C src + @$(MAKE) SGX_MODE=SIM --no-print-directory -C src + @echo "Install libraries ..." + @mkdir -p $(OCCLUM_PREFIX)/build/bin/ + @cp build/bin/* $(OCCLUM_PREFIX)/build/bin + @mkdir -p $(OCCLUM_PREFIX)/build/lib/ + @# Don't copy libos library and pal library symbolic files to install dir + @cd build/lib && cp --no-dereference `ls | grep -Ev $(EXCLUDE_FILES)` $(OCCLUM_PREFIX)/build/lib/ && cd - + @# Create symbolic for pal library and libos (hardware mode) + @cd $(OCCLUM_PREFIX)/build/lib && \ + ln -sf libocclum-pal.so.$(VERSION_NUM) libocclum-pal.so.$(MAJOR_VER_NUM) && \ + ln -sf libocclum-pal.so.$(MAJOR_VER_NUM) libocclum-pal.so && \ + ln -sf libocclum-libos.so.$(VERSION_NUM) libocclum-libos.so.$(MAJOR_VER_NUM) && \ + ln -sf libocclum-libos.so.$(MAJOR_VER_NUM) libocclum-libos.so +else +install_bins_and_libs: hyper_mode_libs + @# Install both libraries for SIM mode and HYPER mode + @# Cleanup the Enclave_u.* and Enclave_t.* generated in HYPER mode + @$(MAKE) --no-print-directory -C src clean + @$(MAKE) SGX_MODE=SIM --no-print-directory -C src + @# Cleanup the Enclave_u.* and Enclave_t.* generated in SIM mode + @$(MAKE) --no-print-directory -C src clean + @$(MAKE) SGX_MODE=HYPER --no-print-directory -C src + @echo "Install libraries ..." + @mkdir -p $(OCCLUM_PREFIX)/build/bin/ + @cp build/bin/* $(OCCLUM_PREFIX)/build/bin + @mkdir -p $(OCCLUM_PREFIX)/build/lib/ + @# Don't copy libos library and pal library symbolic files to install dir + @cd build/lib && cp --no-dereference `ls | grep -Ev $(EXCLUDE_FILES)` $(OCCLUM_PREFIX)/build/lib/ && cd - + @# Create symbolic for pal library and libos (HYPER mode) + @cd $(OCCLUM_PREFIX)/build/lib && \ + ln -sf libocclum-pal_hyper.so.$(VERSION_NUM) libocclum-pal.so.$(MAJOR_VER_NUM) && \ + ln -sf libocclum-pal.so.$(MAJOR_VER_NUM) libocclum-pal.so && \ + ln -sf libocclum-libos_hyper.so.$(VERSION_NUM) libocclum-libos.so.$(MAJOR_VER_NUM) && \ + ln -sf libocclum-libos.so.$(MAJOR_VER_NUM) libocclum-libos.so +endif + + SGX_SDK ?= /opt/intel/sgxsdk + # Install minimum sgx-sdk set to support Occlum cmd execution in non-customized sgx-sdk environment minimal_sgx_libs: $(SGX_SDK)/lib64/libsgx_uae_service_sim.so $(SGX_SDK)/lib64/libsgx_quote_ex_sim.so @echo "Install needed sgx-sdk tools ..." @@ -99,7 +145,7 @@ minimal_sgx_libs: $(SGX_SDK)/lib64/libsgx_uae_service_sim.so $(SGX_SDK)/lib64/li @cp $(SGX_SDK)/lib64/{libsgx_ptrace.so,libsgx_uae_service_sim.so,libsgx_quote_ex_sim.so} $(OCCLUM_PREFIX)/sgxsdk-tools/lib64 @mkdir -p $(OCCLUM_PREFIX)/sgxsdk-tools/lib64/gdb-sgx-plugin @cd $(SGX_SDK)/lib64/gdb-sgx-plugin/ && cp $$(ls -A | grep -v __pycache__) $(OCCLUM_PREFIX)/sgxsdk-tools/lib64/gdb-sgx-plugin - @cd $(SGX_SDK) && cp -a --parents {bin/sgx-gdb,bin/x64/sgx_sign} $(OCCLUM_PREFIX)/sgxsdk-tools/ + @cd $(SGX_SDK) && cp -a --parents {bin/sgx-gdb,bin/x64/sgx_sign*} $(OCCLUM_PREFIX)/sgxsdk-tools/ @mkdir -p $(OCCLUM_PREFIX)/sgxsdk-tools/sdk_libs && cd $(OCCLUM_PREFIX)/sgxsdk-tools/sdk_libs && \ ln -sf ../lib64/libsgx_uae_service_sim.so libsgx_uae_service_sim.so && \ ln -sf ../lib64/libsgx_quote_ex_sim.so libsgx_quote_ex_sim.so @@ -107,6 +153,17 @@ minimal_sgx_libs: $(SGX_SDK)/lib64/libsgx_uae_service_sim.so $(SGX_SDK)/lib64/li @sed -i '/^SGX_LIBRARY_PATH=/d' $(OCCLUM_PREFIX)/sgxsdk-tools/bin/sgx-gdb @cp etc/environment $(OCCLUM_PREFIX)/sgxsdk-tools/ +ifeq ($(SGX_MODE), HYPER) +# Install HYPER mode libs +hyper_mode_libs: $(SGX_SDK)/lib64/libsgx_uae_service_hyper.so $(SGX_SDK)/lib64/libsgx_quote_ex_hyper.so + @echo "Install needed HYPER mode libs ..." + @mkdir -p $(OCCLUM_PREFIX)/sgxsdk-tools/lib64 + @cp $(SGX_SDK)/lib64/{libsgx_uae_service_hyper.so,libsgx_quote_ex_hyper.so} $(OCCLUM_PREFIX)/sgxsdk-tools/lib64 + @mkdir -p $(OCCLUM_PREFIX)/sgxsdk-tools/sdk_libs && cd $(OCCLUM_PREFIX)/sgxsdk-tools/sdk_libs && \ + ln -sf ../lib64/libsgx_uae_service_hyper.so libsgx_uae_service_hyper.so && \ + ln -sf ../lib64/libsgx_quote_ex_hyper.so libsgx_quote_ex_hyper.so +endif + format: @$(MAKE) --no-print-directory -C test format @$(MAKE) --no-print-directory -C tools format diff --git a/src/libos/Cargo.toml b/src/libos/Cargo.toml index 9efc74f4..9af551a2 100644 --- a/src/libos/Cargo.toml +++ b/src/libos/Cargo.toml @@ -41,6 +41,7 @@ sgx_file_cache = [] # Cache SgxFile objects. Invalidation is unimplemented. sgx1_exception_sim = [] # Simulate #PF and #GP exceptions on SGX 1 dcap = [] # DCAP support. The compilation relies on DCAP package. cov = ["sgx_cov"] # Enable coverage colletcion. +hyper_mode = [] # For running in hyper mode. [target.'cfg(not(target_env = "sgx"))'.dependencies] sgx_types = { path = "../../deps/rust-sgx-sdk/sgx_types" } diff --git a/src/libos/Enclave.lds b/src/libos/Enclave.lds index 0d5614f5..543ec186 100644 --- a/src/libos/Enclave.lds +++ b/src/libos/Enclave.lds @@ -2,6 +2,7 @@ enclave.so { global: g_global_data_sim; + g_global_data_hyper; g_global_data; enclave_entry; g_peak_heap_used; diff --git a/src/libos/Makefile b/src/libos/Makefile index 81d11125..4c63a41b 100644 --- a/src/libos/Makefile +++ b/src/libos/Makefile @@ -45,12 +45,15 @@ LIBOS_LOG ?= error LIBOS_SONAME := libocclum-libos.so.$(MAJOR_VER_NUM) -ifneq ($(SGX_MODE), HW) - LIBOS_CORE_LIB_NAME := occlum-libos-core_sim - LIBOS_SO_REAL := $(BUILD_DIR)/lib/libocclum-libos_sim.so.$(VERSION_NUM) -else +ifeq ($(SGX_MODE), HW) LIBOS_CORE_LIB_NAME := occlum-libos-core LIBOS_SO_REAL := $(BUILD_DIR)/lib/libocclum-libos.so.$(VERSION_NUM) +else ifeq ($(SGX_MODE), HYPER) + LIBOS_CORE_LIB_NAME := occlum-libos-core_hyper + LIBOS_SO_REAL := $(BUILD_DIR)/lib/libocclum-libos_hyper.so.$(VERSION_NUM) +else + LIBOS_CORE_LIB_NAME := occlum-libos-core_sim + LIBOS_SO_REAL := $(BUILD_DIR)/lib/libocclum-libos_sim.so.$(VERSION_NUM) endif LIBOS_CORE_A := $(OBJ_DIR)/libos/lib/lib$(LIBOS_CORE_LIB_NAME).a @@ -70,10 +73,14 @@ CXX_OBJS := $(addprefix $(OBJ_DIR)/libos/,$(CXX_SRCS:.cpp=.o)) S_OBJS := $(addprefix $(OBJ_DIR)/libos/,$(S_SRCS:.S=.o)) # Object files for simulation mode are stored in libos/src_sim -ifneq ($(SGX_MODE), HW) +ifeq ($(SGX_MODE), SIM) C_OBJS := $(subst libos/src,libos/src_sim,$(C_OBJS)) CXX_OBJS := $(subst libos/src,libos/src_sim,$(CXX_OBJS)) S_OBJS := $(subst libos/src,libos/src_sim,$(S_OBJS)) +else ifeq ($(SGX_MODE), HYPER) + C_OBJS := $(subst libos/src,libos/src_hyper,$(C_OBJS)) + CXX_OBJS := $(subst libos/src,libos/src_hyper,$(CXX_OBJS)) + S_OBJS := $(subst libos/src,libos/src_hyper,$(S_OBJS)) endif ALL_BUILD_SUBDIRS := $(sort $(patsubst %/,%,$(dir $(LIBOS_SO_REAL) $(EDL_C_OBJS) $(C_OBJS) $(CXX_OBJS) $(S_OBJS)) $(RUST_TARGET_DIR) $(RUST_OUT_DIR))) @@ -127,6 +134,10 @@ ifneq ($(OCCLUM_COV),) -Coverflow-checks=off -Cpanic=abort" endif +ifeq ($(SGX_MODE), HYPER) + LIBOS_FEATURES += hyper_mode +endif + # Release build is for production use. We enable code coverage only for debug # build. It also simplifies the implementation as the release and debug build # have different output paths. @@ -149,7 +160,7 @@ $(OBJ_DIR)/libos/$(SRC_OBJ)/Enclave_t.o: $(OBJ_DIR)/libos/$(SRC_OBJ)/Enclave_t.c @echo "CC <= $@" $(OBJ_DIR)/libos/$(SRC_OBJ)/Enclave_t.c: $(SGX_EDGER8R) ../Enclave.edl - @cd $(OBJ_DIR)/libos/$(SRC_OBJ) && $(SGX_EDGER8R) --trusted $(CUR_DIR)/../Enclave.edl --search-path $(SGX_SDK)/include --search-path $(RUST_SGX_SDK_DIR)/edl + @cd $(OBJ_DIR)/libos/$(SRC_OBJ) && $(SGX_EDGER8R) $(SGX_EDGER8R_MODE) --trusted $(CUR_DIR)/../Enclave.edl --search-path $(SGX_SDK)/include --search-path $(RUST_SGX_SDK_DIR)/edl @echo "GEN <= $@" $(C_OBJS):$(OBJ_DIR)/libos/$(SRC_OBJ)/%.o: src/%.c diff --git a/src/pal/Makefile b/src/pal/Makefile index 6c5890ce..8f91fd50 100644 --- a/src/pal/Makefile +++ b/src/pal/Makefile @@ -3,10 +3,12 @@ include ../sgxenv.mk LIBOCCLUM_PAL_SO := $(BUILD_DIR)/lib/libocclum-pal.so LIBOCCLUM_PAL_SONAME := libocclum-pal.so.$(MAJOR_VER_NUM) -ifneq ($(SGX_MODE), HW) - LIBOCCLUM_PAL_SO_REAL := $(BUILD_DIR)/lib/libocclum-pal_sim.so.$(VERSION_NUM) -else +ifeq ($(SGX_MODE), HW) LIBOCCLUM_PAL_SO_REAL := $(BUILD_DIR)/lib/libocclum-pal.so.$(VERSION_NUM) +else ifeq ($(SGX_MODE), HYPER) + LIBOCCLUM_PAL_SO_REAL := $(BUILD_DIR)/lib/libocclum-pal_hyper.so.$(VERSION_NUM) +else + LIBOCCLUM_PAL_SO_REAL := $(BUILD_DIR)/lib/libocclum-pal_sim.so.$(VERSION_NUM) endif # A dependency on Rust SGX SDK @@ -19,10 +21,13 @@ CXX_SRCS := $(sort $(wildcard src/*.cpp src/*/*.cpp)) C_OBJS := $(addprefix $(OBJ_DIR)/pal/,$(C_SRCS:.c=.o)) CXX_OBJS := $(addprefix $(OBJ_DIR)/pal/,$(CXX_SRCS:.cpp=.o)) -# Object files for simulation mode are stored in libos/src_sim -ifneq ($(SGX_MODE), HW) +# Object files for simulation mode are stored in pal/src_sim +ifeq ($(SGX_MODE), SIM) C_OBJS := $(subst pal/src,pal/src_sim,$(C_OBJS)) CXX_OBJS := $(subst pal/src,pal/src_sim,$(CXX_OBJS)) +else ifeq ($(SGX_MODE), HYPER) + C_OBJS := $(subst pal/src,pal/src_hyper,$(C_OBJS)) + CXX_OBJS := $(subst pal/src,pal/src_hyper,$(CXX_OBJS)) endif HEADER_FILES := $(sort $(wildcard src/*.h include/*.h include/*/*.h)) @@ -37,10 +42,12 @@ LINK_FLAGS := $(SGX_LFLAGS_U) -shared -L$(RUST_SGX_SDK_DIR)/sgx_ustdc/ -lsgx_ust LINK_FLAGS += -Wl,--version-script=pal.lds ifndef OCCLUM_DISABLE_DCAP LINK_FLAGS += -lsgx_dcap_ql -lsgx_dcap_quoteverify -ifneq ($(SGX_MODE), HW) -LINK_FLAGS += -lsgx_quote_ex_sim -else +ifeq ($(SGX_MODE), HW) LINK_FLAGS += -lsgx_quote_ex +else ifeq ($(SGX_MODE), HYPER) +LINK_FLAGS += -lsgx_quote_ex_hyper +else +LINK_FLAGS += -lsgx_quote_ex_sim endif endif @@ -66,7 +73,7 @@ $(OBJ_DIR)/pal/$(SRC_OBJ)/Enclave_u.o: $(OBJ_DIR)/pal/$(SRC_OBJ)/Enclave_u.c $(OBJ_DIR)/pal/$(SRC_OBJ)/Enclave_u.c: $(SGX_EDGER8R) ../Enclave.edl @cd $(OBJ_DIR)/pal/$(SRC_OBJ) && \ - $(SGX_EDGER8R) --untrusted $(CUR_DIR)/../Enclave.edl \ + $(SGX_EDGER8R) $(SGX_EDGER8R_MODE) --untrusted $(CUR_DIR)/../Enclave.edl \ --search-path $(SGX_SDK)/include \ --search-path $(RUST_SGX_SDK_DIR)/edl/ @echo "GEN <= $@" diff --git a/src/sgxenv.mk b/src/sgxenv.mk index 60c925ea..afa17797 100644 --- a/src/sgxenv.mk +++ b/src/sgxenv.mk @@ -27,10 +27,12 @@ NO_COLOR := \033[0m # Save code and object file generated during building src OBJ_DIR := $(PROJECT_DIR)/build/internal/src -ifneq ($(SGX_MODE), HW) - SRC_OBJ := src_sim -else +ifeq ($(SGX_MODE), HW) SRC_OBJ := src +else ifeq ($(SGX_MODE), HYPER) + SRC_OBJ := src_hyper +else + SRC_OBJ := src_sim endif BUILD_DIR := $(PROJECT_DIR)/build @@ -54,13 +56,19 @@ SGX_COMMON_CFLAGS := -Wall -std=gnu11 ifeq ($(SGX_ARCH), x86) SGX_COMMON_CFLAGS += -m32 SGX_LIBRARY_PATH := $(SGX_SDK)/lib - SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign - SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r + SGX_BIN_PATH := $(SGX_SDK)/bin/x86 else SGX_COMMON_CFLAGS += -m64 SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 - SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign - SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r + SGX_BIN_PATH := $(SGX_SDK)/bin/x64 +endif + +SGX_EDGER8R := $(SGX_BIN_PATH)/sgx_edger8r +ifneq ($(SGX_MODE), HYPER) + SGX_ENCLAVE_SIGNER := $(SGX_BIN_PATH)/sgx_sign +else + SGX_ENCLAVE_SIGNER := $(SGX_BIN_PATH)/sgx_sign_hyper + SGX_EDGER8R_MODE := --sgx-mode $(SGX_MODE) endif ifeq ($(OCCLUM_RELEASE_BUILD), 1) @@ -71,18 +79,23 @@ endif RUST_SGX_SDK_DIR := $(PROJECT_DIR)/deps/rust-sgx-sdk -ifneq ($(SGX_MODE), HW) - SGX_COMMON_CFLAGS += -D SGX_MODE_SIM -else +ifeq ($(SGX_MODE), HW) SGX_COMMON_CFLAGS += -D SGX_MODE_HW +else ifeq ($(SGX_MODE), HYPER) + SGX_COMMON_CFLAGS += -D SGX_MODE_HYPER +else + SGX_COMMON_CFLAGS += -D SGX_MODE_SIM endif -ifneq ($(SGX_MODE), HW) - Trts_Library_Name := sgx_trts_sim - Service_Library_Name := sgx_tservice_sim -else +ifeq ($(SGX_MODE), HW) Trts_Library_Name := sgx_trts Service_Library_Name := sgx_tservice +else ifeq ($(SGX_MODE), HYPER) + Trts_Library_Name := sgx_trts_hyper + Service_Library_Name := sgx_tservice_hyper +else + Trts_Library_Name := sgx_trts_sim + Service_Library_Name := sgx_tservice_sim endif Crypto_Library_Name := sgx_tcrypto KeyExchange_Library_Name := sgx_tkey_exchange @@ -95,10 +108,12 @@ SGX_CFLAGS_U := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes \ -I$(RUST_SGX_SDK_DIR)/edl -I$(SGX_SDK)/include SGX_CXXFLAGS_U := $(SGX_CFLAGS_U) -std=c++11 -ifneq ($(SGX_MODE), HW) - SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts_sim -Wl,-Bdynamic -lsgx_uae_service_sim -else +ifeq ($(SGX_MODE), HW) SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts -Wl,-Bdynamic -lsgx_uae_service -lsgx_enclave_common +else ifeq ($(SGX_MODE), HYPER) + SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts_hyper -Wl,-Bdynamic -lsgx_uae_service_hyper +else + SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts_sim -Wl,-Bdynamic -lsgx_uae_service_sim endif # diff --git a/test/test_common.mk b/test/test_common.mk index db7e4bc3..9876f3b7 100644 --- a/test/test_common.mk +++ b/test/test_common.mk @@ -26,12 +26,12 @@ else endif C_FLAGS = -Wall -Wno-return-local-addr -I../include -O2 -fPIC $(EXTRA_C_FLAGS) -ifeq ($(SGX_MODE), SIM) - C_FLAGS += -D SGX_MODE_SIM -else ifeq ($(SGX_MODE), SW) - C_FLAGS += -D SGX_MODE_SIM -else +ifeq ($(SGX_MODE), HW) C_FLAGS += -D SGX_MODE_HW +else ifeq ($(SGX_MODE), HYPER) + C_FLAGS += -D SGX_MODE_HYPER +else + C_FLAGS += -D SGX_MODE_SIM endif LINK_FLAGS = $(C_FLAGS) -pie $(EXTRA_LINK_FLAGS) diff --git a/tools/occlum b/tools/occlum index dae52dbe..bd3a4580 100755 --- a/tools/occlum +++ b/tools/occlum @@ -28,7 +28,11 @@ status_file=$instance_dir/.__occlum_status if [ -f "$occlum_sgx_env" ]; then source $occlum_sgx_env SGX_GDB="$SGX_SDK/bin/sgx-gdb" - ENCLAVE_SIGN_TOOL="$SGX_SDK/bin/x64/sgx_sign" + if [[ -n $SGX_MODE && "$SGX_MODE" == "HYPER" ]]; then + ENCLAVE_SIGN_TOOL="$SGX_SDK/bin/x64/sgx_sign_hyper" + else + ENCLAVE_SIGN_TOOL="$SGX_SDK/bin/x64/sgx_sign" + fi ENCLAVE_SIGN_KEY="$occlum_dir/etc/template/Enclave.pem" fi @@ -252,7 +256,7 @@ cmd_build() { case "$1" in --sign-key) [ -n "$2" ] && ENCLAVE_SIGN_KEY=$2 ; shift 2 || exit_error "empty signing key path" ;; --sign-tool) [ -n "$2" ] && ENCLAVE_SIGN_TOOL=$2 ; shift 2 || exit_error "empty signing tool path" ;; - --sgx-mode) [[ -n "$2" && "$2" != "HW" ]] && export SGX_MODE=SIM ; shift 2 || exit_error "empty sgx mode";; + --sgx-mode) [[ -n "$2" && "$2" != "HW" ]] && export SGX_MODE=$2 ; shift 2 || exit_error "empty sgx mode";; --image-key) [ -n "$2" ] && SECURE_IMAGE_KEY=$2 ; shift 2 || exit_error "empty secure image key path" ;; --buildin-image-key) BUILDIN_IMAGE_KEY=true ; shift ;; --force | -f) MAKE_OPTION="clean" ; shift ;; @@ -270,8 +274,13 @@ cmd_build() { if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$SGX_SDK/sdk_libs - pal_lib=libocclum-pal_sim.so - libos_lib=libocclum-libos_sim.so + if [[ "$SGX_MODE" != "HYPER" ]]; then + pal_lib=libocclum-pal_sim.so + libos_lib=libocclum-libos_sim.so + else + pal_lib=libocclum-pal_hyper.so + libos_lib=libocclum-libos_hyper.so + fi echo "SGX mode: $SGX_MODE" else echo "SGX mode: HW" @@ -279,7 +288,7 @@ cmd_build() { # If sgx mode is changed, build thoroughly again if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then - if [ "$(cat $instance_dir/.sgx_mode 2>/dev/null)" != "SIM" ]; then + if [ "$(cat $instance_dir/.sgx_mode 2>/dev/null)" != "$SGX_MODE" ]; then MAKE_OPTION="clean" fi else @@ -304,7 +313,7 @@ cmd_build() { echo "built" > $status_file if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then - echo "SIM" > .sgx_mode + echo "$SGX_MODE" > .sgx_mode else echo "HW" > .sgx_mode fi @@ -520,8 +529,13 @@ cmd_mount() { SGX_MODE=$(cat $instance_dir/.sgx_mode) if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then - sefs_cli="$occlum_dir/build/bin/sefs-cli_sim" - sefs_cli_lib="$occlum_dir/build/lib/libsefs-cli_sim.so" + if [[ "$SGX_MODE" != "HYPER" ]]; then + sefs_cli="$occlum_dir/build/bin/sefs-cli_sim" + sefs_cli_lib="$occlum_dir/build/lib/libsefs-cli_sim.so" + else + sefs_cli="$occlum_dir/build/bin/sefs-cli_hyper" + sefs_cli_lib="$occlum_dir/build/lib/libsefs-cli_hyper.so" + fi echo "SGX mode: $SGX_MODE" else sefs_cli="$occlum_dir/build/bin/sefs-cli"