general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[hyper mode] Add compile support

Browse Source
This commit is contained in:
LI Qing 2022-01-27 18:03:31 +08:00 committed by Zongmin.Gu
parent f611e9c008
commit 66d1ebe918
8 changed files with 179 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
Makefile
View File

@ -28,17 +28,10 @@ VERSION_NUM = $(MAJOR_VER_NUM).$(MINOR_VER_NUM).$(PATCH_VER_NUM)
EXCLUDE_FILES = "libocclum-libos.so.$(MAJOR_VER_NUM)\$$|libocclum-pal.so.$(MAJOR_VER_NUM)\$$|libocclum-pal.so\$$|.a\$$|occlum-protect-integrity.so.*" EXCLUDE_FILES = "libocclum-libos.so.$(MAJOR_VER_NUM)\$$|libocclum-pal.so.$(MAJOR_VER_NUM)\$$|libocclum-pal.so\$$|.a\$$|occlum-protect-integrity.so.*"
SHELL := bash SHELL := bash
ifneq ($(SGX_MODE), HYPER)
submodule: githooks submodule: githooks init-submodule
git submodule init @rm -rf build
git submodule update $(OCCLUM_GIT_OPTIONS)
@# Try to apply the patches. If failed, check if the patches are already applied
cd deps/serde-json-sgx && git apply ../serde-json-sgx.patch >/dev/null 2>&1 || git apply ../serde-json-sgx.patch -R --check
cd deps/ringbuf && git apply ../ringbuf.patch >/dev/null 2>&1 || git apply ../ringbuf.patch -R --check
cd deps/resolv-conf && git apply ../resolv-conf.patch >/dev/null 2>&1 || git apply ../resolv-conf.patch -R --check
@# Enclaves used by tools are running in simulation mode by default to run faster. @# Enclaves used by tools are running in simulation mode by default to run faster.
@rm -rf build build_sim
@$(MAKE) SGX_MODE=SIM --no-print-directory -C tools @$(MAKE) SGX_MODE=SIM --no-print-directory -C tools
@$(MAKE) --no-print-directory -C deps/sefs/sefs-cli clean @$(MAKE) --no-print-directory -C deps/sefs/sefs-cli clean
@$(MAKE) --no-print-directory -C deps/sefs/sefs-cli no_sign SGX_MODE=HW @$(MAKE) --no-print-directory -C deps/sefs/sefs-cli no_sign SGX_MODE=HW
@ -49,9 +42,35 @@ submodule: githooks
@cp deps/sefs/sefs-cli/lib/libsefs-cli_sim.so build/lib @cp deps/sefs/sefs-cli/lib/libsefs-cli_sim.so build/lib
@cp deps/sefs/sefs-cli/lib/libsefs-cli.signed.so build/lib @cp deps/sefs/sefs-cli/lib/libsefs-cli.signed.so build/lib
@cp deps/sefs/sefs-cli/enclave/Enclave.config.xml build/sefs-cli.Enclave.xml @cp deps/sefs/sefs-cli/enclave/Enclave.config.xml build/sefs-cli.Enclave.xml
@# Build and install Occlum dcap lib @# Build and install Occlum dcap lib
@cd tools/toolchains/dcap_lib && ./build.sh @cd tools/toolchains/dcap_lib && ./build.sh
else
submodule: githooks init-submodule
@rm -rf build
@# Enclaves used by tools are running in simulation mode by default to run faster.
@$(MAKE) SGX_MODE=SIM MS_BUFFER=1 --no-print-directory -C tools
@# Apply the sefs-cli's patch for HYPER mode
cd deps/sefs && git apply ../sefs-cli_hyper.patch >/dev/null 2>&1 || git apply ../sefs-cli_hyper.patch -R --check
@$(MAKE) --no-print-directory -C deps/sefs/sefs-cli clean
@$(MAKE) --no-print-directory -C deps/sefs/sefs-cli no_sign SGX_MODE=HYPER
@cp deps/sefs/sefs-cli/bin/sefs-cli_hyper build/bin
@cp deps/sefs/sefs-cli/lib/libsefs-cli_hyper.so build/lib
@# Cleanup the Enclave_u.* and Enclave_t.* generated in HYPER mode
@$(MAKE) --no-print-directory -C deps/sefs/sefs-cli clean
@$(MAKE) --no-print-directory -C deps/sefs/sefs-cli SGX_MODE=SIM
@cp deps/sefs/sefs-cli/bin/sefs-cli_sim build/bin
@cp deps/sefs/sefs-cli/lib/libsefs-cli_sim.so build/lib
@cp deps/sefs/sefs-cli/lib/libsefs-cli.signed.so build/lib
@cp deps/sefs/sefs-cli/enclave/Enclave.config.xml build/sefs-cli.Enclave.xml
endif
init-submodule:
git submodule init
git submodule update $(OCCLUM_GIT_OPTIONS)
@# Try to apply the patches. If failed, check if the patches are already applied
cd deps/serde-json-sgx && git apply ../serde-json-sgx.patch >/dev/null 2>&1 || git apply ../serde-json-sgx.patch -R --check
cd deps/ringbuf && git apply ../ringbuf.patch >/dev/null 2>&1 || git apply ../ringbuf.patch -R --check
cd deps/resolv-conf && git apply ../resolv-conf.patch >/dev/null 2>&1 || git apply ../resolv-conf.patch -R --check
src: src:
@$(MAKE) --no-print-directory -C src @$(MAKE) --no-print-directory -C src
@ -63,22 +82,7 @@ test-glibc:
@$(MAKE) --no-print-directory -C test test-glibc @$(MAKE) --no-print-directory -C test test-glibc
OCCLUM_PREFIX ?= /opt/occlum OCCLUM_PREFIX ?= /opt/occlum
install: minimal_sgx_libs install: minimal_sgx_libs install_bins_and_libs
@# Install both libraries for HW mode and SIM mode
@$(MAKE) SGX_MODE=HW --no-print-directory -C src
@$(MAKE) SGX_MODE=SIM --no-print-directory -C src
@echo "Install libraries ..."
@mkdir -p $(OCCLUM_PREFIX)/build/bin/
@cp build/bin/* $(OCCLUM_PREFIX)/build/bin
@mkdir -p $(OCCLUM_PREFIX)/build/lib/
@# Don't copy libos library and pal library symbolic files to install dir
@cd build/lib && cp --no-dereference `ls | grep -Ev $(EXCLUDE_FILES)` $(OCCLUM_PREFIX)/build/lib/ && cd -
@# Create symbolic for pal library and libos (hardware mode)
@cd $(OCCLUM_PREFIX)/build/lib && ln -sf libocclum-pal.so.$(VERSION_NUM) libocclum-pal.so.$(MAJOR_VER_NUM) && \
ln -sf libocclum-pal.so.$(MAJOR_VER_NUM) libocclum-pal.so && \
ln -sf libocclum-libos.so.$(VERSION_NUM) libocclum-libos.so.$(MAJOR_VER_NUM) && ln -sf libocclum-libos.so.$(MAJOR_VER_NUM) libocclum-libos.so
@echo "Install headers and miscs ..." @echo "Install headers and miscs ..."
@mkdir -p $(OCCLUM_PREFIX)/include/ @mkdir -p $(OCCLUM_PREFIX)/include/
@cp -r src/pal/include/*.h $(OCCLUM_PREFIX)/include @cp -r src/pal/include/*.h $(OCCLUM_PREFIX)/include
@ -91,7 +95,49 @@ install: minimal_sgx_libs
@echo "Installation is done." @echo "Installation is done."
ifneq ($(SGX_MODE), HYPER)
install_bins_and_libs:
@# Install both libraries for HW mode and SIM mode
@$(MAKE) SGX_MODE=HW --no-print-directory -C src
@$(MAKE) SGX_MODE=SIM --no-print-directory -C src
@echo "Install libraries ..."
@mkdir -p $(OCCLUM_PREFIX)/build/bin/
@cp build/bin/* $(OCCLUM_PREFIX)/build/bin
@mkdir -p $(OCCLUM_PREFIX)/build/lib/
@# Don't copy libos library and pal library symbolic files to install dir
@cd build/lib && cp --no-dereference `ls | grep -Ev $(EXCLUDE_FILES)` $(OCCLUM_PREFIX)/build/lib/ && cd -
@# Create symbolic for pal library and libos (hardware mode)
@cd $(OCCLUM_PREFIX)/build/lib && \
ln -sf libocclum-pal.so.$(VERSION_NUM) libocclum-pal.so.$(MAJOR_VER_NUM) && \
ln -sf libocclum-pal.so.$(MAJOR_VER_NUM) libocclum-pal.so && \
ln -sf libocclum-libos.so.$(VERSION_NUM) libocclum-libos.so.$(MAJOR_VER_NUM) && \
ln -sf libocclum-libos.so.$(MAJOR_VER_NUM) libocclum-libos.so
else
install_bins_and_libs: hyper_mode_libs
@# Install both libraries for SIM mode and HYPER mode
@# Cleanup the Enclave_u.* and Enclave_t.* generated in HYPER mode
@$(MAKE) --no-print-directory -C src clean
@$(MAKE) SGX_MODE=SIM --no-print-directory -C src
@# Cleanup the Enclave_u.* and Enclave_t.* generated in SIM mode
@$(MAKE) --no-print-directory -C src clean
@$(MAKE) SGX_MODE=HYPER --no-print-directory -C src
@echo "Install libraries ..."
@mkdir -p $(OCCLUM_PREFIX)/build/bin/
@cp build/bin/* $(OCCLUM_PREFIX)/build/bin
@mkdir -p $(OCCLUM_PREFIX)/build/lib/
@# Don't copy libos library and pal library symbolic files to install dir
@cd build/lib && cp --no-dereference `ls | grep -Ev $(EXCLUDE_FILES)` $(OCCLUM_PREFIX)/build/lib/ && cd -
@# Create symbolic for pal library and libos (HYPER mode)
@cd $(OCCLUM_PREFIX)/build/lib && \
ln -sf libocclum-pal_hyper.so.$(VERSION_NUM) libocclum-pal.so.$(MAJOR_VER_NUM) && \
ln -sf libocclum-pal.so.$(MAJOR_VER_NUM) libocclum-pal.so && \
ln -sf libocclum-libos_hyper.so.$(VERSION_NUM) libocclum-libos.so.$(MAJOR_VER_NUM) && \
ln -sf libocclum-libos.so.$(MAJOR_VER_NUM) libocclum-libos.so
endif
SGX_SDK ?= /opt/intel/sgxsdk SGX_SDK ?= /opt/intel/sgxsdk
# Install minimum sgx-sdk set to support Occlum cmd execution in non-customized sgx-sdk environment # Install minimum sgx-sdk set to support Occlum cmd execution in non-customized sgx-sdk environment
minimal_sgx_libs: $(SGX_SDK)/lib64/libsgx_uae_service_sim.so $(SGX_SDK)/lib64/libsgx_quote_ex_sim.so minimal_sgx_libs: $(SGX_SDK)/lib64/libsgx_uae_service_sim.so $(SGX_SDK)/lib64/libsgx_quote_ex_sim.so
@echo "Install needed sgx-sdk tools ..." @echo "Install needed sgx-sdk tools ..."
@ -99,7 +145,7 @@ minimal_sgx_libs: $(SGX_SDK)/lib64/libsgx_uae_service_sim.so $(SGX_SDK)/lib64/li
@cp $(SGX_SDK)/lib64/{libsgx_ptrace.so,libsgx_uae_service_sim.so,libsgx_quote_ex_sim.so} $(OCCLUM_PREFIX)/sgxsdk-tools/lib64 @cp $(SGX_SDK)/lib64/{libsgx_ptrace.so,libsgx_uae_service_sim.so,libsgx_quote_ex_sim.so} $(OCCLUM_PREFIX)/sgxsdk-tools/lib64
@mkdir -p $(OCCLUM_PREFIX)/sgxsdk-tools/lib64/gdb-sgx-plugin @mkdir -p $(OCCLUM_PREFIX)/sgxsdk-tools/lib64/gdb-sgx-plugin
@cd $(SGX_SDK)/lib64/gdb-sgx-plugin/ && cp $$(ls -A | grep -v __pycache__) $(OCCLUM_PREFIX)/sgxsdk-tools/lib64/gdb-sgx-plugin @cd $(SGX_SDK)/lib64/gdb-sgx-plugin/ && cp $$(ls -A | grep -v __pycache__) $(OCCLUM_PREFIX)/sgxsdk-tools/lib64/gdb-sgx-plugin
@cd $(SGX_SDK) && cp -a --parents {bin/sgx-gdb,bin/x64/sgx_sign} $(OCCLUM_PREFIX)/sgxsdk-tools/ @cd $(SGX_SDK) && cp -a --parents {bin/sgx-gdb,bin/x64/sgx_sign*} $(OCCLUM_PREFIX)/sgxsdk-tools/
@mkdir -p $(OCCLUM_PREFIX)/sgxsdk-tools/sdk_libs && cd $(OCCLUM_PREFIX)/sgxsdk-tools/sdk_libs && \ @mkdir -p $(OCCLUM_PREFIX)/sgxsdk-tools/sdk_libs && cd $(OCCLUM_PREFIX)/sgxsdk-tools/sdk_libs && \
ln -sf ../lib64/libsgx_uae_service_sim.so libsgx_uae_service_sim.so && \ ln -sf ../lib64/libsgx_uae_service_sim.so libsgx_uae_service_sim.so && \
ln -sf ../lib64/libsgx_quote_ex_sim.so libsgx_quote_ex_sim.so ln -sf ../lib64/libsgx_quote_ex_sim.so libsgx_quote_ex_sim.so
@ -107,6 +153,17 @@ minimal_sgx_libs: $(SGX_SDK)/lib64/libsgx_uae_service_sim.so $(SGX_SDK)/lib64/li
@sed -i '/^SGX_LIBRARY_PATH=/d' $(OCCLUM_PREFIX)/sgxsdk-tools/bin/sgx-gdb @sed -i '/^SGX_LIBRARY_PATH=/d' $(OCCLUM_PREFIX)/sgxsdk-tools/bin/sgx-gdb
@cp etc/environment $(OCCLUM_PREFIX)/sgxsdk-tools/ @cp etc/environment $(OCCLUM_PREFIX)/sgxsdk-tools/
ifeq ($(SGX_MODE), HYPER)
# Install HYPER mode libs
hyper_mode_libs: $(SGX_SDK)/lib64/libsgx_uae_service_hyper.so $(SGX_SDK)/lib64/libsgx_quote_ex_hyper.so
@echo "Install needed HYPER mode libs ..."
@mkdir -p $(OCCLUM_PREFIX)/sgxsdk-tools/lib64
@cp $(SGX_SDK)/lib64/{libsgx_uae_service_hyper.so,libsgx_quote_ex_hyper.so} $(OCCLUM_PREFIX)/sgxsdk-tools/lib64
@mkdir -p $(OCCLUM_PREFIX)/sgxsdk-tools/sdk_libs && cd $(OCCLUM_PREFIX)/sgxsdk-tools/sdk_libs && \
ln -sf ../lib64/libsgx_uae_service_hyper.so libsgx_uae_service_hyper.so && \
ln -sf ../lib64/libsgx_quote_ex_hyper.so libsgx_quote_ex_hyper.so
endif
format: format:
@$(MAKE) --no-print-directory -C test format @$(MAKE) --no-print-directory -C test format
@$(MAKE) --no-print-directory -C tools format @$(MAKE) --no-print-directory -C tools format

1
src/libos/Cargo.toml
View File

@ -41,6 +41,7 @@ sgx_file_cache = [] # Cache SgxFile objects. Invalidation is unimplemented.
sgx1_exception_sim = [] # Simulate #PF and #GP exceptions on SGX 1 sgx1_exception_sim = [] # Simulate #PF and #GP exceptions on SGX 1
dcap = [] # DCAP support. The compilation relies on DCAP package. dcap = [] # DCAP support. The compilation relies on DCAP package.
cov = ["sgx_cov"] # Enable coverage colletcion. cov = ["sgx_cov"] # Enable coverage colletcion.
hyper_mode = [] # For running in hyper mode.
[target.'cfg(not(target_env = "sgx"))'.dependencies] [target.'cfg(not(target_env = "sgx"))'.dependencies]
sgx_types = { path = "../../deps/rust-sgx-sdk/sgx_types" } sgx_types = { path = "../../deps/rust-sgx-sdk/sgx_types" }

1
src/libos/Enclave.lds
View File

@ -2,6 +2,7 @@ enclave.so
{ {
global: global:
g_global_data_sim; g_global_data_sim;
g_global_data_hyper;
g_global_data; g_global_data;
enclave_entry; enclave_entry;
g_peak_heap_used; g_peak_heap_used;

23
src/libos/Makefile
View File

@ -45,12 +45,15 @@ LIBOS_LOG ?= error
LIBOS_SONAME := libocclum-libos.so.$(MAJOR_VER_NUM) LIBOS_SONAME := libocclum-libos.so.$(MAJOR_VER_NUM)
ifneq ($(SGX_MODE), HW) ifeq ($(SGX_MODE), HW)
LIBOS_CORE_LIB_NAME := occlum-libos-core_sim
LIBOS_SO_REAL := $(BUILD_DIR)/lib/libocclum-libos_sim.so.$(VERSION_NUM)
else
LIBOS_CORE_LIB_NAME := occlum-libos-core LIBOS_CORE_LIB_NAME := occlum-libos-core
LIBOS_SO_REAL := $(BUILD_DIR)/lib/libocclum-libos.so.$(VERSION_NUM) LIBOS_SO_REAL := $(BUILD_DIR)/lib/libocclum-libos.so.$(VERSION_NUM)
else ifeq ($(SGX_MODE), HYPER)
LIBOS_CORE_LIB_NAME := occlum-libos-core_hyper
LIBOS_SO_REAL := $(BUILD_DIR)/lib/libocclum-libos_hyper.so.$(VERSION_NUM)
else
LIBOS_CORE_LIB_NAME := occlum-libos-core_sim
LIBOS_SO_REAL := $(BUILD_DIR)/lib/libocclum-libos_sim.so.$(VERSION_NUM)
endif endif
LIBOS_CORE_A := $(OBJ_DIR)/libos/lib/lib$(LIBOS_CORE_LIB_NAME).a LIBOS_CORE_A := $(OBJ_DIR)/libos/lib/lib$(LIBOS_CORE_LIB_NAME).a
@ -70,10 +73,14 @@ CXX_OBJS := $(addprefix $(OBJ_DIR)/libos/,$(CXX_SRCS:.cpp=.o))
S_OBJS := $(addprefix $(OBJ_DIR)/libos/,$(S_SRCS:.S=.o)) S_OBJS := $(addprefix $(OBJ_DIR)/libos/,$(S_SRCS:.S=.o))
# Object files for simulation mode are stored in libos/src_sim # Object files for simulation mode are stored in libos/src_sim
ifneq ($(SGX_MODE), HW) ifeq ($(SGX_MODE), SIM)
C_OBJS := $(subst libos/src,libos/src_sim,$(C_OBJS)) C_OBJS := $(subst libos/src,libos/src_sim,$(C_OBJS))
CXX_OBJS := $(subst libos/src,libos/src_sim,$(CXX_OBJS)) CXX_OBJS := $(subst libos/src,libos/src_sim,$(CXX_OBJS))
S_OBJS := $(subst libos/src,libos/src_sim,$(S_OBJS)) S_OBJS := $(subst libos/src,libos/src_sim,$(S_OBJS))
else ifeq ($(SGX_MODE), HYPER)
C_OBJS := $(subst libos/src,libos/src_hyper,$(C_OBJS))
CXX_OBJS := $(subst libos/src,libos/src_hyper,$(CXX_OBJS))
S_OBJS := $(subst libos/src,libos/src_hyper,$(S_OBJS))
endif endif
ALL_BUILD_SUBDIRS := $(sort $(patsubst %/,%,$(dir $(LIBOS_SO_REAL) $(EDL_C_OBJS) $(C_OBJS) $(CXX_OBJS) $(S_OBJS)) $(RUST_TARGET_DIR) $(RUST_OUT_DIR))) ALL_BUILD_SUBDIRS := $(sort $(patsubst %/,%,$(dir $(LIBOS_SO_REAL) $(EDL_C_OBJS) $(C_OBJS) $(CXX_OBJS) $(S_OBJS)) $(RUST_TARGET_DIR) $(RUST_OUT_DIR)))
@ -127,6 +134,10 @@ ifneq ($(OCCLUM_COV),)
-Coverflow-checks=off -Cpanic=abort" -Coverflow-checks=off -Cpanic=abort"
endif endif
ifeq ($(SGX_MODE), HYPER)
LIBOS_FEATURES += hyper_mode
endif
# Release build is for production use. We enable code coverage only for debug # Release build is for production use. We enable code coverage only for debug
# build. It also simplifies the implementation as the release and debug build # build. It also simplifies the implementation as the release and debug build
# have different output paths. # have different output paths.
@ -149,7 +160,7 @@ $(OBJ_DIR)/libos/$(SRC_OBJ)/Enclave_t.o: $(OBJ_DIR)/libos/$(SRC_OBJ)/Enclave_t.c
@echo "CC <= $@" @echo "CC <= $@"
$(OBJ_DIR)/libos/$(SRC_OBJ)/Enclave_t.c: $(SGX_EDGER8R) ../Enclave.edl $(OBJ_DIR)/libos/$(SRC_OBJ)/Enclave_t.c: $(SGX_EDGER8R) ../Enclave.edl
@cd $(OBJ_DIR)/libos/$(SRC_OBJ) && $(SGX_EDGER8R) --trusted $(CUR_DIR)/../Enclave.edl --search-path $(SGX_SDK)/include --search-path $(RUST_SGX_SDK_DIR)/edl @cd $(OBJ_DIR)/libos/$(SRC_OBJ) && $(SGX_EDGER8R) $(SGX_EDGER8R_MODE) --trusted $(CUR_DIR)/../Enclave.edl --search-path $(SGX_SDK)/include --search-path $(RUST_SGX_SDK_DIR)/edl
@echo "GEN <= $@" @echo "GEN <= $@"
$(C_OBJS):$(OBJ_DIR)/libos/$(SRC_OBJ)/%.o: src/%.c $(C_OBJS):$(OBJ_DIR)/libos/$(SRC_OBJ)/%.o: src/%.c

25
src/pal/Makefile
View File

@ -3,10 +3,12 @@ include ../sgxenv.mk
LIBOCCLUM_PAL_SO := $(BUILD_DIR)/lib/libocclum-pal.so LIBOCCLUM_PAL_SO := $(BUILD_DIR)/lib/libocclum-pal.so
LIBOCCLUM_PAL_SONAME := libocclum-pal.so.$(MAJOR_VER_NUM) LIBOCCLUM_PAL_SONAME := libocclum-pal.so.$(MAJOR_VER_NUM)
ifneq ($(SGX_MODE), HW) ifeq ($(SGX_MODE), HW)
LIBOCCLUM_PAL_SO_REAL := $(BUILD_DIR)/lib/libocclum-pal_sim.so.$(VERSION_NUM)
else
LIBOCCLUM_PAL_SO_REAL := $(BUILD_DIR)/lib/libocclum-pal.so.$(VERSION_NUM) LIBOCCLUM_PAL_SO_REAL := $(BUILD_DIR)/lib/libocclum-pal.so.$(VERSION_NUM)
else ifeq ($(SGX_MODE), HYPER)
LIBOCCLUM_PAL_SO_REAL := $(BUILD_DIR)/lib/libocclum-pal_hyper.so.$(VERSION_NUM)
else
LIBOCCLUM_PAL_SO_REAL := $(BUILD_DIR)/lib/libocclum-pal_sim.so.$(VERSION_NUM)
endif endif
# A dependency on Rust SGX SDK # A dependency on Rust SGX SDK
@ -19,10 +21,13 @@ CXX_SRCS := $(sort $(wildcard src/*.cpp src/*/*.cpp))
C_OBJS := $(addprefix $(OBJ_DIR)/pal/,$(C_SRCS:.c=.o)) C_OBJS := $(addprefix $(OBJ_DIR)/pal/,$(C_SRCS:.c=.o))
CXX_OBJS := $(addprefix $(OBJ_DIR)/pal/,$(CXX_SRCS:.cpp=.o)) CXX_OBJS := $(addprefix $(OBJ_DIR)/pal/,$(CXX_SRCS:.cpp=.o))
# Object files for simulation mode are stored in libos/src_sim # Object files for simulation mode are stored in pal/src_sim
ifneq ($(SGX_MODE), HW) ifeq ($(SGX_MODE), SIM)
C_OBJS := $(subst pal/src,pal/src_sim,$(C_OBJS)) C_OBJS := $(subst pal/src,pal/src_sim,$(C_OBJS))
CXX_OBJS := $(subst pal/src,pal/src_sim,$(CXX_OBJS)) CXX_OBJS := $(subst pal/src,pal/src_sim,$(CXX_OBJS))
else ifeq ($(SGX_MODE), HYPER)
C_OBJS := $(subst pal/src,pal/src_hyper,$(C_OBJS))
CXX_OBJS := $(subst pal/src,pal/src_hyper,$(CXX_OBJS))
endif endif
HEADER_FILES := $(sort $(wildcard src/*.h include/*.h include/*/*.h)) HEADER_FILES := $(sort $(wildcard src/*.h include/*.h include/*/*.h))
@ -37,10 +42,12 @@ LINK_FLAGS := $(SGX_LFLAGS_U) -shared -L$(RUST_SGX_SDK_DIR)/sgx_ustdc/ -lsgx_ust
LINK_FLAGS += -Wl,--version-script=pal.lds LINK_FLAGS += -Wl,--version-script=pal.lds
ifndef OCCLUM_DISABLE_DCAP ifndef OCCLUM_DISABLE_DCAP
LINK_FLAGS += -lsgx_dcap_ql -lsgx_dcap_quoteverify LINK_FLAGS += -lsgx_dcap_ql -lsgx_dcap_quoteverify
ifneq ($(SGX_MODE), HW) ifeq ($(SGX_MODE), HW)
LINK_FLAGS += -lsgx_quote_ex_sim
else
LINK_FLAGS += -lsgx_quote_ex LINK_FLAGS += -lsgx_quote_ex
else ifeq ($(SGX_MODE), HYPER)
LINK_FLAGS += -lsgx_quote_ex_hyper
else
LINK_FLAGS += -lsgx_quote_ex_sim
endif endif
endif endif
@ -66,7 +73,7 @@ $(OBJ_DIR)/pal/$(SRC_OBJ)/Enclave_u.o: $(OBJ_DIR)/pal/$(SRC_OBJ)/Enclave_u.c
$(OBJ_DIR)/pal/$(SRC_OBJ)/Enclave_u.c: $(SGX_EDGER8R) ../Enclave.edl $(OBJ_DIR)/pal/$(SRC_OBJ)/Enclave_u.c: $(SGX_EDGER8R) ../Enclave.edl
@cd $(OBJ_DIR)/pal/$(SRC_OBJ) && \ @cd $(OBJ_DIR)/pal/$(SRC_OBJ) && \
$(SGX_EDGER8R) --untrusted $(CUR_DIR)/../Enclave.edl \ $(SGX_EDGER8R) $(SGX_EDGER8R_MODE) --untrusted $(CUR_DIR)/../Enclave.edl \
--search-path $(SGX_SDK)/include \ --search-path $(SGX_SDK)/include \
--search-path $(RUST_SGX_SDK_DIR)/edl/ --search-path $(RUST_SGX_SDK_DIR)/edl/
@echo "GEN <= $@" @echo "GEN <= $@"

49
src/sgxenv.mk
View File

@ -27,10 +27,12 @@ NO_COLOR := \033[0m
# Save code and object file generated during building src # Save code and object file generated during building src
OBJ_DIR := $(PROJECT_DIR)/build/internal/src OBJ_DIR := $(PROJECT_DIR)/build/internal/src
ifneq ($(SGX_MODE), HW) ifeq ($(SGX_MODE), HW)
SRC_OBJ := src_sim
else
SRC_OBJ := src SRC_OBJ := src
else ifeq ($(SGX_MODE), HYPER)
SRC_OBJ := src_hyper
else
SRC_OBJ := src_sim
endif endif
BUILD_DIR := $(PROJECT_DIR)/build BUILD_DIR := $(PROJECT_DIR)/build
@ -54,13 +56,19 @@ SGX_COMMON_CFLAGS := -Wall -std=gnu11
ifeq ($(SGX_ARCH), x86) ifeq ($(SGX_ARCH), x86)
SGX_COMMON_CFLAGS += -m32 SGX_COMMON_CFLAGS += -m32
SGX_LIBRARY_PATH := $(SGX_SDK)/lib SGX_LIBRARY_PATH := $(SGX_SDK)/lib
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign SGX_BIN_PATH := $(SGX_SDK)/bin/x86
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else else
SGX_COMMON_CFLAGS += -m64 SGX_COMMON_CFLAGS += -m64
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign SGX_BIN_PATH := $(SGX_SDK)/bin/x64
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r endif
SGX_EDGER8R := $(SGX_BIN_PATH)/sgx_edger8r
ifneq ($(SGX_MODE), HYPER)
SGX_ENCLAVE_SIGNER := $(SGX_BIN_PATH)/sgx_sign
else
SGX_ENCLAVE_SIGNER := $(SGX_BIN_PATH)/sgx_sign_hyper
SGX_EDGER8R_MODE := --sgx-mode $(SGX_MODE)
endif endif
ifeq ($(OCCLUM_RELEASE_BUILD), 1) ifeq ($(OCCLUM_RELEASE_BUILD), 1)
@ -71,18 +79,23 @@ endif
RUST_SGX_SDK_DIR := $(PROJECT_DIR)/deps/rust-sgx-sdk RUST_SGX_SDK_DIR := $(PROJECT_DIR)/deps/rust-sgx-sdk
ifneq ($(SGX_MODE), HW) ifeq ($(SGX_MODE), HW)
SGX_COMMON_CFLAGS += -D SGX_MODE_SIM
else
SGX_COMMON_CFLAGS += -D SGX_MODE_HW SGX_COMMON_CFLAGS += -D SGX_MODE_HW
else ifeq ($(SGX_MODE), HYPER)
SGX_COMMON_CFLAGS += -D SGX_MODE_HYPER
else
SGX_COMMON_CFLAGS += -D SGX_MODE_SIM
endif endif
ifneq ($(SGX_MODE), HW) ifeq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
else
Trts_Library_Name := sgx_trts Trts_Library_Name := sgx_trts
Service_Library_Name := sgx_tservice Service_Library_Name := sgx_tservice
else ifeq ($(SGX_MODE), HYPER)
Trts_Library_Name := sgx_trts_hyper
Service_Library_Name := sgx_tservice_hyper
else
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
endif endif
Crypto_Library_Name := sgx_tcrypto Crypto_Library_Name := sgx_tcrypto
KeyExchange_Library_Name := sgx_tkey_exchange KeyExchange_Library_Name := sgx_tkey_exchange
@ -95,10 +108,12 @@ SGX_CFLAGS_U := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes \
-I$(RUST_SGX_SDK_DIR)/edl -I$(SGX_SDK)/include -I$(RUST_SGX_SDK_DIR)/edl -I$(SGX_SDK)/include
SGX_CXXFLAGS_U := $(SGX_CFLAGS_U) -std=c++11 SGX_CXXFLAGS_U := $(SGX_CFLAGS_U) -std=c++11
ifneq ($(SGX_MODE), HW) ifeq ($(SGX_MODE), HW)
SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts_sim -Wl,-Bdynamic -lsgx_uae_service_sim
else
SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts -Wl,-Bdynamic -lsgx_uae_service -lsgx_enclave_common SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts -Wl,-Bdynamic -lsgx_uae_service -lsgx_enclave_common
else ifeq ($(SGX_MODE), HYPER)
SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts_hyper -Wl,-Bdynamic -lsgx_uae_service_hyper
else
SGX_LFLAGS_U := $(SGX_COMMON_CFLAGS) -lpthread -L$(SGX_LIBRARY_PATH) -Wl,-Bstatic -lsgx_urts_sim -Wl,-Bdynamic -lsgx_uae_service_sim
endif endif
# #

10
test/test_common.mk
View File

@ -26,12 +26,12 @@ else
endif endif
C_FLAGS = -Wall -Wno-return-local-addr -I../include -O2 -fPIC $(EXTRA_C_FLAGS) C_FLAGS = -Wall -Wno-return-local-addr -I../include -O2 -fPIC $(EXTRA_C_FLAGS)
ifeq ($(SGX_MODE), SIM) ifeq ($(SGX_MODE), HW)
C_FLAGS += -D SGX_MODE_SIM
else ifeq ($(SGX_MODE), SW)
C_FLAGS += -D SGX_MODE_SIM
else
C_FLAGS += -D SGX_MODE_HW C_FLAGS += -D SGX_MODE_HW
else ifeq ($(SGX_MODE), HYPER)
C_FLAGS += -D SGX_MODE_HYPER
else
C_FLAGS += -D SGX_MODE_SIM
endif endif
LINK_FLAGS = $(C_FLAGS) -pie $(EXTRA_LINK_FLAGS) LINK_FLAGS = $(C_FLAGS) -pie $(EXTRA_LINK_FLAGS)

30
tools/occlum
View File

@ -28,7 +28,11 @@ status_file=$instance_dir/.__occlum_status
if [ -f "$occlum_sgx_env" ]; then if [ -f "$occlum_sgx_env" ]; then
source $occlum_sgx_env source $occlum_sgx_env
SGX_GDB="$SGX_SDK/bin/sgx-gdb" SGX_GDB="$SGX_SDK/bin/sgx-gdb"
ENCLAVE_SIGN_TOOL="$SGX_SDK/bin/x64/sgx_sign" if [[ -n $SGX_MODE && "$SGX_MODE" == "HYPER" ]]; then
ENCLAVE_SIGN_TOOL="$SGX_SDK/bin/x64/sgx_sign_hyper"
else
ENCLAVE_SIGN_TOOL="$SGX_SDK/bin/x64/sgx_sign"
fi
ENCLAVE_SIGN_KEY="$occlum_dir/etc/template/Enclave.pem" ENCLAVE_SIGN_KEY="$occlum_dir/etc/template/Enclave.pem"
fi fi
@ -252,7 +256,7 @@ cmd_build() {
case "$1" in case "$1" in
--sign-key) [ -n "$2" ] && ENCLAVE_SIGN_KEY=$2 ; shift 2 || exit_error "empty signing key path" ;; --sign-key) [ -n "$2" ] && ENCLAVE_SIGN_KEY=$2 ; shift 2 || exit_error "empty signing key path" ;;
--sign-tool) [ -n "$2" ] && ENCLAVE_SIGN_TOOL=$2 ; shift 2 || exit_error "empty signing tool path" ;; --sign-tool) [ -n "$2" ] && ENCLAVE_SIGN_TOOL=$2 ; shift 2 || exit_error "empty signing tool path" ;;
--sgx-mode) [[ -n "$2" && "$2" != "HW" ]] && export SGX_MODE=SIM ; shift 2 || exit_error "empty sgx mode";; --sgx-mode) [[ -n "$2" && "$2" != "HW" ]] && export SGX_MODE=$2 ; shift 2 || exit_error "empty sgx mode";;
--image-key) [ -n "$2" ] && SECURE_IMAGE_KEY=$2 ; shift 2 || exit_error "empty secure image key path" ;; --image-key) [ -n "$2" ] && SECURE_IMAGE_KEY=$2 ; shift 2 || exit_error "empty secure image key path" ;;
--buildin-image-key) BUILDIN_IMAGE_KEY=true ; shift ;; --buildin-image-key) BUILDIN_IMAGE_KEY=true ; shift ;;
--force | -f) MAKE_OPTION="clean" ; shift ;; --force | -f) MAKE_OPTION="clean" ; shift ;;
@ -270,8 +274,13 @@ cmd_build() {
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$SGX_SDK/sdk_libs export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$SGX_SDK/sdk_libs
pal_lib=libocclum-pal_sim.so if [[ "$SGX_MODE" != "HYPER" ]]; then
libos_lib=libocclum-libos_sim.so pal_lib=libocclum-pal_sim.so
libos_lib=libocclum-libos_sim.so
else
pal_lib=libocclum-pal_hyper.so
libos_lib=libocclum-libos_hyper.so
fi
echo "SGX mode: $SGX_MODE" echo "SGX mode: $SGX_MODE"
else else
echo "SGX mode: HW" echo "SGX mode: HW"
@ -279,7 +288,7 @@ cmd_build() {
# If sgx mode is changed, build thoroughly again # If sgx mode is changed, build thoroughly again
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
if [ "$(cat $instance_dir/.sgx_mode 2>/dev/null)" != "SIM" ]; then if [ "$(cat $instance_dir/.sgx_mode 2>/dev/null)" != "$SGX_MODE" ]; then
MAKE_OPTION="clean" MAKE_OPTION="clean"
fi fi
else else
@ -304,7 +313,7 @@ cmd_build() {
echo "built" > $status_file echo "built" > $status_file
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
echo "SIM" > .sgx_mode echo "$SGX_MODE" > .sgx_mode
else else
echo "HW" > .sgx_mode echo "HW" > .sgx_mode
fi fi
@ -520,8 +529,13 @@ cmd_mount() {
SGX_MODE=$(cat $instance_dir/.sgx_mode) SGX_MODE=$(cat $instance_dir/.sgx_mode)
if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then if [[ -n $SGX_MODE && "$SGX_MODE" != "HW" ]]; then
sefs_cli="$occlum_dir/build/bin/sefs-cli_sim" if [[ "$SGX_MODE" != "HYPER" ]]; then
sefs_cli_lib="$occlum_dir/build/lib/libsefs-cli_sim.so" sefs_cli="$occlum_dir/build/bin/sefs-cli_sim"
sefs_cli_lib="$occlum_dir/build/lib/libsefs-cli_sim.so"
else
sefs_cli="$occlum_dir/build/bin/sefs-cli_hyper"
sefs_cli_lib="$occlum_dir/build/lib/libsefs-cli_hyper.so"
fi
echo "SGX mode: $SGX_MODE" echo "SGX mode: $SGX_MODE"
else else
sefs_cli="$occlum_dir/build/bin/sefs-cli" sefs_cli="$occlum_dir/build/bin/sefs-cli"