diff --git a/demos/remote_attestation/dcap/README.md b/demos/remote_attestation/dcap/README.md index 1318f12d..97fb821d 100644 --- a/demos/remote_attestation/dcap/README.md +++ b/demos/remote_attestation/dcap/README.md @@ -23,6 +23,11 @@ You can run the DCAP quote generation and verification demo, including dcap libr ./run_dcap_quote_on_occlum.sh ``` +Or if musl-libc version is expected, run +``` +./run_dcap_quote_on_occlum.sh musl +``` + ## Preinstalled DCAP package in Ubuntu 18.04 and CentOS 8.1 The DCAP package has been preinstalled in the Occlum official docker images including Ubuntu 18.04 and CentOS 8.1 since Occlum 0.19.0. The versions of DCAP diff --git a/demos/remote_attestation/dcap/c_app/Makefile b/demos/remote_attestation/dcap/c_app/Makefile index 601d66f3..5e81f43e 100644 --- a/demos/remote_attestation/dcap/c_app/Makefile +++ b/demos/remote_attestation/dcap/c_app/Makefile @@ -1,12 +1,13 @@ -CC := gcc -LIBPATH := ../dcap_lib/target/debug +CC ?= gcc +LD ?= ld +LIBPATH ?= ../dcap_lib/target/debug .PHONY: all clean all: dcap_c_test dcap_c_test: dcap_c_test.c - $(CC) $^ -fPIE -pie -o $@ -L $(LIBPATH) -ldcap_quote + $(CC) $^ -fPIE -pie -o $@ -L $(LIBPATH) -ldcap_quote -I /opt/intel/sgxsdk/include clean: rm -rf dcap_c_test diff --git a/demos/remote_attestation/dcap/c_app/dcap_quote.h b/demos/remote_attestation/dcap/c_app/dcap_quote.h index f9a19d2a..42023e28 100644 --- a/demos/remote_attestation/dcap/c_app/dcap_quote.h +++ b/demos/remote_attestation/dcap/c_app/dcap_quote.h @@ -6,7 +6,6 @@ #include "sgx_urts.h" #include "sgx_report.h" #include "sgx_qve_header.h" -#include "sgx_dcap_ql_wrapper.h" #include "sgx_pce.h" #include "sgx_error.h" diff --git a/demos/remote_attestation/dcap/dcap-musl.yaml b/demos/remote_attestation/dcap/dcap-musl.yaml new file mode 100644 index 00000000..db7dfd3a --- /dev/null +++ b/demos/remote_attestation/dcap/dcap-musl.yaml @@ -0,0 +1,16 @@ +includes: + - base.yaml +# dcap +targets: + # copy bins + - target: /bin + copy: + - files: + - ../dcap_lib/target/x86_64-unknown-linux-musl/release/examples/dcap_test + - ../c_app/dcap_c_test + # copy lib + - target: /lib + copy: + - files: + - ../dcap_lib/target/x86_64-unknown-linux-musl/release/libdcap_quote.so + diff --git a/demos/remote_attestation/dcap/dcap.yaml b/demos/remote_attestation/dcap/dcap.yaml index 29b5a5e9..ccd20e4b 100644 --- a/demos/remote_attestation/dcap/dcap.yaml +++ b/demos/remote_attestation/dcap/dcap.yaml @@ -6,11 +6,11 @@ targets: - target: /bin copy: - files: - - ../dcap_lib/target/debug/examples/dcap_test + - ../dcap_lib/target/release/examples/dcap_test - ../c_app/dcap_c_test # copy lib - target: /opt/occlum/glibc/lib copy: - files: - - ../dcap_lib/target/debug/libdcap_quote.so + - ../dcap_lib/target/release/libdcap_quote.so diff --git a/demos/remote_attestation/dcap/dcap_lib/Cargo.toml b/demos/remote_attestation/dcap/dcap_lib/Cargo.toml index cfa84335..0bb9d9cd 100644 --- a/demos/remote_attestation/dcap/dcap_lib/Cargo.toml +++ b/demos/remote_attestation/dcap/dcap_lib/Cargo.toml @@ -9,6 +9,7 @@ edition = "2018" [dependencies] sgx_types = { path = "../../../../deps/rust-sgx-sdk/sgx_types" } libc = "0.2" +cfg-if = "1.0.0" [lib] crate-type = ["cdylib", "rlib", "staticlib"] diff --git a/demos/remote_attestation/dcap/dcap_lib/src/dcap_quote.rs b/demos/remote_attestation/dcap/dcap_lib/src/dcap_quote.rs index c83d710b..100e871d 100644 --- a/demos/remote_attestation/dcap/dcap_lib/src/dcap_quote.rs +++ b/demos/remote_attestation/dcap/dcap_lib/src/dcap_quote.rs @@ -5,10 +5,24 @@ use sgx_types::{ sgx_report_data_t, sgx_ql_qv_result_t }; -const SGXIOC_GET_DCAP_QUOTE_SIZE: c_ulong = 0x80047307; -const SGXIOC_GEN_DCAP_QUOTE: c_ulong = 0xc0187308; -const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: c_ulong = 0x80047309; -const SGXIOC_VER_DCAP_QUOTE: c_ulong = 0xc030730a; +const SGXIOC_GET_DCAP_QUOTE_SIZE: u64 = 0x80047307; +const SGXIOC_GEN_DCAP_QUOTE: u64 = 0xc0187308; +const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = 0x80047309; +const SGXIOC_VER_DCAP_QUOTE: u64 = 0xc030730a; + +cfg_if::cfg_if! { + if #[cfg(target_env = "musl")] { + const IOCTL_GET_DCAP_QUOTE_SIZE: i32 = SGXIOC_GET_DCAP_QUOTE_SIZE as i32; + const IOCTL_GEN_DCAP_QUOTE: i32 = SGXIOC_GEN_DCAP_QUOTE as i32; + const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: i32 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE as i32; + const IOCTL_VER_DCAP_QUOTE: i32 = SGXIOC_VER_DCAP_QUOTE as i32; + } else { + const IOCTL_GET_DCAP_QUOTE_SIZE: u64 = SGXIOC_GET_DCAP_QUOTE_SIZE; + const IOCTL_GEN_DCAP_QUOTE: u64 = SGXIOC_GEN_DCAP_QUOTE; + const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE; + const IOCTL_VER_DCAP_QUOTE: u64 = SGXIOC_VER_DCAP_QUOTE; + } +} // Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs @@ -59,9 +73,9 @@ impl DcapQuote { println!("DcapQuote: get_quote_size"); let size: u32 = 0; - let ret = unsafe { libc::ioctl(self.fd, SGXIOC_GET_DCAP_QUOTE_SIZE, &size) }; + let ret = unsafe { libc::ioctl(self.fd, IOCTL_GET_DCAP_QUOTE_SIZE, &size) }; if ret < 0 { - panic!("IOCTRL SGXIOC_GET_DCAP_QUOTE_SIZE failed"); + panic!("IOCTRL IOCTL_GET_DCAP_QUOTE_SIZE failed"); } else { self.quote_size = size; size @@ -77,9 +91,9 @@ impl DcapQuote { quote_buf: quote_buf, }; - let ret = unsafe { libc::ioctl(self.fd, SGXIOC_GEN_DCAP_QUOTE, "e_arg) }; + let ret = unsafe { libc::ioctl(self.fd, IOCTL_GEN_DCAP_QUOTE, "e_arg) }; if ret < 0 { - Err("IOCTRL SGXIOC_GEN_DCAP_QUOTE failed") + Err("IOCTRL IOCTL_GEN_DCAP_QUOTE failed") } else { Ok( 0 ) } @@ -89,9 +103,9 @@ impl DcapQuote { println!("DcapQuote: get_supplemental_data_size"); let size: u32 = 0; - let ret = unsafe { libc::ioctl(self.fd, SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE, &size) }; + let ret = unsafe { libc::ioctl(self.fd, IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE, &size) }; if ret < 0 { - panic!("IOCTRL SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE failed"); + panic!("IOCTRL IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE failed"); } else { self.supplemental_size = size; size @@ -101,10 +115,10 @@ impl DcapQuote { pub fn verify_quote(&mut self, verify_arg: *mut IoctlVerDCAPQuoteArg) -> Result { println!("DcapQuote: verify_quote"); - let ret = unsafe { libc::ioctl(self.fd, SGXIOC_VER_DCAP_QUOTE, verify_arg) }; + let ret = unsafe { libc::ioctl(self.fd, IOCTL_VER_DCAP_QUOTE, verify_arg) }; if ret < 0 { println!("ret = {}", ret); - Err("IOCTRL SGXIOC_VER_DCAP_QUOTE failed") + Err("IOCTRL IOCTL_VER_DCAP_QUOTE failed") } else { Ok( 0 ) } diff --git a/demos/remote_attestation/dcap/run_dcap_quote_on_occlum.sh b/demos/remote_attestation/dcap/run_dcap_quote_on_occlum.sh index cfbe98f8..c59d5514 100755 --- a/demos/remote_attestation/dcap/run_dcap_quote_on_occlum.sh +++ b/demos/remote_attestation/dcap/run_dcap_quote_on_occlum.sh @@ -5,17 +5,34 @@ BLUE='\033[1;34m' NC='\033[0m' INSTANCE_DIR="occlum_instance" +if [[ $1 == "musl" ]]; then + echo "*** Build and run musl-libc dcap demo ***" + bomfile="../dcap-musl.yaml" + CC=occlum-gcc + LD=occlum-ld + CARGO=occlum-cargo + LIBPATH="../dcap_lib/target/x86_64-unknown-linux-musl/release" +else + echo "*** Build and run glibc dcap demo ***" + bomfile="../dcap.yaml" + CC=gcc + LD=ld + CARGO=cargo + LIBPATH="../dcap_lib/target/release" +fi + pushd dcap_lib -cargo build --all-targets +$CARGO build --all-targets --release popd -make -C c_app +CC=$CC LD=$LD LIBPATH=$LIBPATH make -C c_app clean +CC=$CC LD=$LD LIBPATH=$LIBPATH make -C c_app rm -rf ${INSTANCE_DIR} && occlum new ${INSTANCE_DIR} cd ${INSTANCE_DIR} rm -rf image -copy_bom -f ../dcap.yaml --root image --include-dir /opt/occlum/etc/template +copy_bom -f $bomfile --root image --include-dir /opt/occlum/etc/template occlum build