general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add dcap musl-libc demo case

Browse Source
This commit is contained in:
Zheng, Qi 2022-01-20 16:43:59 +08:00 committed by Zongmin.Gu
parent 75a66a3537
commit 6cba1c02a1
8 changed files with 74 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
demos/remote_attestation/dcap/README.md
View File

@ -23,6 +23,11 @@ You can run the DCAP quote generation and verification demo, including dcap libr
./run_dcap_quote_on_occlum.sh ./run_dcap_quote_on_occlum.sh
``` ```
Or if musl-libc version is expected, run
```
./run_dcap_quote_on_occlum.sh musl
```
## Preinstalled DCAP package in Ubuntu 18.04 and CentOS 8.1 ## Preinstalled DCAP package in Ubuntu 18.04 and CentOS 8.1
The DCAP package has been preinstalled in the Occlum official docker images The DCAP package has been preinstalled in the Occlum official docker images
including Ubuntu 18.04 and CentOS 8.1 since Occlum 0.19.0. The versions of DCAP including Ubuntu 18.04 and CentOS 8.1 since Occlum 0.19.0. The versions of DCAP

7
demos/remote_attestation/dcap/c_app/Makefile
View File

@ -1,12 +1,13 @@
CC := gcc CC ?= gcc
LIBPATH := ../dcap_lib/target/debug LD ?= ld
LIBPATH ?= ../dcap_lib/target/debug
.PHONY: all clean .PHONY: all clean
all: dcap_c_test all: dcap_c_test
dcap_c_test: dcap_c_test.c dcap_c_test: dcap_c_test.c
$(CC) $^ -fPIE -pie -o $@ -L $(LIBPATH) -ldcap_quote $(CC) $^ -fPIE -pie -o $@ -L $(LIBPATH) -ldcap_quote -I /opt/intel/sgxsdk/include
clean: clean:
rm -rf dcap_c_test rm -rf dcap_c_test

1
demos/remote_attestation/dcap/c_app/dcap_quote.h
View File

@ -6,7 +6,6 @@
#include "sgx_urts.h" #include "sgx_urts.h"
#include "sgx_report.h" #include "sgx_report.h"
#include "sgx_qve_header.h" #include "sgx_qve_header.h"
#include "sgx_dcap_ql_wrapper.h"
#include "sgx_pce.h" #include "sgx_pce.h"
#include "sgx_error.h" #include "sgx_error.h"

16
demos/remote_attestation/dcap/dcap-musl.yaml Normal file
View File

@ -0,0 +1,16 @@
includes:
- base.yaml
# dcap
targets:
# copy bins
- target: /bin
copy:
- files:
- ../dcap_lib/target/x86_64-unknown-linux-musl/release/examples/dcap_test
- ../c_app/dcap_c_test
# copy lib
- target: /lib
copy:
- files:
- ../dcap_lib/target/x86_64-unknown-linux-musl/release/libdcap_quote.so

4
demos/remote_attestation/dcap/dcap.yaml
View File

@ -6,11 +6,11 @@ targets:
- target: /bin - target: /bin
copy: copy:
- files: - files:
- ../dcap_lib/target/debug/examples/dcap_test - ../dcap_lib/target/release/examples/dcap_test
- ../c_app/dcap_c_test - ../c_app/dcap_c_test
# copy lib # copy lib
- target: /opt/occlum/glibc/lib - target: /opt/occlum/glibc/lib
copy: copy:
- files: - files:
- ../dcap_lib/target/debug/libdcap_quote.so - ../dcap_lib/target/release/libdcap_quote.so

1
demos/remote_attestation/dcap/dcap_lib/Cargo.toml
View File

@ -9,6 +9,7 @@ edition = "2018"
[dependencies] [dependencies]
sgx_types = { path = "../../../../deps/rust-sgx-sdk/sgx_types" } sgx_types = { path = "../../../../deps/rust-sgx-sdk/sgx_types" }
libc = "0.2" libc = "0.2"
cfg-if = "1.0.0"
[lib] [lib]
crate-type = ["cdylib", "rlib", "staticlib"] crate-type = ["cdylib", "rlib", "staticlib"]

38
demos/remote_attestation/dcap/dcap_lib/src/dcap_quote.rs
View File

@ -5,10 +5,24 @@ use sgx_types::{
sgx_report_data_t, sgx_ql_qv_result_t sgx_report_data_t, sgx_ql_qv_result_t
}; };
const SGXIOC_GET_DCAP_QUOTE_SIZE: c_ulong = 0x80047307; const SGXIOC_GET_DCAP_QUOTE_SIZE: u64 = 0x80047307;
const SGXIOC_GEN_DCAP_QUOTE: c_ulong = 0xc0187308; const SGXIOC_GEN_DCAP_QUOTE: u64 = 0xc0187308;
const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: c_ulong = 0x80047309; const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = 0x80047309;
const SGXIOC_VER_DCAP_QUOTE: c_ulong = 0xc030730a; const SGXIOC_VER_DCAP_QUOTE: u64 = 0xc030730a;
cfg_if::cfg_if! {
if #[cfg(target_env = "musl")] {
const IOCTL_GET_DCAP_QUOTE_SIZE: i32 = SGXIOC_GET_DCAP_QUOTE_SIZE as i32;
const IOCTL_GEN_DCAP_QUOTE: i32 = SGXIOC_GEN_DCAP_QUOTE as i32;
const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: i32 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE as i32;
const IOCTL_VER_DCAP_QUOTE: i32 = SGXIOC_VER_DCAP_QUOTE as i32;
} else {
const IOCTL_GET_DCAP_QUOTE_SIZE: u64 = SGXIOC_GET_DCAP_QUOTE_SIZE;
const IOCTL_GEN_DCAP_QUOTE: u64 = SGXIOC_GEN_DCAP_QUOTE;
const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE;
const IOCTL_VER_DCAP_QUOTE: u64 = SGXIOC_VER_DCAP_QUOTE;
}
}
// Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs // Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs
@ -59,9 +73,9 @@ impl DcapQuote {
println!("DcapQuote: get_quote_size"); println!("DcapQuote: get_quote_size");
let size: u32 = 0; let size: u32 = 0;
let ret = unsafe { libc::ioctl(self.fd, SGXIOC_GET_DCAP_QUOTE_SIZE, &size) }; let ret = unsafe { libc::ioctl(self.fd, IOCTL_GET_DCAP_QUOTE_SIZE, &size) };
if ret < 0 { if ret < 0 {
panic!("IOCTRL SGXIOC_GET_DCAP_QUOTE_SIZE failed"); panic!("IOCTRL IOCTL_GET_DCAP_QUOTE_SIZE failed");
} else { } else {
self.quote_size = size; self.quote_size = size;
size size
@ -77,9 +91,9 @@ impl DcapQuote {
quote_buf: quote_buf, quote_buf: quote_buf,
}; };
let ret = unsafe { libc::ioctl(self.fd, SGXIOC_GEN_DCAP_QUOTE, &quote_arg) }; let ret = unsafe { libc::ioctl(self.fd, IOCTL_GEN_DCAP_QUOTE, &quote_arg) };
if ret < 0 { if ret < 0 {
Err("IOCTRL SGXIOC_GEN_DCAP_QUOTE failed") Err("IOCTRL IOCTL_GEN_DCAP_QUOTE failed")
} else { } else {
Ok( 0 ) Ok( 0 )
} }
@ -89,9 +103,9 @@ impl DcapQuote {
println!("DcapQuote: get_supplemental_data_size"); println!("DcapQuote: get_supplemental_data_size");
let size: u32 = 0; let size: u32 = 0;
let ret = unsafe { libc::ioctl(self.fd, SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE, &size) }; let ret = unsafe { libc::ioctl(self.fd, IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE, &size) };
if ret < 0 { if ret < 0 {
panic!("IOCTRL SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE failed"); panic!("IOCTRL IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE failed");
} else { } else {
self.supplemental_size = size; self.supplemental_size = size;
size size
@ -101,10 +115,10 @@ impl DcapQuote {
pub fn verify_quote(&mut self, verify_arg: *mut IoctlVerDCAPQuoteArg) -> Result<i32, &'static str> { pub fn verify_quote(&mut self, verify_arg: *mut IoctlVerDCAPQuoteArg) -> Result<i32, &'static str> {
println!("DcapQuote: verify_quote"); println!("DcapQuote: verify_quote");
let ret = unsafe { libc::ioctl(self.fd, SGXIOC_VER_DCAP_QUOTE, verify_arg) }; let ret = unsafe { libc::ioctl(self.fd, IOCTL_VER_DCAP_QUOTE, verify_arg) };
if ret < 0 { if ret < 0 {
println!("ret = {}", ret); println!("ret = {}", ret);
Err("IOCTRL SGXIOC_VER_DCAP_QUOTE failed") Err("IOCTRL IOCTL_VER_DCAP_QUOTE failed")
} else { } else {
Ok( 0 ) Ok( 0 )
} }

23
demos/remote_attestation/dcap/run_dcap_quote_on_occlum.sh
View File

@ -5,17 +5,34 @@ BLUE='\033[1;34m'
NC='\033[0m' NC='\033[0m'
INSTANCE_DIR="occlum_instance" INSTANCE_DIR="occlum_instance"
if [[ $1 == "musl" ]]; then
echo "*** Build and run musl-libc dcap demo ***"
bomfile="../dcap-musl.yaml"
CC=occlum-gcc
LD=occlum-ld
CARGO=occlum-cargo
LIBPATH="../dcap_lib/target/x86_64-unknown-linux-musl/release"
else
echo "*** Build and run glibc dcap demo ***"
bomfile="../dcap.yaml"
CC=gcc
LD=ld
CARGO=cargo
LIBPATH="../dcap_lib/target/release"
fi
pushd dcap_lib pushd dcap_lib
cargo build --all-targets $CARGO build --all-targets --release
popd popd
make -C c_app CC=$CC LD=$LD LIBPATH=$LIBPATH make -C c_app clean
CC=$CC LD=$LD LIBPATH=$LIBPATH make -C c_app
rm -rf ${INSTANCE_DIR} && occlum new ${INSTANCE_DIR} rm -rf ${INSTANCE_DIR} && occlum new ${INSTANCE_DIR}
cd ${INSTANCE_DIR} cd ${INSTANCE_DIR}
rm -rf image rm -rf image
copy_bom -f ../dcap.yaml --root image --include-dir /opt/occlum/etc/template copy_bom -f $bomfile --root image --include-dir /opt/occlum/etc/template
occlum build occlum build