Upgrade Intel SGX SDK to 2.11 and Rust SGX SDK accordingly

2020-09-15 17:31:56 +08:00 · 2020-09-15 17:31:56 +08:00 · b28aee68b7
commit b28aee68b7
parent 4031216f13
11 changed files with 91 additions and 210 deletions
--- a/deps/rust-sgx-sdk
+++ b/deps/rust-sgx-sdk
@ -1 +1 @@
-Subproject commit df76765f586cf103189a5e62355672c96f4920ce
+Subproject commit 4fdac94b9f002f432d4a10e5de80c56d3f7a10eb
--- a/deps/rust-sgx-sdk.patch
+++ b/deps/rust-sgx-sdk.patch
@ -1,7 +1,7 @@
-From ebd4f84dd2561d5ef381312ef9934a6076e62915 Mon Sep 17 00:00:00 2001
+From daf3f6e0723c28a34c80cfcc4a4c5595226f3459 Mon Sep 17 00:00:00 2001
-From: "Tate, Hongliang Tian" <tate.thl@antfin.com>
+From: "zongmin.gu" <zongmin.gzm@antgroup.com>
-Date: Wed, 3 Jun 2020 08:11:35 +0000
+Date: Tue, 15 Sep 2020 13:26:05 +0800
-Subject: [PATCH 1/4] Add support for integrity-only SGX files
+Subject: [PATCH] Update Rust SDK for Occlum
 ---
 samplecode/unit-test/enclave/src/lib.rs       |  2 +
@ -10,7 +10,8 @@ Subject: [PATCH 1/4] Add support for integrity-only SGX files
 sgx_tstd/src/sgxfs.rs                         | 39 ++++++++-
 sgx_tstd/src/sys/sgxfs.rs                     | 38 +++++++--
 sgx_types/src/function.rs                     |  6 +-
- 6 files changed, 203 insertions(+), 7 deletions(-)
+ sgx_types/src/types.rs                        | 14 +++-
 7 files changed, 215 insertions(+), 9 deletions(-)
 diff --git a/samplecode/unit-test/enclave/src/lib.rs b/samplecode/unit-test/enclave/src/lib.rs
 index b9ea49be..d740753f 100644
@ -75,10 +76,10 @@ index 766ba674..eeefd9eb 100644
 +    assert!(remove_result.is_ok());
 +}
 diff --git a/sgx_tprotected_fs/src/fs.rs b/sgx_tprotected_fs/src/fs.rs
-index 93767e4b..9ddac357 100644
+index 241a7d7f..69608907 100644
 --- a/sgx_tprotected_fs/src/fs.rs
 +++ b/sgx_tprotected_fs/src/fs.rs
-@@ -35,6 +35,15 @@ unsafe fn rsgx_fopen(filename: &CStr, mode: &CStr, key: &sgx_key_128bit_t) -> Sy
+@@ -39,6 +39,15 @@ unsafe fn rsgx_fopen(filename: &CStr, mode: &CStr, key: &sgx_key_128bit_t) -> Sy
     }
 }
@ -94,7 +95,7 @@ index 93767e4b..9ddac357 100644
 unsafe fn rsgx_fopen_auto_key(filename: &CStr, mode: &CStr) -> SysResult<SGX_FILE> {
     let file = sgx_fopen_auto_key(filename.as_ptr(), mode.as_ptr());
     if file.is_null() {
-@@ -192,6 +201,15 @@ unsafe fn rsgx_fimport_auto_key(filename: &CStr, key: &sgx_key_128bit_t) -> SysE
+@@ -196,6 +205,15 @@ unsafe fn rsgx_fimport_auto_key(filename: &CStr, key: &sgx_key_128bit_t) -> SysE
     }
 }
@ -108,10 +109,10 @@ index 93767e4b..9ddac357 100644
 +}
 +
 pub struct SgxFileStream {
-     stream: SGX_FILE
+     stream: SGX_FILE,
 }
@@ -275,6 +293,48 @@ impl SgxFileStream {
-         }
+         unsafe { rsgx_fopen_auto_key(filename, mode).map(|f| SgxFileStream { stream: f }) }
     }
 +    ///
@ -347,10 +348,10 @@ index 7d6f24f3..0a6acef9 100644
 pub fn remove(path: &Path) -> io::Result<()> {
 diff --git a/sgx_types/src/function.rs b/sgx_types/src/function.rs
-index 3c2db3a4..f96cd9e8 100644
+index b74afd75..527e4bf9 100644
 --- a/sgx_types/src/function.rs
 +++ b/sgx_types/src/function.rs
-@@ -629,7 +629,10 @@ extern "C" {
+@@ -644,7 +644,10 @@ extern "C" {
     pub fn sgx_fopen_auto_key(filename: *const c_char, mode: *const c_char) -> SGX_FILE;
@ -362,7 +363,7 @@ index 3c2db3a4..f96cd9e8 100644
                       size: size_t,
                       count: size_t,
                       stream: SGX_FILE) -> size_t;
-@@ -650,6 +653,7 @@ extern "C" {
+@@ -665,6 +668,7 @@ extern "C" {
     pub fn sgx_fexport_auto_key(filename: *const c_char, key: *mut sgx_key_128bit_t) -> int32_t;
     pub fn sgx_fimport_auto_key(filename: *const c_char, key: *const sgx_key_128bit_t) -> int32_t;
     pub fn sgx_fclear_cache(stream: SGX_FILE) -> int32_t;
@ -370,33 +371,30 @@ index 3c2db3a4..f96cd9e8 100644
 }
 /* intel sgx sdk 2.0 */
 -- 
 2.17.1
 From b126b99cd8cf12ac4971915d408d48a557bc5399 Mon Sep 17 00:00:00 2001
 From: "Tate, Hongliang Tian" <tate.thl@antfin.com>
 Date: Wed, 3 Jun 2020 08:35:53 +0000
 Subject: [PATCH 2/4] Add data structures for #PF and #GP exceptions
 ---
 sgx_types/src/types.rs | 11 +++++++++++
 1 file changed, 11 insertions(+)
 diff --git a/sgx_types/src/types.rs b/sgx_types/src/types.rs
-index 4f191364..651d088e 100644
+index 05cb12f2..ad639fda 100644
 --- a/sgx_types/src/types.rs
 +++ b/sgx_types/src/types.rs
-@@ -865,6 +865,8 @@ impl_enum! {
+@@ -897,8 +897,8 @@ impl_enum! {
         SGX_EXCEPTION_VECTOR_BP = 3,  /* INT 3 instruction */
         SGX_EXCEPTION_VECTOR_BR = 5,  /* BOUND instruction */
         SGX_EXCEPTION_VECTOR_UD = 6,  /* UD2 instruction or reserved opcode */
 -        SGX_EXCEPTION_VECTOR_GP = 13, /* General protection exception */
 -        SGX_EXCEPTION_VECTOR_PF = 14, /* Page fault exception */
 +        SGX_EXCEPTION_VECTOR_GP = 13, /* General protection */
 +        SGX_EXCEPTION_VECTOR_PF = 14, /* Page fault */
         SGX_EXCEPTION_VECTOR_MF = 16, /* x87 FPU floating-point or WAIT/FWAIT instruction */
         SGX_EXCEPTION_VECTOR_AC = 17, /* Any data reference in memory */
         SGX_EXCEPTION_VECTOR_XM = 19, /* SSE/SSE2/SSE3 floating-point instruction */
-@@ -922,11 +924,20 @@ cfg_if! {
+@@ -912,6 +912,7 @@ impl_enum! {
     pub enum sgx_exception_type_t {
         SGX_EXCEPTION_HARDWARE = 3,
         SGX_EXCEPTION_SOFTWARE = 6,
 +        SGX_EXCEPTION_SIMULATED = 7,
     }
 }
@@ -957,11 +958,20 @@ cfg_if! {
     }
 }
@ -420,53 +418,3 @@ index 4f191364..651d088e 100644
 -- 
 2.17.1
 From 3b224780e7f948753ef27e67677a5fc6a2a49961 Mon Sep 17 00:00:00 2001
 From: "Tate, Hongliang Tian" <tate.thl@antfin.com>
 Date: Wed, 3 Jun 2020 08:37:47 +0000
 Subject: [PATCH 3/4] Add a new exception type: simulated
 ---
 sgx_types/src/types.rs | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/sgx_types/src/types.rs b/sgx_types/src/types.rs
 index 651d088e..ef43d7d6 100644
 --- a/sgx_types/src/types.rs
 +++ b/sgx_types/src/types.rs
@@ -879,6 +879,7 @@ impl_enum!{
     pub enum sgx_exception_type_t {
         SGX_EXCEPTION_HARDWARE = 3,
         SGX_EXCEPTION_SOFTWARE = 6,
 +        SGX_EXCEPTION_SIMULATED = 7,
     }
 }
 -- 
 2.17.1
 From 53707096d65d2c2439246274328484094be28c05 Mon Sep 17 00:00:00 2001
 From: volcano <volcano_dr@163.com>
 Date: Mon, 31 Aug 2020 11:12:44 +0800
 Subject: [PATCH 4/4] fix no return value of u_malloc_ocall
 ---
 sgx_ustdc/mem.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/sgx_ustdc/mem.c b/sgx_ustdc/mem.c
 index 3dceb037..5e4aea84 100644
 --- a/sgx_ustdc/mem.c
 +++ b/sgx_ustdc/mem.c
@@ -26,6 +26,7 @@ void *u_malloc_ocall(int *error, size_t size)
     if (error) {
         *error = ret == NULL ? errno : 0;
     }
 +    return ret;
 }
 void u_free_ocall(void *p)
 -- 
 2.17.1
--- a/src/libos/Cargo.lock
+++ b/src/libos/Cargo.lock
@ -52,12 +52,6 @@ version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1d49d90015b3c36167a20fe2810c5cd875ad504b39cff3d4eae7977e6b7c1cb2"
 [[package]]
 name = "autocfg"
 version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8aac770f1885fd7e387acedd76065302551364496e46b3dd00860b2f8359b9d"
 [[package]]
 name = "bitflags"
 version = "1.2.1"
@ -97,9 +91,9 @@ dependencies = [
 [[package]]
 name = "darling"
-version = "0.9.0"
+version = "0.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fcfbcb0c5961907597a7d1148e3af036268f2b773886b8bb3eeb1e1281d3d3d6"
+checksum = "0d706e75d87e35569db781a9b5e2416cff1236a47ed380831f959382ccd5f858"
 dependencies = [
 "darling_core",
 "darling_macro",
@ -107,52 +101,52 @@ dependencies = [
 [[package]]
 name = "darling_core"
-version = "0.9.0"
+version = "0.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6afc018370c3bff3eb51f89256a6bdb18b4fdcda72d577982a14954a7a0b402c"
+checksum = "f0c960ae2da4de88a91b2d920c2a7233b400bc33cb28453a2987822d8392519b"
 dependencies = [
 "fnv",
 "ident_case",
- "proc-macro2 0.4.30",
+ "proc-macro2",
- "quote 0.6.13",
+ "quote",
 "strsim",
- "syn 0.15.44",
+ "syn",
 ]
 [[package]]
 name = "darling_macro"
-version = "0.9.0"
+version = "0.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6d8dac1c6f1d29a41c4712b4400f878cb4fcc4c7628f298dd75038e024998d1"
+checksum = "d9b5a2f4ac4969822c62224815d069952656cadc7084fdca9751e6d959189b72"
 dependencies = [
 "darling_core",
- "quote 0.6.13",
+ "quote",
- "syn 0.15.44",
+ "syn",
 ]
 [[package]]
 name = "derive_builder"
-version = "0.7.2"
+version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3ac53fa6a3cda160df823a9346442525dcaf1e171999a1cf23e67067e4fd64d4"
+checksum = "a2658621297f2cf68762a6f7dc0bb7e1ff2cfd6583daef8ee0fed6f7ec468ec0"
 dependencies = [
 "darling",
 "derive_builder_core",
- "proc-macro2 0.4.30",
+ "proc-macro2",
- "quote 0.6.13",
+ "quote",
- "syn 0.15.44",
+ "syn",
 ]
 [[package]]
 name = "derive_builder_core"
-version = "0.5.0"
+version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0288a23da9333c246bb18c143426074a6ae96747995c5819d2947b64cd942b37"
+checksum = "2791ea3e372c8495c0bc2033991d76b512cd799d07491fbd6890124db9458bef"
 dependencies = [
 "darling",
- "proc-macro2 0.4.30",
+ "proc-macro2",
- "quote 0.6.13",
+ "quote",
- "syn 0.15.44",
+ "syn",
 ]
 [[package]]
@ -193,10 +187,7 @@ dependencies = [
 [[package]]
 name = "hashbrown_tstd"
-version = "0.7.1"
+version = "0.9.0"
 dependencies = [
 "autocfg 1.0.0",
 ]
 [[package]]
 name = "ident_case"
@ -235,31 +226,13 @@ dependencies = [
 "cfg-if",
 ]
 [[package]]
 name = "proc-macro2"
 version = "0.4.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759"
 dependencies = [
 "unicode-xid 0.1.0",
 ]
 [[package]]
 name = "proc-macro2"
 version = "1.0.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "04f5f085b5d71e2188cb8271e5da0161ad52c3f227a661a3c135fdf28e258b12"
 dependencies = [
- "unicode-xid 0.2.1",
+ "unicode-xid",
 ]
 [[package]]
 name = "quote"
 version = "0.6.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1"
 dependencies = [
 "proc-macro2 0.4.30",
 ]
 [[package]]
@ -268,7 +241,7 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37"
 dependencies = [
- "proc-macro2 1.0.19",
+ "proc-macro2",
 ]
 [[package]]
@ -283,7 +256,7 @@ version = "0.6.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6d71dacdc3c88c1fde3885a3be3fbab9f35724e6ce99467f7d9c5026132184ca"
 dependencies = [
- "autocfg 0.1.7",
+ "autocfg",
 "libc",
 "rand_chacha",
 "rand_core 0.4.2",
@ -302,7 +275,7 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "556d3a1ca6600bfcbab7c7c91ccb085ac7fbbcd70e008a98742e7847f4f7bcef"
 dependencies = [
- "autocfg 0.1.7",
+ "autocfg",
 "rand_core 0.3.1",
 ]
@ -370,7 +343,7 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "abf9b09b01790cfe0364f52bf32995ea3c39f4d2dd011eac241d2914146d0b44"
 dependencies = [
- "autocfg 0.1.7",
+ "autocfg",
 "rand_core 0.4.2",
 ]
@ -463,9 +436,9 @@ dependencies = [
 name = "serde_derive"
 version = "1.0.104"
 dependencies = [
- "proc-macro2 1.0.19",
+ "proc-macro2",
- "quote 1.0.7",
+ "quote",
- "syn 1.0.34",
+ "syn",
 ]
 [[package]]
@ -582,20 +555,9 @@ checksum = "7f3eb36b47e512f8f1c9e3d10c2c1965bc992bd9cdb024fa581e2194501c83d3"
 [[package]]
 name = "strsim"
-version = "0.7.0"
+version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb4f380125926a99e52bc279241539c018323fab05ad6368b56f93d9369ff550"
+checksum = "6446ced80d6c486436db5c078dde11a9f73d42b57fb273121e160b84f63d894c"
 [[package]]
 name = "syn"
 version = "0.15.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5"
 dependencies = [
 "proc-macro2 0.4.30",
 "quote 0.6.13",
 "unicode-xid 0.1.0",
 ]
 [[package]]
 name = "syn"
@ -603,9 +565,9 @@ version = "1.0.34"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "936cae2873c940d92e697597c5eee105fb570cd5689c695806f672883653349b"
 dependencies = [
- "proc-macro2 1.0.19",
+ "proc-macro2",
- "quote 1.0.7",
+ "quote",
- "unicode-xid 0.2.1",
+ "unicode-xid",
 ]
 [[package]]
@ -614,12 +576,6 @@ version = "1.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "373c8a200f9e67a0c95e62a4f52fbf80c23b4381c05a17845531982fa99e6b33"
 [[package]]
 name = "unicode-xid"
 version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
 [[package]]
 name = "unicode-xid"
 version = "0.2.1"
--- a/src/libos/Cargo.toml
+++ b/src/libos/Cargo.toml
@ -13,7 +13,7 @@ bitvec = { version = "0.17", default-features = false, features = ["alloc"]  }
 log = "0.4"
 aligned = "0.3.4"
 lazy_static = { version = "1.1.0", features = ["spin_no_std"] } # Implies nightly
-derive_builder = "0.7.2"
+derive_builder = "0.9"
 ringbuf = { path = "../../deps/ringbuf" }
 rcore-fs = { path = "../../deps/sefs/rcore-fs" }
 rcore-fs-sefs = { path = "../../deps/sefs/rcore-fs-sefs" }
--- a/src/libos/rust-toolchain
+++ b/src/libos/rust-toolchain
@ -1 +1 @@
-nightly-2020-04-07
+nightly-2020-09-08
--- a/src/libos/src/lib.rs
+++ b/src/libos/src/lib.rs
@ -16,6 +16,8 @@
 // for may_dangle in rw_lock
 #![feature(dropck_eyepatch)]
 #![feature(option_expect_none)]
 // for UntrustedSliceAlloc in slice_alloc
 #![feature(slice_ptr_get)]
 #[macro_use]
 extern crate alloc;
--- a/src/libos/src/untrusted/alloc.rs
+++ b/src/libos/src/untrusted/alloc.rs
@ -1,5 +1,5 @@
 use super::*;
-use std::alloc::{AllocErr, AllocInit, AllocRef, Layout, MemoryBlock};
+use std::alloc::{AllocErr, AllocRef, Layout};
 use std::ptr::{self, write_bytes, NonNull};
 /// The global memory allocator for untrusted memory
@ -8,11 +8,7 @@ pub static mut UNTRUSTED_ALLOC: UntrustedAlloc = UntrustedAlloc;
 pub struct UntrustedAlloc;
 unsafe impl AllocRef for UntrustedAlloc {
-    fn alloc(
+    fn alloc(&mut self, layout: Layout) -> std::result::Result<NonNull<[u8]>, AllocErr> {
        &mut self,
        layout: Layout,
        init: AllocInit,
    ) -> std::result::Result<MemoryBlock, AllocErr> {
        if layout.size() == 0 {
            return Err(AllocErr);
        }
@ -33,12 +29,6 @@ unsafe impl AllocRef for UntrustedAlloc {
            return Err(AllocErr);
        }
        if init == AllocInit::Zeroed {
            unsafe {
                write_bytes(mem_ptr, 0, layout.size());
            }
        }
        // Sanity checks
        // Post-condition 1: alignment
        debug_assert!(mem_ptr as usize % layout.align() == 0);
@ -47,10 +37,10 @@ unsafe impl AllocRef for UntrustedAlloc {
            mem_ptr as *const u8,
            layout.size()
        ));
-        Ok(MemoryBlock {
+        Ok(NonNull::new(unsafe {
-            ptr: NonNull::new(mem_ptr).unwrap(),
+            core::slice::from_raw_parts_mut(mem_ptr, layout.size() as usize)
            size: layout.size(),
        })
        .unwrap())
    }
    unsafe fn dealloc(&mut self, ptr: NonNull<u8>, layout: Layout) {
--- a/src/libos/src/untrusted/slice_alloc.rs
+++ b/src/libos/src/untrusted/slice_alloc.rs
@ -1,5 +1,5 @@
 use super::*;
-use std::alloc::{AllocErr, AllocInit, AllocRef, Layout, MemoryBlock};
+use std::alloc::{AllocErr, AllocRef, Layout};
 use std::ptr::NonNull;
 use std::sync::atomic::{AtomicUsize, Ordering};
@ -26,12 +26,7 @@ impl UntrustedSliceAlloc {
        }
        let layout = Layout::from_size_align(buf_size, 1)?;
-        let buf_ptr = unsafe {
+        let buf_ptr = unsafe { UNTRUSTED_ALLOC.alloc(layout)?.as_mut_ptr() };
            UNTRUSTED_ALLOC
                .alloc(layout, AllocInit::Uninitialized)?
                .ptr
                .as_ptr()
        };
        let buf_pos = AtomicUsize::new(0);
        Ok(Self {
@ -52,18 +47,14 @@ impl UntrustedSliceAlloc {
            // Move self.buf_pos forward if enough space _atomically_.
            let old_pos = self
                .buf_pos
-                .fetch_update(
+                .fetch_update(Ordering::SeqCst, Ordering::SeqCst, |old_pos| {
-                    |old_pos| {
+                    let new_pos = old_pos + new_slice_len;
-                        let new_pos = old_pos + new_slice_len;
+                    if new_pos <= self.buf_size {
-                        if new_pos <= self.buf_size {
+                        Some(new_pos)
-                            Some(new_pos)
+                    } else {
-                        } else {
+                        None
-                            None
+                    }
-                        }
+                })
                    },
                    Ordering::SeqCst,
                    Ordering::SeqCst,
                )
                .map_err(|e| errno!(ENOMEM, "No enough space"))?;
            unsafe { self.buf_ptr.add(old_pos) }
        };
--- a/src/libos/src/vm/process_vm.rs
+++ b/src/libos/src/vm/process_vm.rs
@ -273,7 +273,7 @@ impl ProcessVM {
        }
        self.brk
-            .fetch_update(|old_brk| Some(new_brk), Ordering::SeqCst, Ordering::SeqCst);
+            .fetch_update(Ordering::SeqCst, Ordering::SeqCst, |old_brk| Some(new_brk));
        Ok(new_brk)
    }
--- a/tools/docker/Dockerfile.centos8.1
+++ b/tools/docker/Dockerfile.centos8.1
@ -51,16 +51,15 @@ RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
 # Install SGX SDK
 WORKDIR /tmp
-RUN git clone -b sgx_2.9.1_for_occlum https://github.com/occlum/linux-sgx && \
+RUN git clone -b sgx_2.11_for_occlum https://github.com/occlum/linux-sgx && \
-    cd linux-sgx && \
+    cd linux-sgx && make preparation && \
    ./download_prebuilt.sh && \
    ./compile_and_install.sh no_mitigation && \
    echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
    rm -rf /tmp/linux-sgx
 # Install Rust
 ENV PATH="/root/.cargo/bin:$PATH"
-ENV OCCLUM_RUST_VERSION=nightly-2020-04-07
+ENV OCCLUM_RUST_VERSION=nightly-2020-09-08
 RUN curl https://sh.rustup.rs -sSf | \
        sh -s -- --default-toolchain ${OCCLUM_RUST_VERSION} -y && \
    rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
@ -97,7 +96,7 @@ ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
 # Install the latest version of Occlum
 WORKDIR /root
-RUN git clone https://github.com/occlum/occlum && \
+RUN git clone https://github.com/occlum/occlum.git && \
    cd occlum && \
    source /root/.bashrc && \
    make submodule && \
--- a/tools/docker/Dockerfile.ubuntu18.04
+++ b/tools/docker/Dockerfile.ubuntu18.04
@ -62,21 +62,16 @@ RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
 # Install SGX SDK
 WORKDIR /tmp
-RUN git clone -b sgx_2.9.1_for_occlum https://github.com/occlum/linux-sgx && \
+RUN git clone -b sgx_2.11_for_occlum https://github.com/occlum/linux-sgx && \
    mkdir /etc/init && \
-    cd linux-sgx && \
+    cd linux-sgx && make preparation && \
-    ./download_prebuilt.sh && \
+    ./compile_and_install.sh no_mitigation && \
    cp ./external/toolset/as /usr/local/bin/ && \
    cp ./external/toolset/ld /usr/local/bin/ && \
    cp ./external/toolset/ld.gold /usr/local/bin/ && \
    cp ./external/toolset/objdump /usr/local/bin/ && \  
    ./compile_and_install.sh && \
    echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
    rm -rf /tmp/linux-sgx
 # Install Rust
 ENV PATH="/root/.cargo/bin:$PATH"
-ENV OCCLUM_RUST_VERSION=nightly-2020-04-07
+ENV OCCLUM_RUST_VERSION=nightly-2020-09-08
 RUN curl https://sh.rustup.rs -sSf | \
        sh -s -- --default-toolchain ${OCCLUM_RUST_VERSION} -y && \
    rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
		`@ -1 +1 @@`
			`Subproject commit df76765f586cf103189a5e62355672c96f4920ce`				`Subproject commit 4fdac94b9f002f432d4a10e5de80c56d3f7a10eb`