942321363d
Update the occlum.json to align with the gen_enclave_conf design.
Below is the two updated structures:
"metadata": {
"product_id": 0,
"version_number": 0,
"debuggable": true
},
"resource_limits": {
"max_num_of_threads": 32,
"kernel_space_heap_size": "32MB",
"kernel_space_stack_size": "1MB",
"user_space_size": "256MB"
}
99 lines
2.9 KiB
Bash
Executable File
99 lines
2.9 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
working_dir=`pwd`
|
|
this_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
|
project_dir="$( cd "$( dirname "$this_dir/../../../" )" >/dev/null 2>&1 && pwd )"
|
|
|
|
SGX_SDK="${SGX_SDK:-/opt/intel/sgxsdk}"
|
|
|
|
occlum_conf_json_path=$1
|
|
enclave_key_pem_path=$2
|
|
protected_occlum_conf_json_path=`basename $occlum_conf_json_path`".protected"
|
|
|
|
occlum_conf_file_mac=
|
|
occlum_user_space_size=
|
|
|
|
|
|
report_arg_error() {
|
|
echo $1
|
|
echo ""
|
|
echo "Usage: occlum-build-enclave Occlum.json Enclave.pem"
|
|
}
|
|
|
|
protect_occlum_json() {
|
|
cd $working_dir
|
|
"$project_dir/tools/bin/protect-integrity" protect $occlum_conf_json_path
|
|
}
|
|
|
|
print_occlum_conf_file_mac() {
|
|
cd $working_dir
|
|
"$project_dir/tools/bin/protect-integrity" show-mac $protected_occlum_conf_json_path
|
|
}
|
|
|
|
print_occlum_user_space_size() {
|
|
cd $working_dir
|
|
local size_with_unit=`cat $occlum_conf_json_path | \
|
|
python -c "import sys, json; print json.load(sys.stdin)['vm']['user_space_size']"`
|
|
numfmt --from=iec ${size_with_unit::-1}
|
|
}
|
|
|
|
build_enclave_so() {
|
|
cd $project_dir/src/libos/
|
|
make clean-builtin
|
|
make
|
|
}
|
|
|
|
generate_enclave_config() {
|
|
cd $working_dir
|
|
"$project_dir/tools/bin/gen_enclave_conf" -i $occlum_conf_json_path -o "enclave.config.xml"
|
|
}
|
|
|
|
sign_enclave_so() {
|
|
cd $working_dir
|
|
rm -f libocclum-libos.signed.so
|
|
local enclave_so_path="$project_dir/src/libos/libocclum-libos.so"
|
|
$SGX_SDK/bin/x64/sgx_sign sign \
|
|
-key $enclave_key_pem_path \
|
|
-enclave $enclave_so_path \
|
|
-out "libocclum-libos.signed.so" \
|
|
-config enclave.config.xml
|
|
rm -f enclave.config.xml
|
|
}
|
|
|
|
# ===========================================================================
|
|
# Parse input arguments
|
|
# ===========================================================================
|
|
|
|
if [[ $occlum_conf_json_path != *.json ]] ; then
|
|
report_arg_error "Error: Expect a JSON file as the first argument!"
|
|
exit -1
|
|
fi
|
|
if [[ $enclave_conf_xml_path != *.xml ]] ; then
|
|
report_arg_error "Error: Expect a XML file as the second argument!"
|
|
exit -1
|
|
fi
|
|
if [[ $enclave_key_pem_path != *.pem ]] ; then
|
|
report_arg_error "Error: Expect a PEM file as the third argument!"
|
|
exit -1
|
|
fi
|
|
|
|
# ===========================================================================
|
|
# Build Occlum.json.protected and libocclum-libos.signed.so
|
|
# ===========================================================================
|
|
|
|
set -e
|
|
|
|
protect_occlum_json
|
|
echo "GEN => $protected_occlum_conf_json_path"
|
|
|
|
export OCCLUM_BUILTIN_CONF_FILE_MAC=`print_occlum_conf_file_mac`
|
|
echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC"
|
|
|
|
export OCCLUM_BUILTIN_VM_USER_SPACE_SIZE=`print_occlum_user_space_size`
|
|
echo "EXPORT => OCCLUM_BUILTIN_VM_USER_SPACE_SIZE = $OCCLUM_BUILTIN_VM_USER_SPACE_SIZE"
|
|
|
|
build_enclave_so
|
|
generate_enclave_config
|
|
sign_enclave_so
|
|
echo "SIGN => libocclum-libos.signed.so"
|