140 lines
5.3 KiB
Makefile
140 lines
5.3 KiB
Makefile
SGX_SDK ?= /opt/intel/sgxsdk
|
|
|
|
IMAGE := $(instance_dir)/image
|
|
SECURE_IMAGE := $(instance_dir)/build/mount/__ROOT/metadata
|
|
JSON_CONF := $(instance_dir)/Occlum.json
|
|
|
|
LIBOS := $(instance_dir)/build/lib/$(libos_lib).$(occlum_version)
|
|
SIGNED_ENCLAVE := $(instance_dir)/build/lib/libocclum-libos.signed.so
|
|
|
|
BIN_LINKS := occlum_exec_client occlum_exec_server occlum-run
|
|
BIN_LINKS := $(addprefix $(instance_dir)/build/bin/, $(BIN_LINKS))
|
|
|
|
LIB_LINKS := libocclum-pal.so.$(major_ver) libocclum-pal.so
|
|
LIB_LINKS := $(addprefix $(instance_dir)/build/lib/, $(LIB_LINKS))
|
|
|
|
ifneq (, $(wildcard $(IMAGE)/. ))
|
|
IMAGE_DIRS := $(shell find $(IMAGE) -type d 2>/dev/null | sed 's/ /\\ /g' || true)
|
|
IMAGE_FILES := $(shell find $(IMAGE) -type f 2>/dev/null | sed 's/ /\\ /g' || true)
|
|
endif
|
|
|
|
SHELL:=/bin/bash
|
|
|
|
define get_conf_root_fs_mac
|
|
LD_LIBRARY_PATH="$(SGX_SDK)/sdk_libs" \
|
|
"$(occlum_dir)/build/bin/occlum-protect-integrity" show-mac "$(instance_dir)/build/mount/__ROOT/metadata"
|
|
endef
|
|
|
|
define get_conf_default_stack_size
|
|
cat "$(JSON_CONF)" | \
|
|
python -c "import sys, json; print json.load(sys.stdin)['process']['default_stack_size']"
|
|
endef
|
|
|
|
define get_conf_default_heap_size
|
|
cat "$(JSON_CONF)" | \
|
|
python -c "import sys, json; print json.load(sys.stdin)['process']['default_heap_size']"
|
|
endef
|
|
|
|
define get_conf_default_mmap_size
|
|
cat "$(JSON_CONF)" | \
|
|
python -c "import sys, json; print json.load(sys.stdin)['process']['default_mmap_size']" ['resource_limits']['user_space_size']
|
|
endef
|
|
|
|
define get_conf_user_space_size
|
|
cat "$(JSON_CONF)" | \
|
|
python -c "import sys, json; print json.load(sys.stdin)['resource_limits']['user_space_size']"
|
|
endef
|
|
|
|
define get_conf_env
|
|
cat "$(JSON_CONF)" | \
|
|
python -c "import sys, json; print json.dumps(json.load(sys.stdin)['env'])"
|
|
endef
|
|
|
|
define get_conf_entry_points
|
|
cat "$(JSON_CONF)" | \
|
|
python -c "import sys, json; print json.dumps(json.load(sys.stdin)['entry_points'])"
|
|
endef
|
|
|
|
define get_occlum_conf_file_mac
|
|
LD_LIBRARY_PATH="$(SGX_SDK)/sdk_libs" \
|
|
"$(occlum_dir)/build/bin/occlum-protect-integrity" show-mac "$(instance_dir)/build/Occlum.json.protected"
|
|
endef
|
|
|
|
define parse_occlum_user_space_size
|
|
size_with_unit=$$($(get_conf_user_space_size)); echo $${size_with_unit:0:-1} | numfmt --from=iec
|
|
endef
|
|
|
|
|
|
.PHONY : all
|
|
|
|
all: $(SIGNED_ENCLAVE) $(BIN_LINKS) $(LIB_LINKS)
|
|
|
|
$(SIGNED_ENCLAVE): $(LIBOS)
|
|
@echo "Signing the enclave..."
|
|
@$(occlum_dir)/build/bin/gen_enclave_conf -i "$(instance_dir)/Occlum.json" -o "$(instance_dir)/build/Enclave.xml"
|
|
|
|
@$(ENCLAVE_SIGN_TOOL) sign \
|
|
-key $(ENCLAVE_SIGN_KEY) \
|
|
-config "$(instance_dir)/build/Enclave.xml" \
|
|
-enclave "$(instance_dir)/build/lib/libocclum-libos.so.$(major_ver)" \
|
|
-out "$(instance_dir)/build/lib/libocclum-libos.signed.so"
|
|
|
|
$(LIBOS): $(instance_dir)/build/Occlum.json.protected
|
|
@echo "Building libOS..."
|
|
@export OCCLUM_BUILTIN_CONF_FILE_MAC=`$(get_occlum_conf_file_mac)` ; \
|
|
echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $$OCCLUM_BUILTIN_CONF_FILE_MAC" ; \
|
|
export OCCLUM_BUILTIN_VM_USER_SPACE_SIZE=$$($(parse_occlum_user_space_size)) ; \
|
|
echo "EXPORT => OCCLUM_BUILTIN_VM_USER_SPACE_SIZE = $$OCCLUM_BUILTIN_VM_USER_SPACE_SIZE" ; \
|
|
cd $(instance_dir)/build/lib && \
|
|
cp "$(occlum_dir)/build/lib/$(libos_lib).$(occlum_version)" . && ln -sf "$(libos_lib).$(occlum_version)" "libocclum-libos.so.$(major_ver)" && \
|
|
ln -sf "libocclum-libos.so.$(major_ver)" libocclum-libos.so ; \
|
|
echo -e "$$OCCLUM_BUILTIN_CONF_FILE_MAC\c" > temp_mac_file && \
|
|
objcopy --update-section .builtin_config=temp_mac_file libocclum-libos.so && \
|
|
rm temp_mac_file
|
|
|
|
$(instance_dir)/build/Occlum.json.protected: $(instance_dir)/build/Occlum.json
|
|
@cd "$(instance_dir)/build" ; \
|
|
LD_LIBRARY_PATH="$(SGX_SDK)/sdk_libs" "$(occlum_dir)/build/bin/occlum-protect-integrity" protect Occlum.json ;
|
|
|
|
$(instance_dir)/build/Occlum.json: $(SECURE_IMAGE) $(JSON_CONF) | $(instance_dir)/build/lib
|
|
@export OCCLUM_CONF_ROOT_FS_MAC=`$(get_conf_root_fs_mac)` ; \
|
|
export OCCLUM_CONF_USER_SPACE_SIZE=`$(get_conf_user_space_size)` ; \
|
|
export OCCLUM_CONF_DEFAULT_STACK_SIZE=`$(get_conf_default_stack_size)` ; \
|
|
export OCCLUM_CONF_DEFAULT_HEAP_SIZE=`$(get_conf_default_heap_size)` ; \
|
|
export OCCLUM_CONF_DEFAULT_MMAP_SIZE=`$(get_conf_default_mmap_size)` ; \
|
|
export OCCLUM_CONF_ENV="`$(get_conf_env)`" ; \
|
|
export OCCLUM_CONF_ENTRY_POINTS=`$(get_conf_entry_points)` ; \
|
|
cd "$(instance_dir)/build" ; \
|
|
"$(occlum_dir)/build/bin/occlum-gen-default-occlum-json" > "Occlum.json"
|
|
|
|
$(BIN_LINKS): $(instance_dir)/build/bin/%: $(occlum_dir)/build/bin/% | $(instance_dir)/build/bin
|
|
@ln -sf $< $@
|
|
|
|
$(instance_dir)/build/bin:
|
|
@mkdir -p build/bin
|
|
|
|
$(instance_dir)/build/lib/libocclum-pal.so:
|
|
$(instance_dir)/build/lib/libocclum-pal.so.0: | $(instance_dir)/build/lib
|
|
@cp "$(occlum_dir)/build/lib/$(pal_lib).$(occlum_version)" build/lib/
|
|
@cd build/lib && ln -sf "$(pal_lib).$(occlum_version)" "libocclum-pal.so.$(major_ver)" && \
|
|
ln -sf "libocclum-pal.so.$(major_ver)" libocclum-pal.so
|
|
|
|
$(instance_dir)/build/lib:
|
|
@mkdir -p build/lib
|
|
|
|
# If image dir not exist, just use the secure Occlum FS image
|
|
ifneq ($(wildcard $(IMAGE)/. ),)
|
|
$(SECURE_IMAGE): $(IMAGE) $(IMAGE_DIRS) $(IMAGE_FILES)
|
|
@echo "Building new image..."
|
|
|
|
@rm -rf build/mount
|
|
|
|
@mkdir -p build/mount/
|
|
@cd "$(occlum_dir)/build/bin/" && \
|
|
LD_LIBRARY_PATH="$(SGX_SDK)/sdk_libs" ./sefs-cli \
|
|
--integrity-only \
|
|
"$(instance_dir)/build/mount/__ROOT" \
|
|
"$(instance_dir)/image" \
|
|
zip
|
|
endif
|