76f91a1aa3
1. Add Occlum.json as Occlum's config file 2. Add tools/bin/build_enclave 3. Add tools/bin/protect_integrity 4. Validate Occlum.json.protected on LibOS startup 5. Parse Occlum.json.protected on LibOS startup 6. Config enclave size using Occlum.json 7. Config process memory sizes using Occlum.json
94 lines
2.7 KiB
Bash
Executable File
94 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
working_dir=`pwd`
|
|
this_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
|
project_dir="$( cd "$( dirname "$this_dir/../../../" )" >/dev/null 2>&1 && pwd )"
|
|
|
|
SGX_SDK="${SGX_SDK:-/opt/intel/sgxsdk}"
|
|
|
|
occlum_conf_json_path=$1
|
|
enclave_conf_xml_path=$2
|
|
enclave_key_pem_path=$3
|
|
protected_occlum_conf_json_path=`basename $occlum_conf_json_path`".protected"
|
|
|
|
occlum_conf_file_mac=
|
|
occlum_user_space_size=
|
|
|
|
|
|
report_arg_error() {
|
|
echo $1
|
|
echo ""
|
|
echo "Usage: occlum-build-enclave Occlum.json Enclave.xml Enclave.pem"
|
|
}
|
|
|
|
protect_occlum_json() {
|
|
cd $working_dir
|
|
"$project_dir/tools/bin/protect-integrity" protect $occlum_conf_json_path
|
|
}
|
|
|
|
print_occlum_conf_file_mac() {
|
|
cd $working_dir
|
|
"$project_dir/tools/bin/protect-integrity" show-mac $protected_occlum_conf_json_path
|
|
}
|
|
|
|
print_occlum_user_space_size() {
|
|
cd $working_dir
|
|
local size_with_unit=`cat $occlum_conf_json_path | \
|
|
python -c "import sys, json; print json.load(sys.stdin)['vm']['user_space_size']"`
|
|
numfmt --from=iec ${size_with_unit::-1}
|
|
}
|
|
|
|
build_enclave_so() {
|
|
cd $project_dir/src/libos/
|
|
make clean-builtin
|
|
make
|
|
}
|
|
|
|
sign_enclave_so() {
|
|
cd $working_dir
|
|
rm -f libocclum.signed.so
|
|
local enclave_so_path="$project_dir/src/libos/libocclum.so"
|
|
$SGX_SDK/bin/x64/sgx_sign sign \
|
|
-key $enclave_key_pem_path \
|
|
-enclave $enclave_so_path \
|
|
-out "libocclum.signed.so" \
|
|
-config $enclave_conf_xml_path
|
|
}
|
|
|
|
# ===========================================================================
|
|
# Parse input arguments
|
|
# ===========================================================================
|
|
|
|
if [[ $occlum_conf_json_path != *.json ]] ; then
|
|
report_arg_error "Error: Expect a JSON file as the first argument!"
|
|
exit -1
|
|
fi
|
|
if [[ $enclave_conf_xml_path != *.xml ]] ; then
|
|
report_arg_error "Error: Expect a XML file as the second argument!"
|
|
exit -1
|
|
fi
|
|
if [[ $enclave_key_pem_path != *.pem ]] ; then
|
|
report_arg_error "Error: Expect a PEM file as the third argument!"
|
|
exit -1
|
|
fi
|
|
|
|
# ===========================================================================
|
|
# Build Occlum.json.protected and libocclum.signed.so
|
|
# ===========================================================================
|
|
|
|
set -e
|
|
|
|
protect_occlum_json
|
|
echo "GEN => $protected_occlum_conf_json_path"
|
|
|
|
export OCCLUM_BUILTIN_CONF_FILE_MAC=`print_occlum_conf_file_mac`
|
|
echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC"
|
|
|
|
export OCCLUM_BUILTIN_VM_USER_SPACE_SIZE=`print_occlum_user_space_size`
|
|
echo "EXPORT => OCCLUM_BUILTIN_VM_USER_SPACE_SIZE = $OCCLUM_BUILTIN_VM_USER_SPACE_SIZE"
|
|
|
|
build_enclave_so
|
|
|
|
sign_enclave_so
|
|
echo "SIGN => libocclum.signed.so"
|