From 2220adaad36b415cb4db3505af9dd63941b83e42 Mon Sep 17 00:00:00 2001 From: Bruno Vavala Date: Wed, 15 May 2024 22:52:49 +0000 Subject: [PATCH] Port eservice build updates to pservice Signed-off-by: Bruno Vavala --- pservice/Makefile | 2 +- pservice/lib/libpdo_enclave/CMakeLists.txt | 16 +++++++++++++- ...e.config.xml => pdo_enclave.config.xml.in} | 2 +- .../pdo/pservice/enclave/enclave/enclave.cpp | 9 ++++---- pservice/setup.py | 21 +++++++++++++------ 5 files changed, 36 insertions(+), 14 deletions(-) rename pservice/lib/libpdo_enclave/{pdo_enclave.config.xml => pdo_enclave.config.xml.in} (96%) diff --git a/pservice/Makefile b/pservice/Makefile index ea28900a..a7a08e03 100644 --- a/pservice/Makefile +++ b/pservice/Makefile @@ -72,7 +72,7 @@ $(SWIG_TARGET) : $(SWIG_FILES) $(ENCLAVE_LIB) build : mkdir $@ - cd $@ && cmake .. -G "Unix Makefiles" + cd $@ && cmake .. $(CMAKE_OPTS) -G "Unix Makefiles" install: $(EGG_FILE) @ . $(abspath $(DSTDIR)/bin/activate) && \ diff --git a/pservice/lib/libpdo_enclave/CMakeLists.txt b/pservice/lib/libpdo_enclave/CMakeLists.txt index 75acfdd8..48fe2a06 100644 --- a/pservice/lib/libpdo_enclave/CMakeLists.txt +++ b/pservice/lib/libpdo_enclave/CMakeLists.txt @@ -22,8 +22,8 @@ PROJECT(libpdo-enclave C CXX) FILE(GLOB PROJECT_HEADERS *.h) FILE(GLOB PROJECT_SOURCES *.cpp) FILE(GLOB PROJECT_EDL enclave.edl) -FILE(GLOB PROJECT_CONFIG *.xml) FILE(GLOB PROJECT_LDS *.lds) +SET(PROJECT_CONFIG pdo_enclave.config.xml) SGX_EDGE_TRUSTED(${PROJECT_EDL} PROJECT_EDGE_SOURCES) SET (LIBPDO_ENCLAVE_EDL ${PROJECT_EDL} PARENT_SCOPE) @@ -32,6 +32,17 @@ IF(NOT EXISTS "${PDO_SOURCE_ROOT}/eservice/deps/include/eservice_mrenclave.h") MESSAGE(FATAL_ERROR "complete eservice build first; eservice mrenclave is missing") ENDIF() +# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +# Enclave configuration file +# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + +SGX_PREPARE_ENCLAVE_XML(${CMAKE_CURRENT_SOURCE_DIR}/${PROJECT_CONFIG}.in ${PROJECT_CONFIG}) +ADD_CUSTOM_TARGET(prepare_enclave_xml DEPENDS ${PROJECT_CONFIG}) +SET_PROPERTY( + TARGET prepare_enclave_xml + APPEND + PROPERTY ADDITIONAL_CLEAN_FILES ${PROJECT_CONFIG}) + # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # Compile targets # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX @@ -49,5 +60,8 @@ TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${COMMON_TRUSTED_LIBS}) TARGET_LINK_LIBRARIES(${PROJECT_NAME} -Wl,--end-group) SGX_PREPARE_TRUSTED_LINK(${PROJECT_NAME}) + +# add dependency to ensure that enclave configuration file is created before post-build sgx-sign +ADD_DEPENDENCIES(${PROJECT_NAME} prepare_enclave_xml) SGX_SIGN_ENCLAVE(${PROJECT_NAME} ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem ${PROJECT_CONFIG}) SGX_DEPLOY_FILES(${PROJECT_NAME} pservice) diff --git a/pservice/lib/libpdo_enclave/pdo_enclave.config.xml b/pservice/lib/libpdo_enclave/pdo_enclave.config.xml.in similarity index 96% rename from pservice/lib/libpdo_enclave/pdo_enclave.config.xml rename to pservice/lib/libpdo_enclave/pdo_enclave.config.xml.in index 3bfe4fca..43251fea 100644 --- a/pservice/lib/libpdo_enclave/pdo_enclave.config.xml +++ b/pservice/lib/libpdo_enclave/pdo_enclave.config.xml.in @@ -21,7 +21,7 @@ limitations under the License. 0x800000 1 1 - 0 + 1 0 0xFFFFFFFF diff --git a/pservice/pdo/pservice/enclave/enclave/enclave.cpp b/pservice/pdo/pservice/enclave/enclave/enclave.cpp index ec316fcc..472b3a01 100644 --- a/pservice/pdo/pservice/enclave/enclave/enclave.cpp +++ b/pservice/pdo/pservice/enclave/enclave/enclave.cpp @@ -356,17 +356,16 @@ namespace pdo { Enclave::QuerySgxStatus(); sgx_launch_token_t token = { 0 }; - int flags = SGX_DEBUG_FLAG; - pdo::error::ThrowSgxError((SGX_DEBUG_FLAG==0 ? SGX_ERROR_UNEXPECTED:SGX_SUCCESS), - "SGX DEBUG flag is 0 (possible cause: wrong compile flags)"); + + pdo::logger::LogV(PDO_LOG_DEBUG, "LoadEnclave, SGX_DEBUG_FLAG: %d", SGX_DEBUG_FLAG); // First attempt to load the enclave executable sgx_status_t ret = SGX_SUCCESS; - ret = this->CallSgx([this, flags, &token] () { + ret = this->CallSgx([this, &token] () { int updated = 0; return sgx_create_enclave( this->enclaveFilePath.c_str(), - flags, + SGX_DEBUG_FLAG, &token, &updated, &this->enclaveId, diff --git a/pservice/setup.py b/pservice/setup.py index 05d65a69..6addb021 100644 --- a/pservice/setup.py +++ b/pservice/setup.py @@ -60,6 +60,8 @@ module_path = 'pdo/pservice/enclave' module_src_path = os.path.join(script_dir, module_path) +debug_flag = os.environ.get('PDO_DEBUG_BUILD', False) in ("1") + compile_args = [ '-std=c++11', '-Wno-switch', @@ -109,6 +111,18 @@ os.path.join(module_src_path, 'secret_info.cpp') ] +compile_defs = [ + ('_UNTRUSTED_', 1), + ('PDO_DEBUG_BUILD', debug_flag), + ('SGX_SIMULATOR', SGX_SIMULATOR_value) +] + +# When the debug flag (PDO_DEBUG_BUILD) is set, we set the EDEBUG define +# This ensures that the SGX SDK in sgx_urts.h sets the SGX_DEBUG_FLAG to 1. +# Otherwise the SDK sets it to 0. +if debug_flag : + compile_defs.append(('EDEBUG', None)) + enclave_module = Extension( 'pdo.pservice.enclave._pdo_enclave_internal', module_files, @@ -117,12 +131,7 @@ libraries = libraries, include_dirs = include_dirs, library_dirs = library_dirs, - define_macros = [ - ('_UNTRUSTED_', 1), - ('PDO_DEBUG_BUILD', os.environ.get('PDO_DEBUG_BUILD',0)), - ('SGX_SIMULATOR', SGX_SIMULATOR_value) - ], - undef_macros = ['NDEBUG', 'EDEBUG'] + define_macros = compile_defs ) ## -----------------------------------------------------------------