From 496a40038b5b062e8b9223727b32fa1f453de6f9 Mon Sep 17 00:00:00 2001 From: Bruno Vavala Date: Mon, 25 Mar 2024 23:55:30 +0000 Subject: [PATCH] consolidate sgx targets/dependencies and use the sgx_ prefix consistently; check definitions of PDO_ENCLAVE_CODE_SIGN_PEM and PDO_SGX_KEY_ROOT at build time; add user-friendly logs and error logs Signed-off-by: Bruno Vavala --- docker/Makefile | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/docker/Makefile b/docker/Makefile index 4182c29b..f1eb96bb 100644 --- a/docker/Makefile +++ b/docker/Makefile @@ -71,7 +71,7 @@ build_% : repository --tag pdo_$*:$(PDO_VERSION) \ --file '$(DOCKER_DIR)'/pdo_$*.dockerfile . -build_sgx_services : repository +sgx_build_services : repository build_services_base docker build $(DOCKER_ARGS) \ --build-arg PDO_VERSION=$(PDO_VERSION) \ --build-arg SGX_MODE=HW \ @@ -84,8 +84,6 @@ build_services: build_services_base build_services_base: build_base build_ccf: build_ccf_base -build_sgx_services: build_services_base - clean_% : docker rmi -f pdo_$*:$(PDO_VERSION) @@ -123,9 +121,20 @@ stop_client : repository : # if an enclave signing key is available on the host, copy that under build/keys in the repo # Note: the docker build (see PDO_ENCLAVE_CODE_SIGN_PEM in environment.sh) expects the key there - [ ! -e ${PDO_ENCLAVE_CODE_SIGN_PEM} ] ||\ - (test ${PDO_ENCLAVE_CODE_SIGN_PEM} -ef ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem || \ - cp ${PDO_ENCLAVE_CODE_SIGN_PEM} ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem) + if [ ! -z "${PDO_ENCLAVE_CODE_SIGN_PEM}" ]; then \ + if [ -z "${PDO_SGX_KEY_ROOT}" ]; then \ + echo "Error: PDO_SGX_KEY_ROOT not defined; check environment variables"; exit 1; \ + fi ;\ + if [ -e ${PDO_ENCLAVE_CODE_SIGN_PEM} ]; then \ + echo "Enclave code signing key: using ${PDO_ENCLAVE_CODE_SIGN_PEM}"; \ + (test ${PDO_ENCLAVE_CODE_SIGN_PEM} -ef ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem || \ + cp ${PDO_ENCLAVE_CODE_SIGN_PEM} ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem); \ + else \ + echo "Enclave code signing key: unavailable, a new one will be generated"; \ + fi \ + else \ + echo "Enclave code signing key: PDO_ENCLAVE_CODE_SIGN_PEM undefined, a new one will be generated"; \ + fi # clone the repo git clone --single-branch --branch $(PDO_BRANCH) --recurse-submodules '$(PDO_REPO)' repository @@ -163,13 +172,16 @@ test : clean_config clean_repository build_test stop_all PDO_VERSION=$(PDO_VERSION) docker-compose $(TEST_FILES) up --abort-on-container-exit PDO_VERSION=$(PDO_VERSION) docker-compose $(TEST_FILES) down -sgx_build_test : repository build_sgx_services build_ccf build_client +sgx_build_test : repository sgx_build_services build_ccf build_client sgx_keys : # test for key availability and make keys available to the container through xfer - test -f ${PDO_SGX_KEY_ROOT}/sgx_spid_api_key.txt - test -f ${PDO_SGX_KEY_ROOT}/sgx_spid.txt - test -f ${PDO_SGX_KEY_ROOT}/sgx_ias_key.pem + if [ -z "${PDO_SGX_KEY_ROOT}" ]; then \ + echo "Error: PDO_SGX_KEY_ROOT not defined; check environment variables"; exit 1; \ + fi + test -f ${PDO_SGX_KEY_ROOT}/sgx_spid_api_key.txt || (echo "Error: check SGX collateral"; exit 1) + test -f ${PDO_SGX_KEY_ROOT}/sgx_spid.txt || (echo "Error: check SGX collateral"; exit 1) + test -f ${PDO_SGX_KEY_ROOT}/sgx_ias_key.pem || (echo "Error: check SGX collateral"; exit 1) cp ${PDO_SGX_KEY_ROOT}/* '$(DOCKER_DIR)'/xfer/services/keys/sgx/ sgx_test : clean_config clean_repository sgx_build_test stop_all sgx_keys