Skip to content

Commit

Permalink
Ensure types crates don't use alloc with CI
Browse files Browse the repository at this point in the history
Update the crates to build with the `thumbv7m-none-eabi` target using
only the `core` crate from std
  • Loading branch information
nick-mobilecoin committed Oct 24, 2022
1 parent 21b6ca2 commit 0f7228c
Show file tree
Hide file tree
Showing 10 changed files with 102 additions and 7 deletions.
21 changes: 21 additions & 0 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,27 @@ jobs:
with:
files: lcov.info

build-no-alloc:
runs-on: ubuntu-20.04
needs:
- "rustfmt"
- "markdown-lint"
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/sgxsdk
- uses: r7kamura/rust-problem-matchers@v1
- name: Build types with no alloc crate
# Some notes on this build command:
# - The vendored headers are used to get the necessary DCAP headers
# - The installed `tlibc` is used to get a compilable `time.h` for the target.
# - In the unlikely event that `thumbv7m-none-eabi` was installed with rustup, this would error out with
# duplicate core symbols due to `-Z build-std=core`.
run: |
cargo metadata --no-deps --format-version=1 | \
jq -r '.packages[].name' | \
grep -e types | \
xargs -n1 sh -c 'CFLAGS="-isystemcore/build/headers -isystem/opt/intel/sgxsdk/include/tlibc" cargo build -Z build-std=core --target thumbv7m-none-eabi -p $0 || exit 255'
notify:
runs-on: ubuntu-latest
if: failure() && ${{ github.event_name }} == 'push'
Expand Down
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,14 @@ exclude = [
"test_enclave",
]

# We need to explicitly specify resolver 2.
# We shouldn't have to per https://doc.rust-lang.org/edition-guide/rust-2021/default-cargo-resolver.html, however if you
# remove this, `getrandom` will fail trying to find `std` when building `mc-sgx-core-types`. This is because
# `mc-sgx-core-types` uses `rand` in it's `dev-dependencies`. `rand` will use the `std` feature of `getrandom`, however
# being in `dev-dependencies` it shouldn't normally get pulled in during a build.
# Even specifying `edition = "2021"` here will not fix this
resolver = "2"

[profile.dev]
opt-level = 0
lto = true
Expand Down
24 changes: 24 additions & 0 deletions core/build/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,30 @@

Utilities for compiling FFI wrappers to SGX libraries.

## Environment Variables

Below are environment variables that affect the building of the SGX FFI
wrappers.

- `SGX_SDK` The path to the Intel SGX SDK. Provides:

1. The location of the SGX SDK headers.

Note: the DCAP headers are assumed to be in the default system include path
2. The location of the SGX SDK libraries for linking

When `SGX_SDK` is not set:

1. The vendored local directory `headers/` will be used for compile time
includes
2. `/opt/intel/sgxsdk` will be used as the linking directory for SGX SDK
libraries

- `CFLAGS` - Used when generating the rust bindings. Useful to specify
system include paths. Multiple arguments can be separated with whitespace.
This does **not** support escaped whitespace as specified in
<https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html>

[crate-image]: https://img.shields.io/crates/v/mc-sgx-core-build.svg?style=flat-square
[crate-link]: https://crates.io/crates/mc-sgx-core-build
[license-image]: https://img.shields.io/crates/l/mc-sgx-core-build?style=flat-square
Expand Down
21 changes: 21 additions & 0 deletions core/build/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -69,13 +69,34 @@ pub fn sgx_builder() -> Builder {
.ctypes_prefix("core::ffi")
.allowlist_recursively(false)
.parse_callbacks(Box::new(SgxParseCallbacks::default()))
.clang_args(env_c_flags())
.clang_arg(&format!("-I{}", include_path));

cargo_emit::rerun_if_changed!(include_path);

builder
}

// Gets the `CFLAGS` from the environment, if any. When there are no `CLFAGS`
// will return an empty vector.
// The `CFLAGS` will be split on whitespace in order to allow for multiple
// arguments. This does *not* attempt to handle escaped shell characters,
// https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
fn env_c_flags() -> Vec<String> {
let env_flags = env::var("CFLAGS").ok();
let c_flags = env_flags.map_or_else(
|| vec![],
|flags| {
flags
.split_whitespace()
.into_iter()
.map(|t| String::from(t))
.collect::<Vec<_>>()
},
);
c_flags
}

/// SGXParseCallbacks to be used with [bindgen::Builder::parse_callbacks]
///
/// This provides a default implementation for most of the SGX libraries
Expand Down
5 changes: 5 additions & 0 deletions core/types/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,11 @@ mc-sgx-util = { path = "../../util", version = "=0.3.1-beta.0" }
rand_core = { version = "0.6.4", default-features = false }
serde = { version = "1.0.145", default-features = false, features = ["derive"], optional = true }

# `getrandom` is pulled in by `rand_core` we only need to access it directly when registering a custom spng,
# `register_custom_getrandom`, which only happens for target_os = none
[target.'cfg(target_os = "none")'.dependencies]
getrandom = { version = "0.2", default-features = false, features = ["custom"]}

[dev-dependencies]
rand = "0.8.5"
yare = "1.0.1"
6 changes: 1 addition & 5 deletions core/types/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

//! SGX Error types

use core::result::Result as CoreResult;
use mc_sgx_core_sys_types::sgx_status_t;
use mc_sgx_util::{ResultFrom, ResultInto};

Expand All @@ -22,9 +21,6 @@ pub enum FfiError {
UnknownEnumValue(i64),
}

/// A convenience type alias for a `Result` which contains an [`Error`].
pub type Result<T> = CoreResult<T, Error>;

/// A enumeration of SGX errors.
///
/// Those listed here are the ones which are identified in the `sgx_status_t`
Expand Down Expand Up @@ -242,7 +238,7 @@ pub enum Error {
impl TryFrom<sgx_status_t> for Error {
type Error = ();

fn try_from(src: sgx_status_t) -> CoreResult<Error, ()> {
fn try_from(src: sgx_status_t) -> Result<Error, ()> {
match src {
sgx_status_t::SGX_SUCCESS => Err(()),

Expand Down
18 changes: 17 additions & 1 deletion core/types/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,27 @@ pub use crate::{
attestation_key::{AttestationKeyId, ExtendedAttestationKeyId},
attributes::{Attributes, MiscellaneousAttribute, MiscellaneousSelect},
config_id::ConfigId,
error::{Error, FfiError, Result},
error::{Error, FfiError},
key_request::{KeyName, KeyPolicy, KeyRequest, KeyRequestBuilder},
measurement::{Measurement, MrEnclave, MrSigner},
quote::QuoteNonce,
report::{Report, ReportBody, ReportData},
svn::{ConfigSvn, CpuSvn, IsvSvn},
target_info::TargetInfo,
};

// For targets that don't have a random number source we force it to always
// fail.
// Per https://docs.rs/getrandom/latest/getrandom/macro.register_custom_getrandom.html
// this function will *only* be used if getrandom doesn't know of a native
// secure spng
#[cfg(target_os = "none")]
use getrandom::register_custom_getrandom;

#[cfg(target_os = "none")]
register_custom_getrandom!(always_fail);

#[cfg(target_os = "none")]
fn always_fail(_buf: &mut [u8]) -> Result<(), getrandom::Error> {
Err(getrandom::Error::UNSUPPORTED)
}
4 changes: 3 additions & 1 deletion tservice/src/report.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@

use core::ptr;
use mc_sgx_core_sys_types::sgx_report_t;
use mc_sgx_core_types::{ReportData, Result, TargetInfo};
use mc_sgx_core_types::{ReportData, TargetInfo};
use mc_sgx_util::ResultInto;

pub type Result<T> = ::core::result::Result<T, mc_sgx_core_types::Error>;

/// Report operations that can be performed inside of an enclave
pub trait Report: Sized {
/// Creates a report for the current enclave.
Expand Down
1 change: 1 addition & 0 deletions urts/sys/types/src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
// Copyright (c) 2022 The MobileCoin Foundation

#![doc = include_str!("../README.md")]
#![no_std]
#![allow(non_camel_case_types, non_snake_case, non_upper_case_globals)]

use mc_sgx_core_sys_types::{
Expand Down

0 comments on commit 0f7228c

Please sign in to comment.