This is an automated email from the ASF dual-hosted git repository. shaojunwang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit 78e06fd79fb7a3b2d2b02819aa42385bf9546f48 Author: jeffery.wsj <[email protected]> AuthorDate: Fri Jul 15 10:33:04 2022 +0800 [sdk] Update Tee SDK version to 2.17 Summary: update tee sdk version to 2.17 Test Plan: all tests pass Reviewers: lei.yul, cengfeng.lzy, sanhong.lsh Issue: https://aone.alibaba-inc.com/task/43319236 CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/9398746 --- .../platform/tee_sdk_svm/edge_routines/sgx_mmap.c | 25 ++++--- .../platform/tee_sdk_svm/edge_routines/sgx_mmap.h | 5 +- .../tee_sdk_svm/edge_routines/tee_sdk_symbol.c | 87 ++++++++++++++-------- .../tee_sdk_svm/edge_routines/tee_sdk_symbol.h | 43 +++++++---- .../main/native/cpp/platform/tee_sdk_svm/Makefile | 5 +- .../platform/tee_sdk_svm/edge_routines/Makefile | 2 +- .../edge_routines/{ocall.c => ocall_svm.c} | 2 +- .../edge_routines/{ocall.h => ocall_svm.h} | 6 +- .../platform/tee_sdk_svm/edl/tee_sdk_enclave.edl | 6 +- .../config/platform/tee_sdk_svm/jni/config.mk | 4 +- tools/cicd/Dockerfile | 21 ++++-- tools/cicd/make.sh | 10 +-- 12 files changed, 137 insertions(+), 79 deletions(-) diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c index bc2fb8e..8ed5c23 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c @@ -2,30 +2,31 @@ #include <stdio.h> #include <assert.h> -#include "tee_sdk_enclave_t.h" +#include "unistd.h" #include "sgx_mmap.h" -#define PHYSICAL_PAGE_SIZE 4096 -#define VIRTUAL_PAGE_SIZE 4096 - // get memory physical page size in enclave. long physical_page_size() { - return PHYSICAL_PAGE_SIZE; + TRACE_SYMBOL_CALL(); + return getpagesize(); } // get memory physical page number in enclave. long physical_page_number() { - return get_heap_size() / PHYSICAL_PAGE_SIZE; + TRACE_SYMBOL_CALL(); + return get_heap_size() / getpagesize(); } // get memory virtual page size in enclave. long virtual_page_size() { - return VIRTUAL_PAGE_SIZE; + TRACE_SYMBOL_CALL(); + return getpagesize(); } // mmap and munmap is only partially supported in tee sdk enclave, and mmap doesn't // support memory space reserve, but support memory space allocation. void* mmap(void *hint, int size, int prot, int flags) { + TRACE_SYMBOL_CALL(); void *ptr = 0; // flags == 0x4022, svm runtime expects to reserve a memory buffer with giving start address hint; // flags == 0x22 and hint == 0x0, svm runtime expects to reserve a memory buffer, the start address depends. @@ -35,16 +36,18 @@ void* mmap(void *hint, int size, int prot, int flags) { // (int fd, off_t offset) must be (-1, 0); // parameter pro = 0x3 (0B0011) indicates allocated buffer could be read and written. // parameter flags = 0x21, because ts_mmap only support this kind of operation. - ptr = ts_mmap(hint, size, 0x3, 0x21, -1, 0); + ptr = _mmap(hint, size, 0x3, 0x21, -1, 0); } else if (flags == 0x32) { ptr = hint; } else { - printf("JavaEnclave Warning: unsupported mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); - assert(-1); + // printf("JavaEnclave Warning: unsupported mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); + ASSERT(); } + // printf("JavaEnclave Warning: mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); return ptr; } int munmap(void *addr, int size) { - return ts_munmap(addr, size); + TRACE_SYMBOL_CALL(); + return _munmap(addr, size); } \ No newline at end of file diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.h b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.h index 34350c7..411340e 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.h +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.h @@ -1,4 +1,5 @@ #include "tee_sdk_enclave_t.h" +#include "tee_sdk_symbol.h" #ifndef _SGX_MMAP_H_ #define _SGX_MMAP_H_ @@ -8,8 +9,8 @@ long physical_page_number(); long virtual_page_size(); void* mmap(void *hint, int size, int prot, int flags); int munmap(void *addr, int size); -extern void* ts_mmap(void *addr, size_t length, int prot, int flags, int fd, int offset); -extern int ts_munmap(void *addr, size_t len); +extern void* _mmap(void *addr, size_t length, int prot, int flags, int fd, int offset); +extern int _munmap(void *addr, size_t len); extern size_t get_heap_size(void); #endif /* !_SGX_MMAP_H_ */ \ No newline at end of file diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c index d34b495..5f7a22e 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c @@ -1,20 +1,6 @@ #include "tee_sdk_enclave_t.h" #include "tee_sdk_symbol.h" -//#define ENABLE_TRACE_SYSCALL -#if defined(ENABLE_TRACE_SYSCALL) -#define TRACE_SYMBOL_CALL() printf("JavaEnclave Warning: %s is called in enclave svm.\n", __FUNCTION__); -#else -#define TRACE_SYMBOL_CALL() -#endif - -//#define UNSUPPORTED_SYSCALL_SYMBOL_ASSERT -#if defined(UNSUPPORTED_SYSCALL_SYMBOL_ASSERT) -#define ASSERT() assert(-1); -#else -#define ASSERT() -#endif - void __fxstat() {TRACE_SYMBOL_CALL(); ASSERT();} void __fxstat64() {TRACE_SYMBOL_CALL(); ASSERT();} void __isnan() {TRACE_SYMBOL_CALL(); ASSERT();} @@ -25,6 +11,7 @@ void __lxstat64() {TRACE_SYMBOL_CALL(); ASSERT();} void __sched_cpucount() {TRACE_SYMBOL_CALL(); ASSERT();} void __strdup() {TRACE_SYMBOL_CALL(); ASSERT();} void __xmknod() {TRACE_SYMBOL_CALL(); ASSERT();} +void __xpg_strerror_r() {TRACE_SYMBOL_CALL(); ASSERT();} void __xstat() {TRACE_SYMBOL_CALL(); ASSERT();} void __xstat64() {TRACE_SYMBOL_CALL(); ASSERT();} void chmod() {TRACE_SYMBOL_CALL(); ASSERT();} @@ -38,48 +25,63 @@ void deflateSetHeader() {TRACE_SYMBOL_CALL(); ASSERT();} void dlopen() {TRACE_SYMBOL_CALL(); ASSERT();} void dlsym() {TRACE_SYMBOL_CALL(); ASSERT();} void endmntent() {TRACE_SYMBOL_CALL(); ASSERT();} -void fchmod() {TRACE_SYMBOL_CALL(); ASSERT();} -void fchown() {TRACE_SYMBOL_CALL(); ASSERT();} -void fpathconf() {TRACE_SYMBOL_CALL(); ASSERT();} +void fscanf() {TRACE_SYMBOL_CALL(); ASSERT();} void fstatvfs() {TRACE_SYMBOL_CALL(); ASSERT();} void fstatvfs64() {TRACE_SYMBOL_CALL(); ASSERT();} void getgrnam_r() {TRACE_SYMBOL_CALL(); ASSERT();} void getmntent_r() {TRACE_SYMBOL_CALL(); ASSERT();} void getpwnam_r() {TRACE_SYMBOL_CALL(); ASSERT();} +void inet_pton() {TRACE_SYMBOL_CALL(); ASSERT();} void inflate() {TRACE_SYMBOL_CALL(); ASSERT();} void inflateEnd() {TRACE_SYMBOL_CALL(); ASSERT();} void inflateInit2_() {TRACE_SYMBOL_CALL(); ASSERT();} void inflateReset() {TRACE_SYMBOL_CALL(); ASSERT();} void inflateSetDictionary() {TRACE_SYMBOL_CALL(); ASSERT();} +void ioctl() {TRACE_SYMBOL_CALL(); ASSERT();} void lchown() {TRACE_SYMBOL_CALL(); ASSERT();} -void lstat() {TRACE_SYMBOL_CALL(); ASSERT();} void mknod() {TRACE_SYMBOL_CALL(); ASSERT();} -void pathconf() {TRACE_SYMBOL_CALL(); ASSERT();} void pipe() {TRACE_SYMBOL_CALL(); ASSERT();} -void pthread_attr_init() {TRACE_SYMBOL_CALL(); ASSERT();} -void pthread_attr_setdetachstate() {TRACE_SYMBOL_CALL(); ASSERT();} void pthread_kill() {TRACE_SYMBOL_CALL(); ASSERT();} -void pthread_setname_np() {TRACE_SYMBOL_CALL(); ASSERT();} -void readlink() {TRACE_SYMBOL_CALL(); ASSERT();} -void realpath() {TRACE_SYMBOL_CALL(); ASSERT();} void sched_getaffinity() {TRACE_SYMBOL_CALL(); ASSERT();} void sendfile() {TRACE_SYMBOL_CALL(); ASSERT();} void sendfile64() {TRACE_SYMBOL_CALL(); ASSERT();} void setmntent() {TRACE_SYMBOL_CALL(); ASSERT();} +void sigaction() {TRACE_SYMBOL_CALL(); ASSERT();} void sigaddset() {TRACE_SYMBOL_CALL(); ASSERT();} void sigemptyset() {TRACE_SYMBOL_CALL(); ASSERT();} void sigprocmask() {TRACE_SYMBOL_CALL(); ASSERT();} void statvfs() {TRACE_SYMBOL_CALL(); ASSERT();} void statvfs64() {TRACE_SYMBOL_CALL(); ASSERT();} void symlink() {TRACE_SYMBOL_CALL(); ASSERT();} -void utimes() {TRACE_SYMBOL_CALL(); ASSERT();} +void timezone() {TRACE_SYMBOL_CALL(); ASSERT();} -int posix_memalign(void **memptr, size_t alignment, size_t size) { +char* strcat(char* dest, const char* source) { TRACE_SYMBOL_CALL(); - void* ptr = malloc(size); - if (ptr == NULL) { return -1; } - *memptr = ptr; - return 0; + if (dest == NULL || source == NULL) { return dest; } + char* p = dest; + while (*p != '\0') { p++; } + while (*source != '\0') { *p = *source; p++; source++; } + *p = '\0'; + return dest; +} + +char* strcpy(char* dest,const char* sourse) { + TRACE_SYMBOL_CALL(); + if(dest==NULL || sourse==NULL) return NULL; + char* res=dest; + while((*dest++ = *sourse++)!='\0'); + return res; +} + +char* stpcpy(char *dest, const char *src) { + TRACE_SYMBOL_CALL(); + size_t len = strlen (src); + return memcpy(dest, src, len + 1) + len; +} + +size_t __getdelim(char **lineptr, size_t *n, int delim, FILE *stream) { + TRACE_SYMBOL_CALL(); + return getdelim(lineptr, n, delim, stream); } unsigned long int pthread_self(void) { @@ -87,6 +89,21 @@ unsigned long int pthread_self(void) { return (unsigned long int)get_thread_data(); } +int pthread_attr_init(pthread_attr *attr) { + TRACE_SYMBOL_CALL(); + return 0; +} + +int pthread_setname_np() { + TRACE_SYMBOL_CALL(); + return 0; +} + +int pthread_attr_setdetachstate(pthread_attr *attr, int detachstate) { + TRACE_SYMBOL_CALL(); + return 0; +} + int pthread_attr_getstack(const pthread_attr *a, void ** addr, size_t *size) { TRACE_SYMBOL_CALL(); thread_data *self = (thread_data *)get_thread_data(); @@ -125,11 +142,21 @@ int pthread_condattr_setclock() { return 0; } +int pthread_cond_timedwait() { + TRACE_SYMBOL_CALL(); + return 0; +} + int pthread_getattr_np() { TRACE_SYMBOL_CALL(); return 0; } +int pthread_attr_setstacksize() { + TRACE_SYMBOL_CALL(); + return 0; +} + int pthread_attr_destroy() { TRACE_SYMBOL_CALL(); return 0; diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h index 56d44dd..66c9071 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h @@ -5,6 +5,20 @@ #include <stdio.h> #include <assert.h> +//#define ENABLE_TRACE_SYSCALL +#if defined(ENABLE_TRACE_SYSCALL) +#define TRACE_SYMBOL_CALL() printf("JavaEnclave Warning: %s is called in enclave svm.\n", __FUNCTION__); +#else +#define TRACE_SYMBOL_CALL() +#endif + +//#define UNSUPPORTED_SYSCALL_SYMBOL_ASSERT +#if defined(UNSUPPORTED_SYSCALL_SYMBOL_ASSERT) +#define ASSERT() assert(-1); +#else +#define ASSERT() +#endif + void __fxstat(); void __fxstat64(); void __isnan(); @@ -15,6 +29,7 @@ void __lxstat64(); void __sched_cpucount(); void __strdup(); void __xmknod(); +void __xpg_strerror_r(); void __xstat(); void __xstat64(); void chmod(); @@ -28,44 +43,41 @@ void deflateSetHeader(); void dlopen(); void dlsym(); void endmntent(); -void fchmod(); -void fchown(); -void fpathconf(); +void fscanf(); void fstatvfs(); void fstatvfs64(); void getgrnam_r(); void getmntent_r(); void getpwnam_r(); +void inet_pton(); void inflate(); void inflateEnd(); void inflateInit2_(); void inflateReset(); void inflateSetDictionary(); +void ioctl(); void lchown(); -void lstat(); void mknod(); -void pathconf(); void pipe(); -void pthread_attr_init(); -void pthread_attr_setdetachstate(); -void pthread_attr_setstacksize(); void pthread_kill(); -void pthread_setname_np(); -void readlink(); -void realpath(); void sched_getaffinity(); void sendfile(); void sendfile64(); void setmntent(); +void sigaction(); void sigaddset(); void sigemptyset(); void sigprocmask(); void statvfs(); void statvfs64(); void symlink(); -void utimes(); +void timezone(); + +char* strcat(char *restrict dest, const char *restrict src); +char* strcpy(char* dest,const char* src); +char* stpcpy(char *dest, const char *src); -int posix_memalign(void **memptr, size_t alignment, size_t size); +size_t __getdelim(char **lineptr, size_t *n, int delim, FILE *stream); unsigned long int pthread_self(); @@ -87,6 +99,8 @@ typedef struct _pthread_attr { thread_data* get_thread_data(void); unsigned long int pthread_self(void); +int pthread_attr_init(pthread_attr *attr); +int pthread_attr_setdetachstate(pthread_attr *attr, int detachstate); int pthread_attr_getstack(const pthread_attr *a, void ** addr, uint64_t *size); int pthread_attr_getguardsize(const pthread_attr *a, size_t *size); int mprotect(); @@ -103,7 +117,10 @@ typedef struct { int getrlimit(int resource, rlimit* rlim); int setrlimit(); int pthread_condattr_init(); +int pthread_setname_np(); int pthread_condattr_setclock(); +int pthread_cond_timedwait(); int pthread_attr_destroy(); +int pthread_attr_setstacksize(); #endif /* end of _TEE_SDK_SYMBOL_H */ \ No newline at end of file diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/Makefile b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/Makefile index 88dcd14..0620ffd 100644 --- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/Makefile +++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/Makefile @@ -8,9 +8,10 @@ include $(NATIVE_BASE_DIR)/config/platform/tee_sdk_svm/jni/config.mk all: build build: jni.o - $(CC) edge_routines/ocall.o edge_routines/tee_sdk_enclave_u.o jni/jni_tee_sdk_svm.o \ + $(CC) edge_routines/ocall_svm.o edge_routines/tee_sdk_enclave_u.o jni/jni_tee_sdk_svm.o \ $(TS_HOST_CFLAGS) $(TS_HOST_LDFLAGS) -fPIC -shared -o $(BIN)/platform/tee_sdk_svm/jni/lib_jni_tee_sdk_svm.so - rm -rf edge_routines/*.o edge_routines/tee_sdk_enclave_u.c jni/*.o + + rm -rf edge_routines/*.o edge_routines/tee_sdk_enclave_u.* jni/*.o edge_routines.o: $(MAKE) -C edge_routines diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/Makefile b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/Makefile index b5271b9..26b7183 100644 --- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/Makefile +++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/Makefile @@ -11,7 +11,7 @@ build: $(SGX_EDGER8R) $(CONFIG)/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl --untrusted \ --search-path $(TEE_SDK_PATH)/include - $(CC) -g -c -fPIC $(TS_HOST_INCDIR) $(TS_HOST_CFLAGS) -fPIC ocall.c + $(CC) -g -c -fPIC $(TS_HOST_INCDIR) $(TS_HOST_CFLAGS) -fPIC ocall_svm.c $(CC) -g -c -fPIC $(TS_HOST_INCDIR) $(TS_HOST_CFLAGS) -fPIC tee_sdk_enclave_u.c clean: diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.c b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.c similarity index 92% rename from sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.c rename to sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.c index 36166ee..cf31243 100644 --- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.c +++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.c @@ -1,4 +1,4 @@ -#include "ocall.h" +#include "ocall_svm.h" int ocall_getrlimit(int resource, void *rlim) { return getrlimit(resource, (struct rlimit *)rlim); diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.h b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.h similarity index 80% rename from sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.h rename to sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.h index 3940471..7ef8bb9 100644 --- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.h +++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.h @@ -1,5 +1,5 @@ -#ifndef _OCALL_H_ -#define _OCALL_H_ +#ifndef _OCALL_SVM_H_ +#define _OCALL_SVM_H_ #include <sys/resource.h> #include <sys/mman.h> @@ -17,4 +17,4 @@ extern "C" } #endif -#endif /* !_OCALL_H_ */ \ No newline at end of file +#endif /* !_OCALL_SVM_H_ */ \ No newline at end of file diff --git a/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl b/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl index b89d8db..6f61cee 100644 --- a/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl +++ b/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl @@ -1,9 +1,9 @@ enclave { include "sgx_report.h" - from "sgx_tstdc.edl" import *; - from "sgx_pthread.edl" import *; - from "openenclave/edl/syscall.edl" import *; + from "sgx_tstdc.edl" import *; + from "sgx_pthread.edl" import *; + from "sgx_stdc_ex.edl" import *; trusted { // create a graal isolate; diff --git a/sdk/native/config/platform/tee_sdk_svm/jni/config.mk b/sdk/native/config/platform/tee_sdk_svm/jni/config.mk index d402596..536f413 100644 --- a/sdk/native/config/platform/tee_sdk_svm/jni/config.mk +++ b/sdk/native/config/platform/tee_sdk_svm/jni/config.mk @@ -46,7 +46,7 @@ SGX_COMMON_CXXFLAGS := $(SGX_COMMON_FLAGS) -Wnon-virtual-dtor -std=c++11 TS_HOST_INCDIR = -I$(TEE_SDK_PATH)/include TS_HOST_CFLAGS = $(TS_HOST_INCDIR) $(SGX_COMMON_CFLAGS) TS_HOST_CXXFLAGS = $(SGX_COMMON_CXXFLAGS) -TS_HOST_LDFLAGS = -L$(SGX_LIBRARY_PATH) -Wl,-z,noexecstack -lc -l$(Urts_Library_Name) -lpthread -lsgx_usyscall -lsgx_urts +TS_HOST_LDFLAGS = -L$(SGX_LIBRARY_PATH) -Wl,-z,noexecstack -lc -l$(Urts_Library_Name) -lpthread -lsgx_ustdc_ex Enclave_Security_Link_Flags = -Wl,-z,relro,-z,now,-z,noexecstack @@ -55,7 +55,7 @@ TS_ENCLAVE_CFLAGS = $(TS_ENCLAVE_INCDIR) -nostdinc -fvisibility=hidden -fpie -ff TS_ENCLAVE_CXXFLAGS = $(TS_ENCLAVE_CFLAGS) -nostdinc++ TS_ENCLAVE_LDFLAGS = -L$(SGX_LIBRARY_PATH) $(TS_ENCLAVE_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles $(Enclave_Security_Link_Flags) \ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ - -Wl,--start-group -lsgx_tsyscall -lsgx_tstdc -lsgx_tcxx -lsgx_pthread -lsgx_tcrypto -l$(Service_Library_Name) -Wl,--end-group \ + -Wl,--start-group -lsgx_tstdc -lsgx_tstdc_ex -lsgx_tcxx -lsgx_pthread -lsgx_tcrypto -l$(Service_Library_Name) -Wl,--end-group \ -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ -Wl,--defsym,__ImageBase=0 diff --git a/tools/cicd/Dockerfile b/tools/cicd/Dockerfile index f112fcd..a611185 100644 --- a/tools/cicd/Dockerfile +++ b/tools/cicd/Dockerfile @@ -7,21 +7,30 @@ ENV DEBIAN_FRONTEND noninteractive ADD ["graalvm-enclave-22.1.0.tar", "/root/tools/"] ADD ["x86_64-linux-musl-native.tgz", "/root/tools/"] -ADD ["zlib-1.2.12.tar.gz", "/root/tools/"] +ADD ["zlib-1.2.11.tar.gz", "/root/tools/"] ADD ["settings.xml", "/root/tools/"] -ADD ["sgx_linux_x64_sdk_2.15.100.0.bin", "/root/tools/"] +ADD ["sgx_linux_x64_sdk_2.17.100.0.bin", "/root/tools/"] ENV GRAALVM_HOME "/root/tools/graalvm-enclave-22.1.0" ENV JAVA_HOME "/root/tools/graalvm-enclave-22.1.0" ENV CC "/root/tools/x86_64-linux-musl-native/bin/gcc" ENV PATH $PATH:"/root/tools/x86_64-linux-musl-native/bin" +ARG PSW_VERSION=2.17.100.3 +ARG DCAP_VERSION=1.14.100.3 # install necessary tools. -RUN apt-get update && apt-get install -y gnupg wget && \ +RUN apt-get update && apt-get install -y gdb gnupg wget aptitude && \ echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' > /etc/apt/sources.list.d/intel-sgx.list && \ wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \ - apt-get update && apt-get install -y --no-install-recommends libsgx-launch libsgx-urts && \ + apt-get update && aptitude install -y \ + libsgx-launch-dev=$PSW_VERSION-bionic1 \ + libsgx-urts=$PSW_VERSION-bionic1 \ + libsgx-urts-dbgsym=$PSW_VERSION-bionic1 \ + libsgx-uae-service=$PSW_VERSION-bionic1 \ + libsgx-dcap-quote-verify-dev=$DCAP_VERSION-bionic1 \ + libsgx-dcap-ql-dev=$DCAP_VERSION-bionic1 \ + libsgx-dcap-default-qpl=$DCAP_VERSION-bionic1 && \ echo -e 'yes\n' | apt-get install -y maven && \ echo -e 'yes\n' | apt-get install -y build-essential libz-dev zlib1g-dev && \ - cd /root/tools/zlib-1.2.12 && ./configure --prefix=/root/tools/x86_64-linux-musl-native --static && make && make install && \ - cd /root/tools && chmod 777 sgx_linux_x64_sdk_2.15.100.0.bin && echo -e 'no\n/opt/teesdk\n' | ./sgx_linux_x64_sdk_2.15.100.0.bin + cd /root/tools/zlib-1.2.11 && ./configure --prefix=/root/tools/x86_64-linux-musl-native --static && make && make install && \ + cd /root/tools && chmod 777 sgx_linux_x64_sdk_2.17.100.0.bin && echo -e 'no\n/opt/teesdk\n' | ./sgx_linux_x64_sdk_2.17.100.0.bin diff --git a/tools/cicd/make.sh b/tools/cicd/make.sh index 7609320..77f0311 100755 --- a/tools/cicd/make.sh +++ b/tools/cicd/make.sh @@ -1,7 +1,7 @@ #!/bin/bash BUILD_IMAGE=javaenclave_build -BUILD_TAG=v0.1.7 +BUILD_TAG=v0.1.8 SHELL_FOLDER=$(cd "$(dirname "$0")";pwd) @@ -15,14 +15,14 @@ if [[ "$(docker images -q ${BUILD_IMAGE}:${BUILD_TAG} 2> /dev/null)" == "" ]]; t # This should be replaced to the offical version when all patches are accepted by the Graal community wget https://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/JDK11-22.1.0/graalvm-enclave-22.1.0.tar wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/x86_64-linux-musl-native.tgz - wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/zlib-1.2.12.tar.gz + wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/zlib-1.2.11.tar.gz wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/settings_taobao.xml -O settings.xml - wget https://dragonwell.oss-cn-shanghai.aliyuncs.com/11/tee_java/dependency/sgx_linux_x64_sdk_2.15.100.0.bin + wget https://dragonwell.oss-cn-shanghai.aliyuncs.com/11/tee_java/dependency/sgx_linux_x64_sdk_2.17.100.0.bin docker build -t ${BUILD_IMAGE}:${BUILD_TAG} . rm -f graalvm-enclave-22.1.0.tar rm -f x86_64-linux-musl-native.tgz - rm -f zlib-1.2.12.tar.gz - rm -f sgx_linux_x64_sdk_2.15.100.0.bin + rm -f zlib-1.2.11.tar.gz + rm -f sgx_linux_x64_sdk_2.17.100.0.bin fi # test JavaEnclave's unit test cases and samples --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
