This is an automated email from the ASF dual-hosted git repository.
rduan pushed a commit to branch emm-dev
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git
The following commit(s) were added to refs/heads/emm-dev by this push:
new 6f16f4a1 Support intel-sgx-sdk 2.21 and DCAP 1.18
6f16f4a1 is described below
commit 6f16f4a111b6bd55717be7bebbe13e822f1bfe5f
Author: volcano <[email protected]>
AuthorDate: Fri Sep 1 15:18:12 2023 +0800
Support intel-sgx-sdk 2.21 and DCAP 1.18
---
buildenv.mk | 4 +
common/inc/sgx_report2.h | 3 +
sgx_libc/sgx_tlibc_sys/tlibc/gen/sbrk.c | 7 +
sgx_serialize/src/types.rs | 230 ++++++++++++++++++---
sgx_trts/src/arch.rs | 80 +++----
sgx_trts/src/edmm/epc.rs | 6 +-
sgx_trts/src/inst/hw/inst.rs | 8 +-
sgx_trts/src/inst/hyper/inst.rs | 8 +-
sgx_trts/src/inst/hyper/mod.rs | 6 +-
sgx_trts/src/inst/sim/inst.rs | 8 +-
sgx_trts/src/inst/sim/mod.rs | 6 +-
sgx_trts/src/se/report.rs | 22 +-
sgx_trts/src/version.rs | 2 +-
sgx_types/src/types/report2.rs | 1 +
sgx_types/src/types/tdx.rs | 101 ++++++++-
tools/docker/02_binutils.sh | 2 +-
tools/docker/Dockerfile.centos8 | 15 +-
tools/docker/Dockerfile.ubuntu18.04 | 15 +-
tools/docker/Dockerfile.ubuntu20.04 | 15 +-
...ckerfile.ubuntu18.04 => Dockerfile.ubuntu22.04} | 26 +--
20 files changed, 437 insertions(+), 128 deletions(-)
diff --git a/buildenv.mk b/buildenv.mk
index a2125f5a..73974b6b 100644
--- a/buildenv.mk
+++ b/buildenv.mk
@@ -67,6 +67,10 @@ else
COMMON_FLAGS += -fstack-protector-strong
endif
+ifdef _TD_MIGRATION
+ COMMON_FLAGS += -D_TD_MIGRATION
+endif
+
COMMON_FLAGS += -ffunction-sections -fdata-sections
# turn on compiler warnings as much as possible
diff --git a/common/inc/sgx_report2.h b/common/inc/sgx_report2.h
index 14f76423..355bee8a 100644
--- a/common/inc/sgx_report2.h
+++ b/common/inc/sgx_report2.h
@@ -36,6 +36,8 @@
#ifndef _SGX_REPORT2_H_
#define _SGX_REPORT2_H_
+#include <stdint.h>
+
#define TEE_HASH_384_SIZE 48 /* SHA384 */
#define TEE_MAC_SIZE 32 /* Message SHA 256 HASH Code - 32 bytes */
@@ -67,6 +69,7 @@ typedef struct _tee_attributes_t
#define TEE_REPORT2_TYPE 0x81 /* TEE Report Type2 */
#define TEE_REPORT2_SUBTYPE 0x0 /* SUBTYPE for Report Type2 is 0 */
#define TEE_REPORT2_VERSION 0x0 /* VERSION for Report Type2 is 0 */
+#define TEE_REPORT2_VERSION_SERVICETD 0x1 /* VERSION for Report Type2 which
mr_servicetd is used */
typedef struct _tee_report_type_t {
uint8_t type; /* Trusted Execution Environment(TEE) type:
diff --git a/sgx_libc/sgx_tlibc_sys/tlibc/gen/sbrk.c
b/sgx_libc/sgx_tlibc_sys/tlibc/gen/sbrk.c
index 422d9781..203714f0 100644
--- a/sgx_libc/sgx_tlibc_sys/tlibc/gen/sbrk.c
+++ b/sgx_libc/sgx_tlibc_sys/tlibc/gen/sbrk.c
@@ -41,10 +41,17 @@ SE_DECLSPEC_EXPORT size_t g_peak_heap_used = 0;
/* Please be aware of: sbrk is not thread safe by default. */
#define RELRO_SECTION_NAME ".data.rel.ro"
+#ifndef _TD_MIGRATION
static void *heap_base __attribute__((section(RELRO_SECTION_NAME))) = NULL;
static size_t heap_size __attribute__((section(RELRO_SECTION_NAME))) = 0;
static int is_edmm_supported __attribute__((section(RELRO_SECTION_NAME))) = 0;
static size_t heap_min_size __attribute__((section(RELRO_SECTION_NAME))) = 0;
+#else
+void *heap_base = NULL;
+size_t heap_size = 0;
+int is_edmm_supported = 0;
+size_t heap_min_size = 0;
+#endif
unsigned int sgx_heap_init(void *_heap_base, size_t _heap_size, size_t
_heap_min_size, int _is_edmm_supported)
{
diff --git a/sgx_serialize/src/types.rs b/sgx_serialize/src/types.rs
index 9a417616..35dc9006 100644
--- a/sgx_serialize/src/types.rs
+++ b/sgx_serialize/src/types.rs
@@ -23,9 +23,9 @@ use sgx_types::types::{
};
use sgx_types::types::{
Attributes, AttributesFlags, ConfigId, CpuSvn, KeyId, KeyName, KeyPolicy,
KeyRequest,
- Measurement, MiscAttribute, MiscSelect, Report, Report2, Report2Body,
Report2Mac, ReportBody,
- ReportData, TargetInfo, TeeAttributes, TeeCpuSvn, TeeInfo, TeeMeasurement,
TeeReportData,
- TeeReportType, TeeTcbInfo, TeeTcbSvn,
+ Measurement, MiscAttribute, MiscSelect, Report, Report2, Report2Body,
Report2BodyV15,
+ Report2Mac, ReportBody, ReportData, TargetInfo, TeeAttributes, TeeCpuSvn,
TeeInfo, TeeInfoV15,
+ TeeMeasurement, TeeReportData, TeeReportType, TeeTcbInfo, TeeTcbInfoV15,
TeeTcbSvn,
};
use sgx_types::types::{BaseName, PsSecPropDesc, QuoteNonce, Spid};
use sgx_types::types::{Ec256PrivateKey, Ec256PublicKey, Ec256SharedKey,
Ec256Signature};
@@ -1608,14 +1608,6 @@ impl Decodable for TeeInfo {
impl Encodable for TeeTcbInfo {
fn encode<S: Encoder>(&self, e: &mut S) -> Result<(), S::Error> {
- // let TeeTcbInfo {
- // valid: ref _valid,
- // tee_tcb_svn: ref _tee_tcb_svn,
- // mr_seam: ref _mr_seam,
- // mr_seam_signer: ref _mr_seam_signer,
- // attributes: ref _attributes,
- // reserved: ref _reserved,
- // } = *self;
let _valid = unsafe { &*core::ptr::addr_of!(self.valid) };
let _tee_tcb_svn = unsafe { &*core::ptr::addr_of!(self.tee_tcb_svn) };
let _mr_seam = unsafe { &*core::ptr::addr_of!(self.mr_seam) };
@@ -1661,20 +1653,6 @@ impl Decodable for TeeTcbInfo {
impl Encodable for Report2Body {
fn encode<S: Encoder>(&self, e: &mut S) -> Result<(), S::Error> {
- // let Report2Body {
- // tee_tcb_svn: ref _tee_tcb_svn,
- // mr_seam: ref _mr_seam,
- // mrsigner_seam: ref _mrsigner_seam,
- // seam_attributes: ref _seam_attributes,
- // td_attributes: ref _td_attributes,
- // xfam: ref _xfam,
- // mr_td: ref _mr_td,
- // mr_config_id: ref _mr_config_id,
- // mr_owner: ref _mr_owner,
- // mr_owner_config: ref _mr_owner_config,
- // rt_mr: ref _rt_mr,
- // report_data: ref _report_data,
- // } = *self;
let _tee_tcb_svn = unsafe { &*core::ptr::addr_of!(self.tee_tcb_svn) };
let _mr_seam = unsafe { &*core::ptr::addr_of!(self.mr_seam) };
let _mrsigner_seam = unsafe {
&*core::ptr::addr_of!(self.mrsigner_seam) };
@@ -1753,3 +1731,205 @@ impl Decodable for Report2Body {
})
}
}
+
+impl Encodable for TeeInfoV15 {
+ fn encode<S: Encoder>(&self, e: &mut S) -> Result<(), S::Error> {
+ let TeeInfoV15 {
+ attributes: ref _attributes,
+ xfam: ref _xfam,
+ mr_td: ref _mr_td,
+ mr_config_id: ref _mr_config_id,
+ mr_owner: ref _mr_owner,
+ mr_owner_config: ref _mr_owner_config,
+ rt_mr: ref _rt_mr,
+ mr_servicetd: ref _mr_servicetd,
+ reserved: ref _reserved,
+ } = *self;
+ e.emit_struct("TeeInfoV15", 8usize, |e| -> _ {
+ e.emit_struct_field("attributes", 0usize, |e| -> _ {
+ Encodable::encode(&*_attributes, e)
+ })?;
+ e.emit_struct_field("xfam", 1usize, |e| -> _ {
Encodable::encode(&*_xfam, e) })?;
+ e.emit_struct_field("mr_td", 2usize, |e| -> _ {
Encodable::encode(&*_mr_td, e) })?;
+ e.emit_struct_field("mr_config_id", 3usize, |e| -> _ {
+ Encodable::encode(&*_mr_config_id, e)
+ })?;
+ e.emit_struct_field("mr_owner", 4usize, |e| -> _ {
+ Encodable::encode(&*_mr_owner, e)
+ })?;
+ e.emit_struct_field("mr_owner_config", 5usize, |e| -> _ {
+ Encodable::encode(&*_mr_owner_config, e)
+ })?;
+ e.emit_struct_field("rt_mr", 6usize, |e| -> _ {
Encodable::encode(&*_rt_mr, e) })?;
+ e.emit_struct_field("mr_servicetd", 7usize, |e| -> _ {
+ Encodable::encode(&*_mr_servicetd, e)
+ })?;
+ e.emit_struct_field("reserved", 8usize, |e| -> _ {
+ Encodable::encode(&*_reserved, e)
+ })
+ })
+ }
+}
+
+impl Decodable for TeeInfoV15 {
+ fn decode<D: Decoder>(d: &mut D) -> Result<TeeInfoV15, D::Error> {
+ d.read_struct("TeeInfoV15", 8usize, |d| -> _ {
+ Ok(TeeInfoV15 {
+ attributes: d.read_struct_field("attributes", 0usize,
Decodable::decode)?,
+ xfam: d.read_struct_field("xfam", 1usize, Decodable::decode)?,
+ mr_td: d.read_struct_field("mr_td", 2usize,
Decodable::decode)?,
+ mr_config_id: d.read_struct_field("mr_config_id", 3usize,
Decodable::decode)?,
+ mr_owner: d.read_struct_field("mr_owner", 4usize,
Decodable::decode)?,
+ mr_owner_config: d.read_struct_field(
+ "mr_owner_config",
+ 5usize,
+ Decodable::decode,
+ )?,
+ rt_mr: d.read_struct_field("rt_mr", 6usize,
Decodable::decode)?,
+ mr_servicetd: d.read_struct_field("mr_servicetd", 7usize,
Decodable::decode)?,
+ reserved: d.read_struct_field("reserved", 8usize,
Decodable::decode)?,
+ })
+ })
+ }
+}
+
+impl Encodable for TeeTcbInfoV15 {
+ fn encode<S: Encoder>(&self, e: &mut S) -> Result<(), S::Error> {
+ let _valid = unsafe { &*core::ptr::addr_of!(self.valid) };
+ let _tee_tcb_svn = unsafe { &*core::ptr::addr_of!(self.tee_tcb_svn) };
+ let _mr_seam = unsafe { &*core::ptr::addr_of!(self.mr_seam) };
+ let _mr_seam_signer = unsafe {
&*core::ptr::addr_of!(self.mr_seam_signer) };
+ let _attributes = unsafe { &*core::ptr::addr_of!(self.attributes) };
+ let _tee_tcb_svn2 = unsafe { &*core::ptr::addr_of!(self.tee_tcb_svn2)
};
+ let _reserved = unsafe { &*core::ptr::addr_of!(self.reserved) };
+
+ e.emit_struct("TeeTcbInfoV15", 6usize, |e| -> _ {
+ e.emit_struct_field("valid", 0usize, |e| -> _ {
Encodable::encode(&*_valid, e) })?;
+ e.emit_struct_field("tee_tcb_svn", 1usize, |e| -> _ {
+ Encodable::encode(&*_tee_tcb_svn, e)
+ })?;
+ e.emit_struct_field("mr_seam", 2usize, |e| -> _ {
+ Encodable::encode(&*_mr_seam, e)
+ })?;
+ e.emit_struct_field("mr_seam_signer", 3usize, |e| -> _ {
+ Encodable::encode(&*_mr_seam_signer, e)
+ })?;
+ e.emit_struct_field("attributes", 4usize, |e| -> _ {
+ Encodable::encode(&*_attributes, e)
+ })?;
+ e.emit_struct_field("tee_tcb_svn2", 5usize, |e| -> _ {
+ Encodable::encode(&*_tee_tcb_svn2, e)
+ })?;
+ e.emit_struct_field("reserved", 6usize, |e| -> _ {
+ Encodable::encode(&*_reserved, e)
+ })
+ })
+ }
+}
+
+impl Decodable for TeeTcbInfoV15 {
+ fn decode<D: Decoder>(d: &mut D) -> Result<TeeTcbInfoV15, D::Error> {
+ d.read_struct("TeeTcbInfoV15", 8usize, |d| -> _ {
+ Ok(TeeTcbInfoV15 {
+ valid: d.read_struct_field("valid", 0usize,
Decodable::decode)?,
+ tee_tcb_svn: d.read_struct_field("tee_tcb_svn", 1usize,
Decodable::decode)?,
+ mr_seam: d.read_struct_field("mr_seam", 2usize,
Decodable::decode)?,
+ mr_seam_signer: d.read_struct_field("mr_seam_signer", 3usize,
Decodable::decode)?,
+ attributes: d.read_struct_field("attributes", 4usize,
Decodable::decode)?,
+ tee_tcb_svn2: d.read_struct_field("tee_tcb_svn2", 5usize,
Decodable::decode)?,
+ reserved: d.read_struct_field("reserved", 6usize,
Decodable::decode)?,
+ })
+ })
+ }
+}
+
+impl Encodable for Report2BodyV15 {
+ fn encode<S: Encoder>(&self, e: &mut S) -> Result<(), S::Error> {
+ let _tee_tcb_svn = unsafe { &*core::ptr::addr_of!(self.tee_tcb_svn) };
+ let _mr_seam = unsafe { &*core::ptr::addr_of!(self.mr_seam) };
+ let _mrsigner_seam = unsafe {
&*core::ptr::addr_of!(self.mrsigner_seam) };
+ let _seam_attributes = unsafe {
&*core::ptr::addr_of!(self.seam_attributes) };
+ let _td_attributes = unsafe {
&*core::ptr::addr_of!(self.td_attributes) };
+ let _xfam = unsafe { &*core::ptr::addr_of!(self.xfam) };
+ let _mr_td = unsafe { &*core::ptr::addr_of!(self.mr_td) };
+ let _mr_config_id = unsafe { &*core::ptr::addr_of!(self.mr_config_id)
};
+ let _mr_owner = unsafe { &*core::ptr::addr_of!(self.mr_owner) };
+ let _mr_owner_config = unsafe {
&*core::ptr::addr_of!(self.mr_owner_config) };
+ let _rt_mr = unsafe { &*core::ptr::addr_of!(self.rt_mr) };
+ let _report_data = unsafe { &*core::ptr::addr_of!(self.report_data) };
+ let _tee_tcb_svn2 = unsafe { &*core::ptr::addr_of!(self.tee_tcb_svn2)
};
+ let _mr_servicetd = unsafe { &*core::ptr::addr_of!(self.mr_servicetd)
};
+
+ e.emit_struct("Report2BodyV15", 12usize, |e| -> _ {
+ e.emit_struct_field("tee_tcb_svn", 0usize, |e| -> _ {
+ Encodable::encode(&*_tee_tcb_svn, e)
+ })?;
+ e.emit_struct_field("mr_seam", 1usize, |e| -> _ {
+ Encodable::encode(&*_mr_seam, e)
+ })?;
+ e.emit_struct_field("mrsigner_seam", 2usize, |e| -> _ {
+ Encodable::encode(&*_mrsigner_seam, e)
+ })?;
+ e.emit_struct_field("seam_attributes", 3usize, |e| -> _ {
+ Encodable::encode(&*_seam_attributes, e)
+ })?;
+ e.emit_struct_field("td_attributes", 4usize, |e| -> _ {
+ Encodable::encode(&*_td_attributes, e)
+ })?;
+ e.emit_struct_field("xfam", 5usize, |e| -> _ {
Encodable::encode(&*_xfam, e) })?;
+ e.emit_struct_field("mr_td", 6usize, |e| -> _ {
Encodable::encode(&*_mr_td, e) })?;
+ e.emit_struct_field("mr_config_id", 7usize, |e| -> _ {
+ Encodable::encode(&*_mr_config_id, e)
+ })?;
+ e.emit_struct_field("mr_owner", 8usize, |e| -> _ {
+ Encodable::encode(&*_mr_owner, e)
+ })?;
+ e.emit_struct_field("mr_owner_config", 9usize, |e| -> _ {
+ Encodable::encode(&*_mr_owner_config, e)
+ })?;
+ e.emit_struct_field("rt_mr", 10usize, |e| -> _ {
+ Encodable::encode(&*_rt_mr, e)
+ })?;
+ e.emit_struct_field("report_data", 11usize, |e| -> _ {
+ Encodable::encode(&*_report_data, e)
+ })?;
+ e.emit_struct_field("tee_tcb_svn2", 12usize, |e| -> _ {
+ Encodable::encode(&*_tee_tcb_svn2, e)
+ })?;
+ e.emit_struct_field("mr_servicetd", 13usize, |e| -> _ {
+ Encodable::encode(&*_mr_servicetd, e)
+ })
+ })
+ }
+}
+
+impl Decodable for Report2BodyV15 {
+ fn decode<D: Decoder>(d: &mut D) -> Result<Report2BodyV15, D::Error> {
+ d.read_struct("Report2BodyV15", 8usize, |d| -> _ {
+ Ok(Report2BodyV15 {
+ tee_tcb_svn: d.read_struct_field("tee_tcb_svn", 0usize,
Decodable::decode)?,
+ mr_seam: d.read_struct_field("mr_seam", 1usize,
Decodable::decode)?,
+ mrsigner_seam: d.read_struct_field("mrsigner_seam", 2usize,
Decodable::decode)?,
+ seam_attributes: d.read_struct_field(
+ "seam_attributes",
+ 3usize,
+ Decodable::decode,
+ )?,
+ td_attributes: d.read_struct_field("td_attributes", 4usize,
Decodable::decode)?,
+ xfam: d.read_struct_field("xfam", 5usize, Decodable::decode)?,
+ mr_td: d.read_struct_field("mr_td", 6usize,
Decodable::decode)?,
+ mr_config_id: d.read_struct_field("mr_config_id", 7usize,
Decodable::decode)?,
+ mr_owner: d.read_struct_field("mr_owner", 8usize,
Decodable::decode)?,
+ mr_owner_config: d.read_struct_field(
+ "mr_owner_config",
+ 9usize,
+ Decodable::decode,
+ )?,
+ rt_mr: d.read_struct_field("rt_mr", 10usize,
Decodable::decode)?,
+ report_data: d.read_struct_field("report_data", 11usize,
Decodable::decode)?,
+ tee_tcb_svn2: d.read_struct_field("tee_tcb_svn2", 12usize,
Decodable::decode)?,
+ mr_servicetd: d.read_struct_field("mr_servicetd", 13usize,
Decodable::decode)?,
+ })
+ })
+ }
+}
diff --git a/sgx_trts/src/arch.rs b/sgx_trts/src/arch.rs
index 4764f1fe..d36fb09a 100644
--- a/sgx_trts/src/arch.rs
+++ b/sgx_trts/src/arch.rs
@@ -17,7 +17,7 @@
#![allow(clippy::enum_variant_names)]
-use crate::edmm::{PageInfo, PageType};
+use crate::edmm::{self, PageType};
use crate::tcs::tc;
use crate::version::*;
use crate::xsave;
@@ -685,7 +685,7 @@ impl ExitInfo {
impl_bitflags! {
#[repr(C)]
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
- pub struct SecinfoFlags: u64 {
+ pub struct SecInfoFlags: u64 {
const R = 0b0000_0000_0000_0001;
const W = 0b0000_0000_0000_0010;
const X = 0b0000_0000_0000_0100;
@@ -704,9 +704,9 @@ impl_bitflags! {
}
}
-impl SecinfoFlags {
+impl SecInfoFlags {
pub fn page_type(&self) -> u8 {
- (((*self & SecinfoFlags::PT_MASK).bits()) >> 8) as u8
+ (((*self & SecInfoFlags::PT_MASK).bits()) >> 8) as u8
}
pub fn page_type_mut(&mut self) -> &mut u8 {
@@ -717,102 +717,102 @@ impl SecinfoFlags {
}
}
-impl From<PageType> for SecinfoFlags {
- fn from(data: PageType) -> SecinfoFlags {
- SecinfoFlags::from_bits_truncate((data as u64) << 8)
+impl From<PageType> for SecInfoFlags {
+ fn from(data: PageType) -> SecInfoFlags {
+ SecInfoFlags::from_bits_truncate((data as u64) << 8)
}
}
-impl From<PageInfo> for SecinfoFlags {
- fn from(data: PageInfo) -> SecinfoFlags {
+impl From<edmm::PageInfo> for SecInfoFlags {
+ fn from(data: edmm::PageInfo) -> SecInfoFlags {
let typ = data.typ as u64;
let flags = data.flags.bits() as u64;
- SecinfoFlags::from_bits_truncate((typ << 8) | flags)
+ SecInfoFlags::from_bits_truncate((typ << 8) | flags)
}
}
#[repr(C, align(64))]
#[derive(Clone, Copy)]
-pub struct Secinfo {
- pub flags: SecinfoFlags,
+pub struct SecInfo {
+ pub flags: SecInfoFlags,
pub _reserved1: [u8; 56],
}
-impl fmt::Debug for Secinfo {
+impl fmt::Debug for SecInfo {
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
- fmt.debug_struct("Secinfo")
+ fmt.debug_struct("SecInfo")
.field("flags", &self.flags.bits())
.finish()
}
}
-impl Secinfo {
- pub fn new(flags: SecinfoFlags) -> Secinfo {
- Secinfo {
+impl SecInfo {
+ pub fn new(flags: SecInfoFlags) -> SecInfo {
+ SecInfo {
flags,
_reserved1: [0_u8; 56],
}
}
}
-impl Default for Secinfo {
- fn default() -> Secinfo {
- Secinfo {
- flags: SecinfoFlags::empty(),
+impl Default for SecInfo {
+ fn default() -> SecInfo {
+ SecInfo {
+ flags: SecInfoFlags::empty(),
_reserved1: [0_u8; 56],
}
}
}
-impl Secinfo {
- pub const ALIGN_SIZE: usize = mem::size_of::<Secinfo>();
+impl SecInfo {
+ pub const ALIGN_SIZE: usize = mem::size_of::<SecInfo>();
}
-impl AsRef<[u8; Secinfo::ALIGN_SIZE]> for Secinfo {
- fn as_ref(&self) -> &[u8; Secinfo::ALIGN_SIZE] {
+impl AsRef<[u8; SecInfo::ALIGN_SIZE]> for SecInfo {
+ fn as_ref(&self) -> &[u8; SecInfo::ALIGN_SIZE] {
unsafe { &*(self as *const _ as *const _) }
}
}
-impl AsRef<Align64<[u8; Secinfo::ALIGN_SIZE]>> for Secinfo {
- fn as_ref(&self) -> &Align64<[u8; Secinfo::ALIGN_SIZE]> {
+impl AsRef<Align64<[u8; SecInfo::ALIGN_SIZE]>> for SecInfo {
+ fn as_ref(&self) -> &Align64<[u8; SecInfo::ALIGN_SIZE]> {
unsafe { &*(self as *const _ as *const _) }
}
}
-impl From<SecinfoFlags> for Secinfo {
- fn from(flags: SecinfoFlags) -> Secinfo {
- Secinfo::new(flags)
+impl From<SecInfoFlags> for SecInfo {
+ fn from(flags: SecInfoFlags) -> SecInfo {
+ SecInfo::new(flags)
}
}
-impl From<PageInfo> for Secinfo {
- fn from(data: PageInfo) -> Secinfo {
- Secinfo::from(SecinfoFlags::from(data))
+impl From<edmm::PageInfo> for SecInfo {
+ fn from(data: edmm::PageInfo) -> SecInfo {
+ SecInfo::from(SecInfoFlags::from(data))
}
}
#[repr(C, align(32))]
#[derive(Clone, Copy, Debug)]
-pub struct Pageinfo {
+pub struct PageInfo {
pub linaddr: u64,
pub srcpage: u64,
pub secinfo: u64,
pub secs: u64,
}
-impl Pageinfo {
- pub const ALIGN_SIZE: usize = mem::size_of::<Pageinfo>();
+impl PageInfo {
+ pub const ALIGN_SIZE: usize = mem::size_of::<PageInfo>();
}
-impl AsRef<[u8; Pageinfo::ALIGN_SIZE]> for Pageinfo {
- fn as_ref(&self) -> &[u8; Pageinfo::ALIGN_SIZE] {
+impl AsRef<[u8; PageInfo::ALIGN_SIZE]> for PageInfo {
+ fn as_ref(&self) -> &[u8; PageInfo::ALIGN_SIZE] {
unsafe { &*(self as *const _ as *const _) }
}
}
-impl AsRef<Align32<[u8; Pageinfo::ALIGN_SIZE]>> for Pageinfo {
- fn as_ref(&self) -> &Align32<[u8; Pageinfo::ALIGN_SIZE]> {
+impl AsRef<Align32<[u8; PageInfo::ALIGN_SIZE]>> for PageInfo {
+ fn as_ref(&self) -> &Align32<[u8; PageInfo::ALIGN_SIZE]> {
unsafe { &*(self as *const _ as *const _) }
}
}
diff --git a/sgx_trts/src/edmm/epc.rs b/sgx_trts/src/edmm/epc.rs
index 446ecec8..05c966ad 100644
--- a/sgx_trts/src/edmm/epc.rs
+++ b/sgx_trts/src/edmm/epc.rs
@@ -15,7 +15,7 @@
// specific language governing permissions and limitations
// under the License..
-use crate::arch::{Secinfo, SE_PAGE_SHIFT, SE_PAGE_SIZE};
+use crate::arch::{SecInfo, SE_PAGE_SHIFT, SE_PAGE_SIZE};
use crate::enclave::is_within_enclave;
use crate::inst::EncluInst;
use core::num::NonZeroUsize;
@@ -204,12 +204,12 @@ impl Page {
}
pub fn accept(&self) -> SgxResult {
- let secinfo: Secinfo = self.info.into();
+ let secinfo: SecInfo = self.info.into();
EncluInst::eaccept(&secinfo, self.addr).map_err(|_|
SgxStatus::Unexpected)
}
pub fn modpe(&self) -> SgxResult {
- let secinfo: Secinfo = self.info.into();
+ let secinfo: SecInfo = self.info.into();
EncluInst::emodpe(&secinfo, self.addr).map_err(|_|
SgxStatus::Unexpected)
}
}
diff --git a/sgx_trts/src/inst/hw/inst.rs b/sgx_trts/src/inst/hw/inst.rs
index 497ea05d..c97a5a2c 100644
--- a/sgx_trts/src/inst/hw/inst.rs
+++ b/sgx_trts/src/inst/hw/inst.rs
@@ -15,7 +15,7 @@
// specific language governing permissions and limitations
// under the License..
-use crate::arch::{Enclu, Secinfo};
+use crate::arch::{Enclu, SecInfo};
use crate::se::{
AlignKey, AlignKeyRequest, AlignReport, AlignReport2Mac, AlignReportData,
AlignTargetInfo,
};
@@ -75,7 +75,7 @@ impl EncluInst {
}
}
- pub fn eaccept(info: &Secinfo, addr: usize) -> Result<(), u32> {
+ pub fn eaccept(info: &SecInfo, addr: usize) -> Result<(), u32> {
unsafe {
let error;
asm!(
@@ -94,7 +94,7 @@ impl EncluInst {
}
}
- pub fn eacceptcopy(info: &Secinfo, addr: usize, source: usize) ->
Result<(), u32> {
+ pub fn eacceptcopy(info: &SecInfo, addr: usize, source: usize) ->
Result<(), u32> {
unsafe {
let error;
asm!(
@@ -114,7 +114,7 @@ impl EncluInst {
}
}
- pub fn emodpe(info: &Secinfo, addr: usize) -> Result<(), u32> {
+ pub fn emodpe(info: &SecInfo, addr: usize) -> Result<(), u32> {
unsafe {
asm!(
"xchg rbx, {0}",
diff --git a/sgx_trts/src/inst/hyper/inst.rs b/sgx_trts/src/inst/hyper/inst.rs
index fcf8a689..b7b97f21 100644
--- a/sgx_trts/src/inst/hyper/inst.rs
+++ b/sgx_trts/src/inst/hyper/inst.rs
@@ -17,7 +17,7 @@
#![allow(clippy::enum_variant_names)]
-use crate::arch::Secinfo;
+use crate::arch::SecInfo;
use crate::inst::INVALID_LEAF;
use crate::se::{
AlignKey, AlignKeyRequest, AlignReport, AlignReport2Mac, AlignReportData,
AlignTargetInfo,
@@ -93,17 +93,17 @@ impl EncluInst {
}
#[inline]
- pub fn eaccept(_info: &Secinfo, _addr: usize) -> Result<(), u32> {
+ pub fn eaccept(_info: &SecInfo, _addr: usize) -> Result<(), u32> {
Ok(())
}
#[inline]
- pub fn eacceptcopy(_info: &Secinfo, _addr: usize, _source: usize) ->
Result<(), u32> {
+ pub fn eacceptcopy(_info: &SecInfo, _addr: usize, _source: usize) ->
Result<(), u32> {
Ok(())
}
#[inline]
- pub fn emodpe(_info: &Secinfo, _addr: usize) -> Result<(), u32> {
+ pub fn emodpe(_info: &SecInfo, _addr: usize) -> Result<(), u32> {
Ok(())
}
}
diff --git a/sgx_trts/src/inst/hyper/mod.rs b/sgx_trts/src/inst/hyper/mod.rs
index 00989896..9d638b5f 100644
--- a/sgx_trts/src/inst/hyper/mod.rs
+++ b/sgx_trts/src/inst/hyper/mod.rs
@@ -15,7 +15,7 @@
// specific language governing permissions and limitations
// under the License..
-use crate::arch::{Enclu, Secinfo};
+use crate::arch::{Enclu, SecInfo};
use crate::call::MsbufInfo;
use crate::error::abort;
use crate::fence::lfence;
@@ -63,11 +63,11 @@ pub unsafe extern "C" fn se3(
}
Err(e) => e as usize,
},
- Enclu::EAccept => match EncluInst::eaccept(&*(rbx as *const Secinfo),
rcx) {
+ Enclu::EAccept => match EncluInst::eaccept(&*(rbx as *const SecInfo),
rcx) {
Ok(_) => 0,
Err(e) => e as usize,
},
- Enclu::EModpe => match EncluInst::emodpe(&*(rbx as *const Secinfo),
rcx) {
+ Enclu::EModpe => match EncluInst::emodpe(&*(rbx as *const SecInfo),
rcx) {
Ok(_) => 0,
Err(e) => e as usize,
},
diff --git a/sgx_trts/src/inst/sim/inst.rs b/sgx_trts/src/inst/sim/inst.rs
index 30af1fe9..93287cd8 100644
--- a/sgx_trts/src/inst/sim/inst.rs
+++ b/sgx_trts/src/inst/sim/inst.rs
@@ -15,7 +15,7 @@
// specific language governing permissions and limitations
// under the License..
-use crate::arch::{Secinfo, Tcs};
+use crate::arch::{SecInfo, Tcs};
use crate::enclave::EnclaveRange;
use crate::error::abort as gp;
use crate::inst::sim::derive::{self, DeriveData, SeOwnerEpoch};
@@ -404,17 +404,17 @@ impl EncluInst {
}
#[inline]
- pub fn eaccept(_info: &Secinfo, _addr: usize) -> Result<(), u32> {
+ pub fn eaccept(_info: &SecInfo, _addr: usize) -> Result<(), u32> {
Ok(())
}
#[inline]
- pub fn eacceptcopy(_info: &Secinfo, _addr: usize, _source: usize) ->
Result<(), u32> {
+ pub fn eacceptcopy(_info: &SecInfo, _addr: usize, _source: usize) ->
Result<(), u32> {
Ok(())
}
#[inline]
- pub fn emodpe(_info: &Secinfo, _addr: usize) -> Result<(), u32> {
+ pub fn emodpe(_info: &SecInfo, _addr: usize) -> Result<(), u32> {
Ok(())
}
diff --git a/sgx_trts/src/inst/sim/mod.rs b/sgx_trts/src/inst/sim/mod.rs
index e89942b1..5d047a83 100644
--- a/sgx_trts/src/inst/sim/mod.rs
+++ b/sgx_trts/src/inst/sim/mod.rs
@@ -15,7 +15,7 @@
// specific language governing permissions and limitations
// under the License..
-use crate::arch::{Enclu, Secinfo, Secs, Tcs};
+use crate::arch::{Enclu, SecInfo, Secs, Tcs};
use crate::error::abort;
use crate::se::{AlignKey, AlignKeyRequest, AlignReport, AlignReportData,
AlignTargetInfo};
use core::convert::TryFrom;
@@ -66,11 +66,11 @@ pub unsafe extern "C" fn se3(
}
Err(e) => e as usize,
},
- Enclu::EAccept => match EncluInst::eaccept(&*(rbx as *const Secinfo),
rcx) {
+ Enclu::EAccept => match EncluInst::eaccept(&*(rbx as *const SecInfo),
rcx) {
Ok(_) => 0,
Err(e) => e as usize,
},
- Enclu::EModpe => match EncluInst::emodpe(&*(rbx as *const Secinfo),
rcx) {
+ Enclu::EModpe => match EncluInst::emodpe(&*(rbx as *const SecInfo),
rcx) {
Ok(_) => 0,
Err(e) => e as usize,
},
diff --git a/sgx_trts/src/se/report.rs b/sgx_trts/src/se/report.rs
index 04b3f5fd..2f807949 100644
--- a/sgx_trts/src/se/report.rs
+++ b/sgx_trts/src/se/report.rs
@@ -31,8 +31,10 @@ use sgx_types::types::{
};
use sgx_types::types::{
CONFIGID_SIZE, CPUSVN_SIZE, HASH_SIZE, ISVEXT_PROD_ID_SIZE,
ISV_FAMILY_ID_SIZE, KEYID_SIZE,
- MAC_SIZE, REPORT_BODY_RESERVED1_BYTES, REPORT_BODY_RESERVED2_BYTES,
- REPORT_BODY_RESERVED3_BYTES, REPORT_BODY_RESERVED4_BYTES, REPORT_DATA_SIZE,
+ MAC_SIZE, REPORT2_MAC_RESERVED1_BYTES, REPORT2_MAC_RESERVED2_BYTES,
+ REPORT_BODY_RESERVED1_BYTES, REPORT_BODY_RESERVED2_BYTES,
REPORT_BODY_RESERVED3_BYTES,
+ REPORT_BODY_RESERVED4_BYTES, REPORT_DATA_SIZE, TEE_REPORT2_SUBTYPE,
TEE_REPORT2_TYPE,
+ TEE_REPORT2_VERSION, TEE_REPORT2_VERSION_SERVICETD,
};
#[repr(C, align(128))]
@@ -149,6 +151,22 @@ impl AlignReport {
impl AlignReport2Mac {
pub fn verify(&self) -> SgxResult {
ensure!(self.is_enclave_range(), SgxStatus::InvalidParameter);
+ ensure!(
+ self.0.report_type.report_type == TEE_REPORT2_TYPE,
+ SgxStatus::InvalidParameter
+ );
+ ensure!(
+ self.0.report_type.subtype == TEE_REPORT2_SUBTYPE
+ && (self.0.report_type.version == TEE_REPORT2_VERSION
+ || self.0.report_type.version ==
TEE_REPORT2_VERSION_SERVICETD),
+ SgxStatus::InvalidParameter
+ );
+ ensure!(
+ self.0.report_type.reserved == 0
+ && self.0.reserved1 == [0; REPORT2_MAC_RESERVED1_BYTES]
+ && self.0.reserved2 == [0; REPORT2_MAC_RESERVED2_BYTES],
+ SgxStatus::InvalidParameter
+ );
EncluInst::everify_report2(self).map_err(|e| match e {
inst::INVALID_REPORTMACSTRUCT => SgxStatus::MacMismatch,
diff --git a/sgx_trts/src/version.rs b/sgx_trts/src/version.rs
index 93bb9598..15a37844 100644
--- a/sgx_trts/src/version.rs
+++ b/sgx_trts/src/version.rs
@@ -16,6 +16,6 @@
// under the License..
pub const MAJOR_VERSION: usize = 2;
-pub const MINOR_VERSION: usize = 20;
+pub const MINOR_VERSION: usize = 21;
pub const REVISION_VERSION: usize = 100;
pub const VERSION_UINT: usize = (MAJOR_VERSION << 32) | (MINOR_VERSION << 16)
| REVISION_VERSION;
diff --git a/sgx_types/src/types/report2.rs b/sgx_types/src/types/report2.rs
index 7f032d4e..e27af19f 100644
--- a/sgx_types/src/types/report2.rs
+++ b/sgx_types/src/types/report2.rs
@@ -107,6 +107,7 @@ pub const LEGACY_REPORT_TYPE: u8 = 0x0; // SGX Legacy
Report Type
pub const TEE_REPORT2_TYPE: u8 = 0x81; // TEE Report Type2
pub const TEE_REPORT2_SUBTYPE: u8 = 0x0; // SUBTYPE for Report Type2 is 0
pub const TEE_REPORT2_VERSION: u8 = 0x0; // VERSION for Report Type2 is 0
+pub const TEE_REPORT2_VERSION_SERVICETD: u8 = 0x1; // VERSION for Report Type2
which mr_servicetd is used
impl_struct! {
#[repr(C)]
diff --git a/sgx_types/src/types/tdx.rs b/sgx_types/src/types/tdx.rs
index f3b7dba0..d68dff8b 100644
--- a/sgx_types/src/types/tdx.rs
+++ b/sgx_types/src/types/tdx.rs
@@ -51,8 +51,8 @@ impl_unsafe_marker_for! {
TeeTcbSvn
}
-pub const TD_INFO_RESERVED_BYTES: usize = 112;
-pub const TD_TEE_TCB_INFO_RESERVED_BYTES: usize = 111;
+pub const TD_INFO_RESERVED_BYTES_V1: usize = 112;
+pub const TD_TEE_TCB_INFO_RESERVED_BYTES_V1: usize = 111;
#[derive(Clone, Copy, Debug)]
#[repr(C)]
@@ -64,7 +64,7 @@ pub struct TeeInfo {
pub mr_owner: TeeMeasurement,
pub mr_owner_config: TeeMeasurement,
pub rt_mr: [TeeMeasurement; 4],
- pub reserved: [u8; TD_INFO_RESERVED_BYTES],
+ pub reserved: [u8; TD_INFO_RESERVED_BYTES_V1],
}
#[derive(Clone, Copy, Debug)]
@@ -75,7 +75,7 @@ pub struct TeeTcbInfo {
pub mr_seam: TeeMeasurement,
pub mr_seam_signer: TeeMeasurement,
pub attributes: TeeAttributes,
- pub reserved: [u8; TD_TEE_TCB_INFO_RESERVED_BYTES],
+ pub reserved: [u8; TD_TEE_TCB_INFO_RESERVED_BYTES_V1],
}
#[derive(Clone, Copy, Debug)]
@@ -144,6 +144,7 @@ impl_struct_ContiguousMemory! {
TeeTcbInfo;
QeReportCertificationData;
EcdsaSigDataV4;
+ Quote4Header;
Quote4;
}
@@ -207,6 +208,98 @@ impl Quote4 {
}
}
+/* intel DCAP 1.18 */
+//
+// sgx_quote_5.h
+//
+
+pub const TD_INFO_RESERVED_BYTES_V15: usize = 64;
+pub const TD_TEE_TCB_INFO_RESERVED_BYTES_V15: usize = 95;
+
+#[derive(Clone, Copy, Debug)]
+#[repr(C)]
+pub struct TeeInfoV15 {
+ pub attributes: TeeAttributes,
+ pub xfam: TeeAttributes,
+ pub mr_td: TeeMeasurement,
+ pub mr_config_id: TeeMeasurement,
+ pub mr_owner: TeeMeasurement,
+ pub mr_owner_config: TeeMeasurement,
+ pub rt_mr: [TeeMeasurement; 4],
+ pub mr_servicetd: TeeMeasurement,
+ pub reserved: [u8; TD_INFO_RESERVED_BYTES_V15],
+}
+
+#[derive(Clone, Copy, Debug)]
+#[repr(C, packed)]
+pub struct TeeTcbInfoV15 {
+ pub valid: [u8; 8],
+ pub tee_tcb_svn: TeeTcbSvn,
+ pub mr_seam: TeeMeasurement,
+ pub mr_seam_signer: TeeMeasurement,
+ pub attributes: TeeAttributes,
+ pub tee_tcb_svn2: TeeTcbSvn,
+ pub reserved: [u8; TD_TEE_TCB_INFO_RESERVED_BYTES_V15],
+}
+
+pub type Quote5Header = Quote4Header;
+
+#[derive(Clone, Copy, Debug, Default)]
+#[repr(C, packed)]
+pub struct Report2BodyV15 {
+ pub tee_tcb_svn: TeeTcbSvn,
+ pub mr_seam: TeeMeasurement,
+ pub mrsigner_seam: TeeMeasurement,
+ pub seam_attributes: TeeAttributes,
+ pub td_attributes: TeeAttributes,
+ pub xfam: TeeAttributes,
+ pub mr_td: TeeMeasurement,
+ pub mr_config_id: TeeMeasurement,
+ pub mr_owner: TeeMeasurement,
+ pub mr_owner_config: TeeMeasurement,
+ pub rt_mr: [TeeMeasurement; 4],
+ pub report_data: TeeReportData,
+ pub tee_tcb_svn2: TeeTcbSvn,
+ pub mr_servicetd: TeeMeasurement,
+}
+
+#[derive(Clone, Copy, Debug)]
+#[repr(C, packed)]
+pub struct Quote5 {
+ pub header: Quote5Header,
+ pub quote_type: u16,
+ pub size: u32,
+ pub body: [u8; 0],
+}
+
+impl_struct_default! {
+ TeeInfoV15; //512
+ TeeTcbInfoV15; //239
+}
+
+impl_struct_ContiguousMemory! {
+ TeeInfoV15;
+ TeeTcbInfoV15;
+ Report2BodyV15;
+ Quote5;
+}
+
+impl_asref_array! {
+ TeeInfoV15;
+ TeeTcbInfoV15;
+ Report2BodyV15;
+}
+
+impl Quote5 {
+ /// # Safety
+ pub unsafe fn as_slice_unchecked(&self) -> &[u8] {
+ slice::from_raw_parts(
+ self as *const _ as *const u8,
+ mem::size_of::<Quote5>() + self.size as usize,
+ )
+ }
+}
+
/* intel DCAP 1.15 */
//
// tdx_attes.h
diff --git a/tools/docker/02_binutils.sh b/tools/docker/02_binutils.sh
index 26b13e2a..2ad40137 100755
--- a/tools/docker/02_binutils.sh
+++ b/tools/docker/02_binutils.sh
@@ -20,5 +20,5 @@
cd /root && \
wget
https://download.01.org/intel-sgx/sgx-linux/$SGX_SDK_RELEASE_VERSION/as.ld.objdump.r4.tar.gz
&& \
tar xzf as.ld.objdump.r4.tar.gz && \
-cp -r external/toolset/$BINUTILS_DIST/* /usr/bin/ && \
+cp -r external/toolset/$TOOLSET_DIST/* /usr/bin/ && \
rm -rf ./external ./as.ld.objdump.r4.tar.gz
diff --git a/tools/docker/Dockerfile.centos8 b/tools/docker/Dockerfile.centos8
index 1297649c..53b615fd 100644
--- a/tools/docker/Dockerfile.centos8
+++ b/tools/docker/Dockerfile.centos8
@@ -71,18 +71,19 @@ RUN yum install epel-release -y && \
http://downloads.sourceforge.net/ltp/lcov-1.14-1.noarch.rpm && \
alternatives --set python /usr/bin/python2
-ENV SGX_SDK_RELEASE_VERSION 2.20
-ENV SGX_DCAP_RELEASE_VERSION 1.17
-ENV SGX_SDK_CODE_VERSION 2.20
-ENV SGX_DCAP_CODE_VERSION 1.17
-ENV SGX_SDK_BIN_VERSION 2.20.100.4
-ENV SGX_SDK_PKGS_VERSION 2.20.100.4
-ENV SGX_DCAP_PKGS_VERSION 1.17.100.4
+ENV SGX_SDK_RELEASE_VERSION 2.21
+ENV SGX_DCAP_RELEASE_VERSION 1.18
+ENV SGX_SDK_CODE_VERSION 2.21
+ENV SGX_DCAP_CODE_VERSION 1.18
+ENV SGX_SDK_BIN_VERSION 2.21.100.1
+ENV SGX_SDK_PKGS_VERSION 2.21.100.1
+ENV SGX_DCAP_PKGS_VERSION 1.18.100.1
ENV SGX_SDK_VERSION ${SGX_SDK_PKGS_VERSION}
ENV SGX_DCAP_VERSION ${SGX_DCAP_PKGS_VERSION}
ENV RUST_TOOLCHAIN nightly-2022-10-22
ENV OS_NAME centos
ENV BINUTILS_DIST centos8
+ENV TOOLSET_DIST centos8
ENV SGX_SDK_URL
"https://download.01.org/intel-sgx/sgx-linux/${SGX_SDK_CODE_VERSION}/distro/${OS_NAME}-stream/sgx_linux_x64_sdk_${SGX_SDK_BIN_VERSION}.bin";
ENV PSW_REPO_URL
"https://download.01.org/intel-sgx/sgx-linux/${SGX_SDK_RELEASE_VERSION}/distro/${OS_NAME}-stream/sgx_rpm_local_repo.tgz";
diff --git a/tools/docker/Dockerfile.ubuntu18.04
b/tools/docker/Dockerfile.ubuntu18.04
index 4c22b188..74dd0ed0 100644
--- a/tools/docker/Dockerfile.ubuntu18.04
+++ b/tools/docker/Dockerfile.ubuntu18.04
@@ -78,18 +78,19 @@ RUN apt-get update && DEBIAN_FRONTEND="noninteractive"
apt-get install -y --no-i
rm -rf /var/lib/apt/lists/*
ENV CODENAME bionic
-ENV SGX_SDK_RELEASE_VERSION 2.20
-ENV SGX_DCAP_RELEASE_VERSION 1.17
-ENV SGX_SDK_CODE_VERSION 2.20
-ENV SGX_DCAP_CODE_VERSION 1.17
-ENV SGX_SDK_BIN_VERSION 2.20.100.4
-ENV SGX_SDK_PKGS_VERSION 2.20.100.4
-ENV SGX_DCAP_PKGS_VERSION 1.17.100.4
+ENV SGX_SDK_RELEASE_VERSION 2.21
+ENV SGX_DCAP_RELEASE_VERSION 1.18
+ENV SGX_SDK_CODE_VERSION 2.21
+ENV SGX_DCAP_CODE_VERSION 1.18
+ENV SGX_SDK_BIN_VERSION 2.21.100.1
+ENV SGX_SDK_PKGS_VERSION 2.21.100.1
+ENV SGX_DCAP_PKGS_VERSION 1.18.100.1
ENV SGX_SDK_VERSION ${SGX_SDK_PKGS_VERSION}-bionic1
ENV SGX_DCAP_VERSION ${SGX_DCAP_PKGS_VERSION}-bionic1
ENV RUST_TOOLCHAIN nightly-2022-10-22
ENV OS_NAME ubuntu
ENV BINUTILS_DIST ubuntu18.04
+ENV TOOLSET_DIST ubuntu20.04
ENV SGX_SDK_URL
"https://download.01.org/intel-sgx/sgx-linux/${SGX_SDK_CODE_VERSION}/distro/${BINUTILS_DIST}-server/sgx_linux_x64_sdk_${SGX_SDK_BIN_VERSION}.bin";
ENV LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
diff --git a/tools/docker/Dockerfile.ubuntu20.04
b/tools/docker/Dockerfile.ubuntu20.04
index 91d0d28e..7d8d8bc8 100644
--- a/tools/docker/Dockerfile.ubuntu20.04
+++ b/tools/docker/Dockerfile.ubuntu20.04
@@ -77,18 +77,19 @@ RUN apt-get update && DEBIAN_FRONTEND="noninteractive"
apt-get install -y --no-i
rm -rf /var/lib/apt/lists/*
ENV CODENAME focal
-ENV SGX_SDK_RELEASE_VERSION 2.20
-ENV SGX_DCAP_RELEASE_VERSION 1.17
-ENV SGX_SDK_CODE_VERSION 2.20
-ENV SGX_DCAP_CODE_VERSION 1.17
-ENV SGX_SDK_BIN_VERSION 2.20.100.4
-ENV SGX_SDK_PKGS_VERSION 2.20.100.4
-ENV SGX_DCAP_PKGS_VERSION 1.17.100.4
+ENV SGX_SDK_RELEASE_VERSION 2.21
+ENV SGX_DCAP_RELEASE_VERSION 1.18
+ENV SGX_SDK_CODE_VERSION 2.21
+ENV SGX_DCAP_CODE_VERSION 1.18
+ENV SGX_SDK_BIN_VERSION 2.21.100.1
+ENV SGX_SDK_PKGS_VERSION 2.21.100.1
+ENV SGX_DCAP_PKGS_VERSION 1.18.100.1
ENV SGX_SDK_VERSION ${SGX_SDK_PKGS_VERSION}-focal1
ENV SGX_DCAP_VERSION ${SGX_DCAP_PKGS_VERSION}-focal1
ENV RUST_TOOLCHAIN nightly-2022-10-22
ENV OS_NAME ubuntu
ENV BINUTILS_DIST ubuntu20.04
+ENV TOOLSET_DIST ubuntu20.04
ENV SGX_SDK_URL
"https://download.01.org/intel-sgx/sgx-linux/${SGX_SDK_CODE_VERSION}/distro/${BINUTILS_DIST}-server/sgx_linux_x64_sdk_${SGX_SDK_BIN_VERSION}.bin";
ENV LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
diff --git a/tools/docker/Dockerfile.ubuntu18.04
b/tools/docker/Dockerfile.ubuntu22.04
similarity index 83%
copy from tools/docker/Dockerfile.ubuntu18.04
copy to tools/docker/Dockerfile.ubuntu22.04
index 4c22b188..9cedb924 100644
--- a/tools/docker/Dockerfile.ubuntu18.04
+++ b/tools/docker/Dockerfile.ubuntu22.04
@@ -15,7 +15,7 @@
# specific language governing permissions and limitations
# under the License.
-FROM ubuntu:18.04
+FROM ubuntu:22.04
LABEL authors="The Teaclave Authors"
@@ -50,7 +50,6 @@ RUN apt-get update && DEBIAN_FRONTEND="noninteractive"
apt-get install -y --no-i
libfuse-dev \
libjsoncpp-dev \
liblog4cpp5-dev \
- libprotobuf-c0-dev \
libprotobuf-dev \
libssl-dev \
libtool \
@@ -77,19 +76,20 @@ RUN apt-get update && DEBIAN_FRONTEND="noninteractive"
apt-get install -y --no-i
apt-get clean && \
rm -rf /var/lib/apt/lists/*
-ENV CODENAME bionic
-ENV SGX_SDK_RELEASE_VERSION 2.20
-ENV SGX_DCAP_RELEASE_VERSION 1.17
-ENV SGX_SDK_CODE_VERSION 2.20
-ENV SGX_DCAP_CODE_VERSION 1.17
-ENV SGX_SDK_BIN_VERSION 2.20.100.4
-ENV SGX_SDK_PKGS_VERSION 2.20.100.4
-ENV SGX_DCAP_PKGS_VERSION 1.17.100.4
-ENV SGX_SDK_VERSION ${SGX_SDK_PKGS_VERSION}-bionic1
-ENV SGX_DCAP_VERSION ${SGX_DCAP_PKGS_VERSION}-bionic1
+ENV CODENAME jammy
+ENV SGX_SDK_RELEASE_VERSION 2.21
+ENV SGX_DCAP_RELEASE_VERSION 1.18
+ENV SGX_SDK_CODE_VERSION 2.21
+ENV SGX_DCAP_CODE_VERSION 1.18
+ENV SGX_SDK_BIN_VERSION 2.21.100.1
+ENV SGX_SDK_PKGS_VERSION 2.21.100.1
+ENV SGX_DCAP_PKGS_VERSION 1.18.100.1
+ENV SGX_SDK_VERSION ${SGX_SDK_PKGS_VERSION}-jammy1
+ENV SGX_DCAP_VERSION ${SGX_DCAP_PKGS_VERSION}-jammy1
ENV RUST_TOOLCHAIN nightly-2022-10-22
ENV OS_NAME ubuntu
-ENV BINUTILS_DIST ubuntu18.04
+ENV BINUTILS_DIST ubuntu22.04
+ENV TOOLSET_DIST ubuntu20.04
ENV SGX_SDK_URL
"https://download.01.org/intel-sgx/sgx-linux/${SGX_SDK_CODE_VERSION}/distro/${BINUTILS_DIST}-server/sgx_linux_x64_sdk_${SGX_SDK_BIN_VERSION}.bin";
ENV LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
