|
@@ -71,6 +71,7 @@ To build Graphene library OS with debug symbols, run "make DEBUG=1" instead of
|
|
|
### 2.1. BUILD WITH KERNEL-LEVEL SANDBOXING (OPTIONAL)
|
|
### 2.1. BUILD WITH KERNEL-LEVEL SANDBOXING (OPTIONAL)
|
|
|
|
|
|
|
|
__** Note: this step is optional. **__
|
|
__** Note: this step is optional. **__
|
|
|
|
|
+
|
|
|
__** Note: for building with Intel:registered: SGX support, skip this step. **__
|
|
__** Note: for building with Intel:registered: SGX support, skip this step. **__
|
|
|
|
|
|
|
|
__** Disclaimer: this feature is experimental and may contain bugs. Please do
|
|
__** Disclaimer: this feature is experimental and may contain bugs. Please do
|
|
@@ -121,9 +122,10 @@ files) and the signatures, to the Intel SGX-enabled hosts. The Intel SGX
|
|
|
Linux SDK is required for running Graphene Library OS. Download and install
|
|
Linux SDK is required for running Graphene Library OS. Download and install
|
|
|
from the official Intel github repositories:
|
|
from the official Intel github repositories:
|
|
|
|
|
|
|
|
- <https://github.com/01org/linux-sgx>
|
|
|
|
|
- <https://github.com/01org/linux-sgx-driver>
|
|
|
|
|
- (The SDK and driver version must be 1.9 or LOWER)
|
|
|
|
|
|
|
+ - <https://github.com/01org/linux-sgx>
|
|
|
|
|
+ - <https://github.com/01org/linux-sgx-driver>
|
|
|
|
|
+
|
|
|
|
|
+__(The SDK and driver version must be 1.9 or LOWER)__
|
|
|
|
|
|
|
|
A Linux driver must be installed before runing Graphene Library OS in enclaves.
|
|
A Linux driver must be installed before runing Graphene Library OS in enclaves.
|
|
|
Simply run the following command to build the driver:
|
|
Simply run the following command to build the driver:
|
|
@@ -147,14 +149,14 @@ to be run as an executable, with the name of the program, and a "manifest
|
|
|
file" given from the command line. Graphene provides three options for
|
|
file" given from the command line. Graphene provides three options for
|
|
|
spcifying the programs and manifest files:
|
|
spcifying the programs and manifest files:
|
|
|
|
|
|
|
|
- option 1: (automatic manifest)
|
|
|
|
|
|
|
+ - option 1: (automatic manifest)
|
|
|
[PATH TO Runtime]/pal_loader [PROGRAM] [ARGUMENTS]...
|
|
[PATH TO Runtime]/pal_loader [PROGRAM] [ARGUMENTS]...
|
|
|
(Manifest file: "[PROGRAM].manifest" or "manifest")
|
|
(Manifest file: "[PROGRAM].manifest" or "manifest")
|
|
|
|
|
|
|
|
- option 2: (given manifest)
|
|
|
|
|
|
|
+ - option 2: (given manifest)
|
|
|
[PATH TO Runtime]/pal_loader [MANIFEST] [ARGUMENTS]...
|
|
[PATH TO Runtime]/pal_loader [MANIFEST] [ARGUMENTS]...
|
|
|
|
|
|
|
|
- option 3: (manifest as a script)
|
|
|
|
|
|
|
+ - option 3: (manifest as a script)
|
|
|
[PATH TO MANIFEST]/[MANIFEST] [ARGUMENTS]...
|
|
[PATH TO MANIFEST]/[MANIFEST] [ARGUMENTS]...
|
|
|
(Manifest must have "#![PATH_TO_PAL]/libpal.so" as the first line)
|
|
(Manifest must have "#![PATH_TO_PAL]/libpal.so" as the first line)
|
|
|
|
|
|
|
@@ -165,14 +167,14 @@ the Graphene reference monitor, Graphene must be started with the PAL
|
|
|
reference monitor loader (libpal_sec.so). Graphene provides three options for
|
|
reference monitor loader (libpal_sec.so). Graphene provides three options for
|
|
|
spcifying the programs and manifest files to the loader:
|
|
spcifying the programs and manifest files to the loader:
|
|
|
|
|
|
|
|
- option 4: (automatic manifest - with reference monitor)
|
|
|
|
|
|
|
+ - option 4: (automatic manifest - with reference monitor)
|
|
|
SEC=1 [PATH TO Runtime]/pal_loader [PROGRAM] [ARGUMENTS]...
|
|
SEC=1 [PATH TO Runtime]/pal_loader [PROGRAM] [ARGUMENTS]...
|
|
|
(Manifest file: "[PROGRAM].manifest" or "manifest")
|
|
(Manifest file: "[PROGRAM].manifest" or "manifest")
|
|
|
|
|
|
|
|
- option 5: (given manifest - with reference monitor)
|
|
|
|
|
|
|
+ - option 5: (given manifest - with reference monitor)
|
|
|
SEC=1 [PATH TO Pal/src]/pal_loader [MANIFEST] [ARGUMENTS]...
|
|
SEC=1 [PATH TO Pal/src]/pal_loader [MANIFEST] [ARGUMENTS]...
|
|
|
|
|
|
|
|
- option 6: (manifest as a script - with reference monitor)
|
|
|
|
|
|
|
+ - option 6: (manifest as a script - with reference monitor)
|
|
|
SEC=1 [PATH TO MANIFEST]/[MANIFEST] [ARGUMENTS]...
|
|
SEC=1 [PATH TO MANIFEST]/[MANIFEST] [ARGUMENTS]...
|
|
|
(Manifest must have "#![PATH TO Pal/src]/pal_sec" as the first line)
|
|
(Manifest must have "#![PATH TO Pal/src]/pal_sec" as the first line)
|
|
|
|
|
|
|
@@ -204,8 +206,8 @@ github Wiki page: <https://github.com/oscarlab/graphene/wiki>.
|
|
|
|
|
|
|
|
For any questions or bug reports, please contact us:
|
|
For any questions or bug reports, please contact us:
|
|
|
|
|
|
|
|
-Chia-Che Tsai <chitsai@cs.stonybrook.edu>
|
|
|
|
|
-Don Porter <porter@cs.unc.edu>
|
|
|
|
|
|
|
+ - Chia-Che Tsai <chitsai@cs.stonybrook.edu>
|
|
|
|
|
+ - Don Porter <porter@cs.unc.edu>
|
|
|
|
|
|
|
|
or post an issue on our github repository:
|
|
or post an issue on our github repository:
|
|
|
<https://github.com/oscarlab/graphene/issues>
|
|
<https://github.com/oscarlab/graphene/issues>
|
Chia-Che Tsai