# # Copyright (C) 2011-2018 Intel Corporation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # * Neither the name of Intel Corporation nor the names of its # contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # TOP_DIR = ../../.. include $(TOP_DIR)/buildenv.mk IPC_COMMON_DIR := ../common/ IPC_COMMON_SRC_DIR := $(IPC_COMMON_DIR)/src IPC_COMMON_INC_DIR := $(IPC_COMMON_DIR)/inc IPC_COMMON_PROTO_DIR := source/protobuf AESM_WRAPPER_DIR := $(LINUX_PSW_DIR)/ae/aesm_service/source/aesm_wrapper AESM_SRC_DIR := $(AESM_WRAPPER_DIR)/src AESM_INC_DIR := $(AESM_WRAPPER_DIR)/inc AESM_APPLICATION := $(LINUX_PSW_DIR)/ae/aesm_service/source/aesm/application AESM_EXTENSION := $(LINUX_PSW_DIR)/ae/aesm_service/source/aesm/extension INCLUDE += -I$(COMMON_DIR)/inc \ -I$(COMMON_DIR)/inc/internal \ -I./include \ -I./include/oal \ -I./source/ \ -I./source/aesm_wrapper/inc INCLUDE += -I$(LINUX_SDK_DIR)/tseal INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/aesm/application/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/aesm/extension/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/epid_provision/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/le/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/network/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/oal/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/protobuf/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/pse_op/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/pse_pr/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/pve/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/qe/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/pce/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/storage/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/upse/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/upse/BackendInterface/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/data/constants/linux INCLUDE += -I$(LINUX_PSW_DIR)/ae/inc \ -I$(LINUX_PSW_DIR)/ae/inc/internal \ -I$(LINUX_PSW_DIR)/ae/common INCLUDE += -I$(LINUX_PSW_DIR)/ae/pve \ -I$(LINUX_PSW_DIR)/ae/pse/pse_op INCLUDE += -I$(LINUX_EXTERNAL_DIR)/epid-sdk-3.0.0 \ -I$(LINUX_EXTERNAL_DIR)/sqlite/src \ -I$(LINUX_EXTERNAL_DIR)/DALSdk/JHI/linux INCLUDE += -I$(SGX_IPP_INC) \ -I$(LINUX_EXTERNAL_DIR)/ \ -I$(LINUX_EXTERNAL_DIR)/rdrand \ -I$(IPC_COMMON_INC_DIR) \ -I$(AESM_INC_DIR) \ -I$(IPC_COMMON_PROTO_DIR) EDGER8R := $(LINUX_SDK_DIR)/edger8r/linux/_build/Edger8r.native SQLITECFLAGS := -fpie -Wall -Werror -Wno-maybe-uninitialized $(call cc-disable-warning,unused-const-variable) ifeq ($(CC_BELOW_4_9), 1) SQLITECFLAGS += -fstack-protector else SQLITECFLAGS += -fstack-protector-strong endif ifdef DEBUG SQLITECFLAGS += -ggdb -DDEBUG -UNDEBUG else SQLITECFLAGS += -O2 -UDEBUG -DNDEBUG -D_FORTIFY_SOURCE=2 endif ifeq ($(ARCH), x86) SQLITECFLAGS += -m32 else SQLITECFLAGS += -m64 endif ifdef PROFILE CXXFLAGS += -D_PROFILE_ CFLAGS += -D_PROFILE_ endif CXXFLAGS += -fpie CFLAGS += -fpie CFLAGS := $(filter-out -Werror, $(CFLAGS)) LINUX_SE_WRAPPER = $(COMMON_DIR)/se_wrapper ifdef DEBUG CXXFLAGS += -DDBG_LOG CFLAGS += -DDBG_LOG endif URTSLIB := -lurts_internal TRTSLIB := -lsgx_trts WHITE_LIST_FILE := $(LINUX_PSW_DIR)/ae/data/prebuilt/white_list_cert_to_be_verify.bin TCRYPTO_LIBDIR := $(LINUX_SDK_DIR)/tlibcrypto VTUNE_LIBDIR := $(LINUX_EXTERNAL_DIR)/vtune/linux/sdk/src/ittnotify RDRAND_LIBDIR :=$(LINUX_EXTERNAL_DIR)/rdrand/src RDRAND_MAKEFILE := $(RDRAND_LIBDIR)/Makefile ifeq ($(ARCH), x86) VTUNE_LIBDIR = $(LINUX_EXTERNAL_DIR)/vtune/linux/lib32 endif EXTERNAL_LIB += -L$(TCRYPTO_LIBDIR) -lsgx_tcrypto EXTERNAL_LIB += -lprotobuf -lrt EXTERNAL_LIB += -lcrypto EXTERNAL_LIB += $(shell curl-config --libs) EXTERNAL_LIB += -L$(LINUX_SE_WRAPPER) -lwrapper -lrt EXTERNAL_LIB += -L$(RDRAND_LIBDIR) -lrdrand EXTERNAL_LIB += -L$(VTUNE_LIBDIR) -littnotify vpath %.cpp $(COMMON_DIR)/src ./source/epid_provision ./source/upse ./source/upse/BackendInterface $(LINUX_PSW_DIR)/ae/common $(AESM_APPLICATION) $(AESM_EXTENSION) $(AESM_SRC_DIR) $(IPC_COMMON_PROTO_DIR) $(TOP_DIR)/sdk/tseal $(IPC_COMMON_SRC_DIR) vpath %.cc $(IPC_COMMON_PROTO_DIR) vpath %.c $(LINUX_EXTERNAL_DIR)/sqlite/src vpath %.c $(TOP_DIR)/sdk/tlibc/string COMMON_SRC := ./source/le/LEClass.cpp \ ./source/oal/aesm_util.cpp \ ./source/storage/persistent_storage_table.cpp \ aesm_logic.cpp \ ./source/oal/oal_power.cpp \ aesm_rand.cpp \ ipp_bn.cpp \ ipp_rsa_pub_key.cpp \ ./source/oal/error_report.cpp \ ./source/oal/internal_log.cpp \ sgx_memset_s.cpp \ sgx_read_rand.cpp \ sgx_profile.cpp \ tSeal_util.cpp \ ./source/oal/aesm_thread.cpp \ event_strings.cpp COMMON_SRC += ./source/qe/QEClass.cpp \ ./source/pse_op/PSEClass.cpp \ ./source/pse_pr/PSEPRClass.cpp \ ./source/pse_op/PSDAService.cpp \ ./source/pve/PVEClass.cpp \ ./source/pce/PCEClass.cpp \ aesm_encode.cpp \ aesm_epid_blob.cpp \ aesm_xegd_blob.cpp \ epid_provision_msg1.cpp \ epid_provision_msg2.cpp \ epid_provision_msg4.cpp \ epid_endpoint_selection.cpp \ epid_utility.cpp \ type_length_value.cpp \ ./source/qe/qe_logic.cpp \ ./source/pve/pve_logic.cpp \ ./source/pse_op/pse_op_logic.cpp \ ./source/pse_op/aesm_pse_status.cpp \ platform_info_logic.cpp \ platform_info_facility.cpp \ pve_pub_key.cpp \ pek_pub_key.cpp \ ./source/network/network_encoding_wrapper.cpp \ endpoint_select_info.cpp \ aesm_ecdsa.cpp \ ./source/pse_op/pse_op_psda_ocall.cpp \ ./source/pse_op/pse_op_vmc_sqlite_ocall.cpp \ upse.cpp \ upse_iclsInit.cpp \ helper.cpp \ sigma_helper.cpp \ interface_ocsp.cpp \ u_certificate_provisioning.cpp \ uecall_bridge.cpp \ u_long_term_pairing.cpp \ CertificateProvisioningProtocol.cpp \ pse_crypto_helper.cpp \ pse_provisioning_msg1.cpp \ pse_provisioning_msg2.cpp \ pse_provisioning_msg3.cpp \ pse_provisioning_msg4.cpp \ interface_psda.cpp \ pse_pr_common.cpp \ se_sig_rl.cpp \ aesm_long_lived_thread.cpp COMMON_OBJ := $(COMMON_SRC:.cpp=.o) IPC_SRC := AECloseSessionRequest.cpp \ AEGetQuoteResponse.cpp \ AECloseSessionResponse.cpp \ AEInitQuoteRequest.cpp \ AECreateSessionRequest.cpp \ AEInitQuoteResponse.cpp \ AECreateSessionResponse.cpp \ AEInvokeServiceRequest.cpp \ AEExchangeReportRequest.cpp \ AEInvokeServiceResponse.cpp \ AEExchangeReportResponse.cpp \ ProtobufSerializer.cpp \ AEGetLaunchTokenRequest.cpp \ AEGetPsCapRequest.cpp \ AEGetPsCapResponse.cpp \ AEGetWhiteListSizeRequest.cpp \ AEGetWhiteListSizeResponse.cpp \ AEGetWhiteListRequest.cpp \ AEGetWhiteListResponse.cpp \ AESGXGetExtendedEpidGroupIdRequest.cpp \ AESGXGetExtendedEpidGroupIdResponse.cpp \ AESGXSwitchExtendedEpidGroupRequest.cpp \ AESGXSwitchExtendedEpidGroupResponse.cpp \ AEReportAttestationRequest.cpp \ AEReportAttestationResponse.cpp \ AESGXRegisterRequest.cpp \ AESGXRegisterResponse.cpp \ SocketTransporter.cpp \ AEGetLaunchTokenResponse.cpp \ UnixCommunicationSocket.cpp \ NonBlockingUnixCommunicationSocket.cpp \ AEGetQuoteRequest.cpp \ UnixSocketFactory.cpp \ NonBlockingUnixSocketFactory.cpp PROTOBUF_SRC := messages.pb.cc AESM_SRC := AESMLogicWrapper.cpp \ CAESMServer.cpp \ main.cpp \ Thread.cpp \ AESMWorkerThread.cpp \ AESMQueueManager.cpp \ CSelector.cpp \ UnixServerSocket.cpp \ ./source/oal/aesm_util.cpp \ aesm_config.cpp AESM_SRC += aesm_http_msg.cpp AESM_SRC += source/pse_op/jhi_proxy.cpp CSRC := $(sort $(wildcard *.c)) MEMCMPSRC := consttime_memequal.c SQLITESRC := sqlite3.c OBJ := $(IPC_SRC:.cpp=.o) \ $(CSRC:.c=.o) \ $(MEMCMPSRC:.c=.o) \ $(AESM_SRC:.cpp=.o) \ $(PROTOBUF_SRC:.cc=.o) OBJ += $(SQLITESRC:.c=.o) LDUFLAGS := -pthread -L$(BUILD_DIR) $(URTSLIB) LDUFLAGS += -pie $(COMMON_LDFLAGS) APPNAME := aesm_service APPNAME_DEBUG := aesm_service.debug LIBNAME := libaesm_service_common.a .PHONY: all all: $(APPNAME) $(APPNAME_DEBUG) copy_data_file | $(BUILD_DIR) @$(CP) $(APPNAME) $| ifndef DEBUG @$(CP) $(APPNAME_DEBUG) $| endif copy_data_file: @$(MKDIR) -p data @$(CP) $(LINUX_PSW_DIR)/ae/pse/pse_op/vmc_db_generator/prebuild_pse_vmc.db data @$(CP) $(WHITE_LIST_FILE) data/white_list_cert_to_be_verify.bin sgx_tcrypto: $(MAKE) -C $(TCRYPTO_LIBDIR) $(LIBNAME): $(COMMON_OBJ) $(AR) rcs $@ $^ $(IPC_SRC:.cpp=.o) : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc CAESMServer.o : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc %.o :%.cpp $(CXX) $(CXXFLAGS) $(INCLUDE) -c $< -o $@ messages.pb.o : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc $(CXX) $(filter-out -Wshadow, $(CXXFLAGS)) $(INCLUDE) -c $< -o $@ consttime_memequal.o :consttime_memequal.c $(CC) $(filter-out -O2,$(CFLAGS)) -O1 $(INCLUDE) -c $< -o $@ sqlite3.o :sqlite3.c $(CC) $(SQLITECFLAGS) $(INCLUDE) -c $< -o $@ $(APPNAME): $(OBJ) $(LIBNAME) sgx_tcrypto -lrdrand urts $(CXX) $(CXXFLAGS) $(OBJ) $(LIBNAME) $(LDUFLAGS) $(EXTERNAL_LIB) -o $@ -ldl $(APPNAME_DEBUG): $(APPNAME) ifndef DEBUG $(CP) $(APPNAME) $(APPNAME).orig $(OBJCOPY) --only-keep-debug $(APPNAME) $(APPNAME_DEBUG) $(STRIP) -g $(APPNAME) $(OBJCOPY) --add-gnu-debuglink=$(APPNAME_DEBUG) $(APPNAME) endif ifeq ($(BUILD_REF_LE), 1) LE_DEP := ${AESM_EXTENSION}/ref_le_u.c LE_EDL := ${LINUX_PSW_DIR}/ae/ref_le/ref_le.edl else LE_DEP := ${AESM_EXTENSION}/launch_enclave_u.c LE_EDL := ${LINUX_PSW_DIR}/ae/le/launch_enclave.edl endif ./source/le/LEClass.o: $(LE_DEP) ./source/pve/PVEClass.o: ${AESM_EXTENSION}/provision_enclave_u.c ./source/qe/QEClass.o: ${AESM_EXTENSION}/quoting_enclave_u.c ./source/pse_op/PSEClass.o: ${AESM_EXTENSION}/pse_op_u.c ./source/pce/PCEClass.o: ${AESM_EXTENSION}/pce_u.c uecall_bridge.o: ${AESM_EXTENSION}/pse_pr_u.c -lrdrand: $(RDRAND_MAKEFILE) $(MAKE) -C $(RDRAND_LIBDIR) $(RDRAND_MAKEFILE): ifeq ($(ARCH), x86) @cd $(RDRAND_LIBDIR);./configure else @cd $(RDRAND_LIBDIR);./configure CFLAGS=-fPIC endif $(LE_DEP): $(LE_EDL) @$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $< ${AESM_EXTENSION}/provision_enclave_u.c: ${LINUX_PSW_DIR}/ae/pve/provision_enclave.edl @$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $< ${AESM_EXTENSION}/quoting_enclave_u.c: ${LINUX_PSW_DIR}/ae/qe/quoting_enclave.edl @$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $< ${AESM_EXTENSION}/pse_op_u.c: ${LINUX_PSW_DIR}/ae/pse/pse_op/pse_op.edl @$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $< ${AESM_EXTENSION}/pse_pr_u.c: ${LINUX_PSW_DIR}/ae/pse/pse_pr/pse_pr.edl @$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $< ${AESM_EXTENSION}/pce_u.c: ${LINUX_PSW_DIR}/ae/pce/pce.edl @$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $< $(IPC_COMMON_PROTO_DIR)/messages.pb.cc: $(MAKE) -C $(IPC_COMMON_PROTO_DIR) .PHONY: urts urts: $(MAKE) -C $(LINUX_PSW_DIR)/urts/linux $(BUILD_DIR): @$(MKDIR) $@ .PHONY: clean clean: @$(RM) *.o $(IPC_COMMON_SRC_DIR)/*.o @$(RM) -r data @$(RM) $(APPNAME) $(APPNAME).orig $(APPNAME_DEBUG) @$(RM) $(BUILD_DIR)/$(APPNAME) $(BUILD_DIR)/$(APPNAME_DEBUG) @$(RM) $(LIBNAME) $(MAKE) -C $(IPC_COMMON_PROTO_DIR) clean @$(RM) source/le/*.o @$(RM) source/pse_op/*.o @$(RM) source/pve/*.o @$(RM) source/pce/*.o @$(RM) source/network/*.o @$(RM) source/oal/*.o @$(RM) source/qe/*.o @$(RM) source/pse_pr/*.o @$(RM) source/storage/*.o @$(RM) $(AESM_EXTENSION)/*_u.c $(AESM_EXTENSION)/*_u.h ifeq ($(RDRAND_MAKEFILE), $(wildcard $(RDRAND_MAKEFILE))) @$(MAKE) distclean -C $(RDRAND_LIBDIR) endif .PHONY: rebuild rebuild: $(MAKE) clean $(MAKE) all