#
# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
TOP_DIR = ../../..
include $(TOP_DIR)/buildenv.mk
IPC_COMMON_DIR := ../common/
IPC_COMMON_SRC_DIR := $(IPC_COMMON_DIR)/src
IPC_COMMON_INC_DIR := $(IPC_COMMON_DIR)/inc
IPC_COMMON_PROTO_DIR := source/protobuf
AESM_WRAPPER_DIR := $(LINUX_PSW_DIR)/ae/aesm_service/source/aesm_wrapper
AESM_SRC_DIR := $(AESM_WRAPPER_DIR)/src
AESM_INC_DIR := $(AESM_WRAPPER_DIR)/inc
AESM_APPLICATION := $(LINUX_PSW_DIR)/ae/aesm_service/source/aesm/application
AESM_EXTENSION := $(LINUX_PSW_DIR)/ae/aesm_service/source/aesm/extension
INCLUDE += -I$(COMMON_DIR)/inc \
-I$(COMMON_DIR)/inc/internal \
-I./include \
-I./include/oal \
-I./source/ \
-I./source/aesm_wrapper/inc
INCLUDE += -I$(LINUX_SDK_DIR)/tseal
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/aesm/application/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/aesm/extension/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/epid_provision/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/le/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/network/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/oal/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/protobuf/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/pse_op/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/pse_pr/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/pve/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/qe/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/pce/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/storage/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/upse/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/upse/BackendInterface/
INCLUDE += -I$(LINUX_PSW_DIR)/ae/data/constants/linux
INCLUDE += -I$(LINUX_PSW_DIR)/ae/inc \
-I$(LINUX_PSW_DIR)/ae/inc/internal \
-I$(LINUX_PSW_DIR)/ae/common
INCLUDE += -I$(LINUX_PSW_DIR)/ae/pve \
-I$(LINUX_PSW_DIR)/ae/pse/pse_op
INCLUDE += -I$(LINUX_EXTERNAL_DIR)/epid-sdk-3.0.0 \
-I$(LINUX_EXTERNAL_DIR)/sqlite/src \
-I$(LINUX_EXTERNAL_DIR)/DALSdk/JHI/linux
INCLUDE += -I$(SGX_IPP_INC) \
-I$(LINUX_EXTERNAL_DIR)/ \
-I$(LINUX_EXTERNAL_DIR)/rdrand \
-I$(IPC_COMMON_INC_DIR) \
-I$(AESM_INC_DIR) \
-I$(IPC_COMMON_PROTO_DIR)
EDGER8R := $(LINUX_SDK_DIR)/edger8r/linux/_build/Edger8r.native
SQLITECFLAGS := -fpie -Wall -Werror -Wno-maybe-uninitialized $(call cc-disable-warning,unused-const-variable)
ifeq ($(CC_BELOW_4_9), 1)
SQLITECFLAGS += -fstack-protector
else
SQLITECFLAGS += -fstack-protector-strong
endif
ifdef DEBUG
SQLITECFLAGS += -ggdb -DDEBUG -UNDEBUG
else
SQLITECFLAGS += -O2 -UDEBUG -DNDEBUG -D_FORTIFY_SOURCE=2
endif
ifeq ($(ARCH), x86)
SQLITECFLAGS += -m32
else
SQLITECFLAGS += -m64
endif
ifdef PROFILE
CXXFLAGS += -D_PROFILE_
CFLAGS += -D_PROFILE_
endif
CXXFLAGS += -fpie
CFLAGS += -fpie
CFLAGS := $(filter-out -Werror, $(CFLAGS))
LINUX_SE_WRAPPER = $(COMMON_DIR)/se_wrapper
ifdef DEBUG
CXXFLAGS += -DDBG_LOG
CFLAGS += -DDBG_LOG
endif
URTSLIB := -lurts_internal
TRTSLIB := -lsgx_trts
WHITE_LIST_FILE := $(LINUX_PSW_DIR)/ae/data/prebuilt/white_list_cert_to_be_verify.bin
TCRYPTO_LIBDIR := $(LINUX_SDK_DIR)/tlibcrypto
VTUNE_LIBDIR := $(LINUX_EXTERNAL_DIR)/vtune/linux/sdk/src/ittnotify
RDRAND_LIBDIR :=$(LINUX_EXTERNAL_DIR)/rdrand/src
RDRAND_MAKEFILE := $(RDRAND_LIBDIR)/Makefile
ifeq ($(ARCH), x86)
VTUNE_LIBDIR = $(LINUX_EXTERNAL_DIR)/vtune/linux/lib32
endif
EXTERNAL_LIB += -L$(TCRYPTO_LIBDIR) -lsgx_tcrypto
EXTERNAL_LIB += -lprotobuf -lrt
EXTERNAL_LIB += -lcrypto
EXTERNAL_LIB += $(shell curl-config --libs)
EXTERNAL_LIB += -L$(LINUX_SE_WRAPPER) -lwrapper -lrt
EXTERNAL_LIB += -L$(RDRAND_LIBDIR) -lrdrand
EXTERNAL_LIB += -L$(VTUNE_LIBDIR) -littnotify
vpath %.cpp $(COMMON_DIR)/src ./source/epid_provision ./source/upse ./source/upse/BackendInterface $(LINUX_PSW_DIR)/ae/common $(AESM_APPLICATION) $(AESM_EXTENSION) $(AESM_SRC_DIR) $(IPC_COMMON_PROTO_DIR) $(TOP_DIR)/sdk/tseal $(IPC_COMMON_SRC_DIR)
vpath %.cc $(IPC_COMMON_PROTO_DIR)
vpath %.c $(LINUX_EXTERNAL_DIR)/sqlite/src
vpath %.c $(TOP_DIR)/sdk/tlibc/string
COMMON_SRC := ./source/le/LEClass.cpp \
./source/oal/aesm_util.cpp \
./source/storage/persistent_storage_table.cpp \
aesm_logic.cpp \
./source/oal/oal_power.cpp \
aesm_rand.cpp \
ipp_bn.cpp \
ipp_rsa_pub_key.cpp \
./source/oal/error_report.cpp \
./source/oal/internal_log.cpp \
sgx_memset_s.cpp \
sgx_read_rand.cpp \
sgx_profile.cpp \
tSeal_util.cpp \
./source/oal/aesm_thread.cpp \
event_strings.cpp
COMMON_SRC += ./source/qe/QEClass.cpp \
./source/pse_op/PSEClass.cpp \
./source/pse_pr/PSEPRClass.cpp \
./source/pse_op/PSDAService.cpp \
./source/pve/PVEClass.cpp \
./source/pce/PCEClass.cpp \
aesm_encode.cpp \
aesm_epid_blob.cpp \
aesm_xegd_blob.cpp \
epid_provision_msg1.cpp \
epid_provision_msg2.cpp \
epid_provision_msg4.cpp \
epid_endpoint_selection.cpp \
epid_utility.cpp \
type_length_value.cpp \
./source/qe/qe_logic.cpp \
./source/pve/pve_logic.cpp \
./source/pse_op/pse_op_logic.cpp \
./source/pse_op/aesm_pse_status.cpp \
platform_info_logic.cpp \
platform_info_facility.cpp \
pve_pub_key.cpp \
pek_pub_key.cpp \
./source/network/network_encoding_wrapper.cpp \
endpoint_select_info.cpp \
aesm_ecdsa.cpp \
./source/pse_op/pse_op_psda_ocall.cpp \
./source/pse_op/pse_op_vmc_sqlite_ocall.cpp \
upse.cpp \
upse_iclsInit.cpp \
helper.cpp \
sigma_helper.cpp \
interface_ocsp.cpp \
u_certificate_provisioning.cpp \
uecall_bridge.cpp \
u_long_term_pairing.cpp \
CertificateProvisioningProtocol.cpp \
pse_crypto_helper.cpp \
pse_provisioning_msg1.cpp \
pse_provisioning_msg2.cpp \
pse_provisioning_msg3.cpp \
pse_provisioning_msg4.cpp \
interface_psda.cpp \
pse_pr_common.cpp \
se_sig_rl.cpp \
aesm_long_lived_thread.cpp
COMMON_OBJ := $(COMMON_SRC:.cpp=.o)
IPC_SRC := AECloseSessionRequest.cpp \
AEGetQuoteResponse.cpp \
AECloseSessionResponse.cpp \
AEInitQuoteRequest.cpp \
AECreateSessionRequest.cpp \
AEInitQuoteResponse.cpp \
AECreateSessionResponse.cpp \
AEInvokeServiceRequest.cpp \
AEExchangeReportRequest.cpp \
AEInvokeServiceResponse.cpp \
AEExchangeReportResponse.cpp \
ProtobufSerializer.cpp \
AEGetLaunchTokenRequest.cpp \
AEGetPsCapRequest.cpp \
AEGetPsCapResponse.cpp \
AEGetWhiteListSizeRequest.cpp \
AEGetWhiteListSizeResponse.cpp \
AEGetWhiteListRequest.cpp \
AEGetWhiteListResponse.cpp \
AESGXGetExtendedEpidGroupIdRequest.cpp \
AESGXGetExtendedEpidGroupIdResponse.cpp \
AESGXSwitchExtendedEpidGroupRequest.cpp \
AESGXSwitchExtendedEpidGroupResponse.cpp \
AEReportAttestationRequest.cpp \
AEReportAttestationResponse.cpp \
AESGXRegisterRequest.cpp \
AESGXRegisterResponse.cpp \
SocketTransporter.cpp \
AEGetLaunchTokenResponse.cpp \
UnixCommunicationSocket.cpp \
NonBlockingUnixCommunicationSocket.cpp \
AEGetQuoteRequest.cpp \
UnixSocketFactory.cpp \
NonBlockingUnixSocketFactory.cpp
PROTOBUF_SRC := messages.pb.cc
AESM_SRC := AESMLogicWrapper.cpp \
CAESMServer.cpp \
main.cpp \
Thread.cpp \
AESMWorkerThread.cpp \
AESMQueueManager.cpp \
CSelector.cpp \
UnixServerSocket.cpp \
./source/oal/aesm_util.cpp \
aesm_config.cpp
AESM_SRC += aesm_http_msg.cpp
AESM_SRC += source/pse_op/jhi_proxy.cpp
CSRC := $(sort $(wildcard *.c))
MEMCMPSRC := consttime_memequal.c
SQLITESRC := sqlite3.c
OBJ := $(IPC_SRC:.cpp=.o) \
$(CSRC:.c=.o) \
$(MEMCMPSRC:.c=.o) \
$(AESM_SRC:.cpp=.o) \
$(PROTOBUF_SRC:.cc=.o)
OBJ += $(SQLITESRC:.c=.o)
LDUFLAGS := -pthread -L$(BUILD_DIR) $(URTSLIB)
LDUFLAGS += -pie $(COMMON_LDFLAGS)
APPNAME := aesm_service
APPNAME_DEBUG := aesm_service.debug
LIBNAME := libaesm_service_common.a
.PHONY: all
all: $(APPNAME) $(APPNAME_DEBUG) copy_data_file | $(BUILD_DIR)
@$(CP) $(APPNAME) $|
ifndef DEBUG
@$(CP) $(APPNAME_DEBUG) $|
endif
copy_data_file:
@$(MKDIR) -p data
@$(CP) $(LINUX_PSW_DIR)/ae/pse/pse_op/vmc_db_generator/prebuild_pse_vmc.db data
@$(CP) $(WHITE_LIST_FILE) data/white_list_cert_to_be_verify.bin
sgx_tcrypto:
$(MAKE) -C $(TCRYPTO_LIBDIR)
$(LIBNAME): $(COMMON_OBJ)
$(AR) rcs $@ $^
$(IPC_SRC:.cpp=.o) : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc
CAESMServer.o : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc
%.o :%.cpp
$(CXX) $(CXXFLAGS) $(INCLUDE) -c $< -o $@
messages.pb.o : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc
$(CXX) $(filter-out -Wshadow, $(CXXFLAGS)) $(INCLUDE) -c $< -o $@
consttime_memequal.o :consttime_memequal.c
$(CC) $(filter-out -O2,$(CFLAGS)) -O1 $(INCLUDE) -c $< -o $@
sqlite3.o :sqlite3.c
$(CC) $(SQLITECFLAGS) $(INCLUDE) -c $< -o $@
$(APPNAME): $(OBJ) $(LIBNAME) sgx_tcrypto -lrdrand urts
$(CXX) $(CXXFLAGS) $(OBJ) $(LIBNAME) $(LDUFLAGS) $(EXTERNAL_LIB) -o $@ -ldl
$(APPNAME_DEBUG): $(APPNAME)
ifndef DEBUG
$(CP) $(APPNAME) $(APPNAME).orig
$(OBJCOPY) --only-keep-debug $(APPNAME) $(APPNAME_DEBUG)
$(STRIP) -g $(APPNAME)
$(OBJCOPY) --add-gnu-debuglink=$(APPNAME_DEBUG) $(APPNAME)
endif
ifeq ($(BUILD_REF_LE), 1)
LE_DEP := ${AESM_EXTENSION}/ref_le_u.c
LE_EDL := ${LINUX_PSW_DIR}/ae/ref_le/ref_le.edl
else
LE_DEP := ${AESM_EXTENSION}/launch_enclave_u.c
LE_EDL := ${LINUX_PSW_DIR}/ae/le/launch_enclave.edl
endif
./source/le/LEClass.o: $(LE_DEP)
./source/pve/PVEClass.o: ${AESM_EXTENSION}/provision_enclave_u.c
./source/qe/QEClass.o: ${AESM_EXTENSION}/quoting_enclave_u.c
./source/pse_op/PSEClass.o: ${AESM_EXTENSION}/pse_op_u.c
./source/pce/PCEClass.o: ${AESM_EXTENSION}/pce_u.c
uecall_bridge.o: ${AESM_EXTENSION}/pse_pr_u.c
-lrdrand: $(RDRAND_MAKEFILE)
$(MAKE) -C $(RDRAND_LIBDIR)
$(RDRAND_MAKEFILE):
ifeq ($(ARCH), x86)
@cd $(RDRAND_LIBDIR);./configure
else
@cd $(RDRAND_LIBDIR);./configure CFLAGS=-fPIC
endif
$(LE_DEP): $(LE_EDL)
@$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $<
${AESM_EXTENSION}/provision_enclave_u.c: ${LINUX_PSW_DIR}/ae/pve/provision_enclave.edl
@$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $<
${AESM_EXTENSION}/quoting_enclave_u.c: ${LINUX_PSW_DIR}/ae/qe/quoting_enclave.edl
@$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $<
${AESM_EXTENSION}/pse_op_u.c: ${LINUX_PSW_DIR}/ae/pse/pse_op/pse_op.edl
@$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $<
${AESM_EXTENSION}/pse_pr_u.c: ${LINUX_PSW_DIR}/ae/pse/pse_pr/pse_pr.edl
@$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $<
${AESM_EXTENSION}/pce_u.c: ${LINUX_PSW_DIR}/ae/pce/pce.edl
@$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $<
$(IPC_COMMON_PROTO_DIR)/messages.pb.cc:
$(MAKE) -C $(IPC_COMMON_PROTO_DIR)
.PHONY: urts
urts:
$(MAKE) -C $(LINUX_PSW_DIR)/urts/linux
$(BUILD_DIR):
@$(MKDIR) $@
.PHONY: clean
clean:
@$(RM) *.o $(IPC_COMMON_SRC_DIR)/*.o
@$(RM) -r data
@$(RM) $(APPNAME) $(APPNAME).orig $(APPNAME_DEBUG)
@$(RM) $(BUILD_DIR)/$(APPNAME) $(BUILD_DIR)/$(APPNAME_DEBUG)
@$(RM) $(LIBNAME)
$(MAKE) -C $(IPC_COMMON_PROTO_DIR) clean
@$(RM) source/le/*.o
@$(RM) source/pse_op/*.o
@$(RM) source/pve/*.o
@$(RM) source/pce/*.o
@$(RM) source/network/*.o
@$(RM) source/oal/*.o
@$(RM) source/qe/*.o
@$(RM) source/pse_pr/*.o
@$(RM) source/storage/*.o
@$(RM) $(AESM_EXTENSION)/*_u.c $(AESM_EXTENSION)/*_u.h
ifeq ($(RDRAND_MAKEFILE), $(wildcard $(RDRAND_MAKEFILE)))
@$(MAKE) distclean -C $(RDRAND_LIBDIR)
endif
.PHONY: rebuild
rebuild:
$(MAKE) clean
$(MAKE) all