123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249 |
- #!/usr/bin/env bash
- #
- # Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
- #
- # Redistribution and use in source and binary forms, with or without
- # modification, are permitted provided that the following conditions
- # are met:
- #
- # * Redistributions of source code must retain the above copyright
- # notice, this list of conditions and the following disclaimer.
- # * Redistributions in binary form must reproduce the above copyright
- # notice, this list of conditions and the following disclaimer in
- # the documentation and/or other materials provided with the
- # distribution.
- # * Neither the name of Intel Corporation nor the names of its
- # contributors may be used to endorse or promote products derived
- # from this software without specific prior written permission.
- #
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- #
- #
- set -e
- SCRIPT_DIR=$(dirname "$0")
- source ${SCRIPT_DIR}/installConfig
- PSW_DST_PATH=${SGX_PACKAGES_PATH}/${PSW_PKG_NAME}
- AESM_PATH=$PSW_DST_PATH/aesm
- # Install the AESM service
- cut -d: -f1 /etc/passwd | grep -q -w aesmd || \
- /usr/sbin/useradd -r -U -c "User for aesmd" \
- -d /var/opt/aesmd -s /sbin/nologin aesmd
- mkdir -p /var/opt/aesmd
- cp -rf $AESM_PATH/data /var/opt/aesmd/
- rm -rf $AESM_PATH/data
- cp -rf $AESM_PATH/conf/aesmd.conf /etc/aesmd.conf
- rm -rf $AESM_PATH/conf
- chmod 0644 /etc/aesmd.conf
- chown -R aesmd:aesmd /var/opt/aesmd
- chmod 0750 /var/opt/aesmd
- # By default the AESM's communication socket will be created in
- # /var/run/aesmd. Putting the socket in the aesmd sub-directory
- # as opposed to directly in /var/run allows the user to create a
- # mount a volume at /var/run/aesmd and thus expose the socket to
- # a different filesystem or namespace, e.g. a Docker container.
- mkdir -p /var/run/aesmd
- chown -R aesmd:aesmd /var/run/aesmd
- chmod 0755 /var/run/aesmd
- if [ -d /run/systemd/system ]; then
- AESMD_NAME=aesmd.service
- AESMD_TEMP=$AESM_PATH/$AESMD_NAME
- if [ -d /lib/systemd/system ]; then
- AESMD_DEST=/lib/systemd/system/$AESMD_NAME
- else
- AESMD_DEST=/usr/lib/systemd/system/$AESMD_NAME
- fi
- echo -n "Installing $AESMD_NAME service ..."
- sed -e "s:@aesm_folder@:$AESM_PATH:" \
- $AESMD_TEMP > $AESMD_DEST
- chmod 0644 $AESMD_DEST
- rm -f $AESMD_TEMP
- rm -f $AESM_PATH/aesmd.conf
- DISABLE_AESMD="systemctl disable aesmd"
- systemctl enable aesmd
- retval=$?
- elif [ -d /etc/init/ ]; then
- AESMD_NAME=aesmd.conf
- AESMD_TEMP=$AESM_PATH/$AESMD_NAME
- AESMD_DEST=/etc/init/$AESMD_NAME
- echo -n "Installing $AESMD_NAME service ..."
- sed -e "s:@aesm_folder@:$AESM_PATH:" \
- $AESMD_TEMP > $AESMD_DEST
- chmod 0644 $AESMD_DEST
- rm -f $AESMD_TEMP
- rm -f $AESM_PATH/aesmd.service
- /sbin/initctl reload-configuration
- retval=$?
- else
- echo " failed."
- echo "Unsupported platform - neither systemctl nor initctl is found."
- exit 5
- fi
- if test $retval -ne 0; then
- echo "$rcmngr failed to install $AESMD_NAME."
- exit 6
- fi
- echo " done."
- cat > $PSW_DST_PATH/uninstall.sh <<EOF
- #!/usr/bin/env bash
- #
- # Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
- #
- # Redistribution and use in source and binary forms, with or without
- # modification, are permitted provided that the following conditions
- # are met:
- #
- # * Redistributions of source code must retain the above copyright
- # notice, this list of conditions and the following disclaimer.
- # * Redistributions in binary form must reproduce the above copyright
- # notice, this list of conditions and the following disclaimer in
- # the documentation and/or other materials provided with the
- # distribution.
- # * Neither the name of Intel Corporation nor the names of its
- # contributors may be used to endorse or promote products derived
- # from this software without specific prior written permission.
- #
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- #
- #
- if test \$(id -u) -ne 0; then
- echo "Root privilege is required."
- exit 1
- fi
- get_lib()
- {
- echo "\$(basename \$(gcc -print-multi-os-directory))"
- }
- # Killing AESM service
- /usr/sbin/service aesmd stop
- $DISABLE_AESMD
- # Removing AESM configuration files
- rm -f $AESMD_DEST
- rm -f /etc/aesmd.conf
- # Removing AESM internal folders
- #rm -fr /var/opt/aesmd
- rm -fr /var/run/aesmd
- # Removing runtime libraries
- rm -f /usr/\$(get_lib)/libsgx_uae_service.so
- rm -f /usr/\$(get_lib)/libsgx_urts.so
- rm -f /usr/lib/i386-linux-gnu/libsgx_uae_service.so
- rm -f /usr/lib/i386-linux-gnu/libsgx_urts.so
- # Removing AESM user and group
- /usr/sbin/userdel aesmd 2> /dev/null
- /usr/sbin/groupdel aesmd 2> /dev/null
- # Removing AESM folder
- rm -fr $PSW_DST_PATH
- echo "Intel(R) SGX PSW uninstalled."
- EOF
- chmod +x $PSW_DST_PATH/uninstall.sh
- $AESM_PATH/cse_provision_tool || true
- rm $AESM_PATH/cse_provision_tool
- cat > $AESM_PATH/linksgx.sh <<EOF
- #!/usr/bin/env bash
- #
- # Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
- #
- # Redistribution and use in source and binary forms, with or without
- # modification, are permitted provided that the following conditions
- # are met:
- #
- # * Redistributions of source code must retain the above copyright
- # notice, this list of conditions and the following disclaimer.
- # * Redistributions in binary form must reproduce the above copyright
- # notice, this list of conditions and the following disclaimer in
- # the documentation and/or other materials provided with the
- # distribution.
- # * Neither the name of Intel Corporation nor the names of its
- # contributors may be used to endorse or promote products derived
- # from this software without specific prior written permission.
- #
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- #
- #
- if test \$(id -u) -ne 0; then
- echo "Root privilege is required."
- exit 1
- fi
- if [ -e /dev/sgx ]; then
- chmod 666 /dev/sgx &> /dev/null
- /sbin/modprobe -r isgx &> /dev/null
- else
- /sbin/modprobe isgx &> /dev/null || /sbin/modprobe --allow-unsupported isgx &> /dev/null
- fi
- echo ""
- EOF
- chmod +x $AESM_PATH/linksgx.sh
- # Start the aesmd service
- if [ -d /run/systemd/system ]; then
- systemctl start aesmd
- elif [ -d /etc/init/ ]; then
- /sbin/initctl start aesmd
- fi
- echo -e "\nuninstall.sh script generated in $PSW_DST_PATH\n"
- echo -e "Installation is successful!"
- rm -fr $PSW_DST_PATH/scripts
- exit 0
|