SGX_Build_Configurations.htm 6.1 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. <!--------------------------------------------------------------------------->
  2. <!-- Copyright (c) 2016 Intel Corporation. -->
  3. <!-- -->
  4. <!-- All rights reserved. This program and the accompanying materials -->
  5. <!-- are made available under the terms of the Eclipse Public License v1.0 -->
  6. <!-- which accompanies this distribution, and is available at -->
  7. <!-- http://www.eclipse.org/legal/epl-v10.html -->
  8. <!-- -->
  9. <!-- Contributors: -->
  10. <!-- Intel Corporation - initial implementation and documentation -->
  11. <!--------------------------------------------------------------------------->
  12. <?xml version="1.0" encoding="utf-8"?>
  13. <html xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd" MadCap:lastBlockDepth="5" MadCap:lastHeight="2892" MadCap:lastWidth="554">
  14. <head><title>SGX Build Configurations</title>
  15. <link href="Resources/Stylesheets/intel_css_styles.css" rel="stylesheet" type="text/css" />
  16. </head>
  17. <body>
  18. <h2>SGX Build Configurations</h2>
  19. <p>There are usually two types of builds that a regular non-SGX project defines:</p>
  20. <ul>
  21. <li>Debug</li>
  22. <li>Release</li>
  23. </ul>
  24. <p>SGX-enabled projects add to this picture support to build and test SGX-enabled application on non-SGX platforms (or emulator) using simulation libraries. This approach doubles the set of build types, creating four possible combinations. For these combinations, you need to use different sets of compilation and linking flags and link different libraries.</p>
  25. <p>The non-debug hardware build is meant to give production code, so it requires the maximum attention when signed. The Two Steps Sign schema is required for production enclaves, which involves an external signing facility, not part of Intel SGX SDK. The other configurations are not meant for production but they have to be signed too. The simplest and more convenient Single Step schema is used for them.</p>
  26. <p>Again for testing purpose, you might want to experiment with a non-production enclave built with release compilation and linking flags, on a real hardware SGX-enabled platform. That would be an enclave built exactly as a production enclave, except for the sign process which would be Single Step. To support the construction of such enclave, there is a hardware non-debug build configuration dubbed <i>Prerelease</i>.</p>
  27. <p>So there are five SGX related configurations when SGX Nature is added to a project:</p>
  28. <p>
  29. <img src="Resources/Images/Intel_SGX_Configurations.png" />
  30. </p>
  31. <p>Intel(R) SGX Configurations</p>
  32. <p>The following table resumes the existing SGX configurations and relate them with compilation/linking flags (debug/non-debug) and signing scheme (single vs. two steps):</p>
  33. <p class="tablecap">Intel(R) SGX Configurations</p>
  34. <table style="width: 100%;border-left-style: solid;border-left-width: 1px;border-right-style: solid;border-right-width: 1px;border-top-style: solid;border-top-width: 1px;border-bottom-style: solid;border-bottom-width: 1px;">
  35. <col />
  36. <col />
  37. <col />
  38. <col />
  39. <tbody>
  40. <tr>
  41. <th>Configuration Name</th>
  42. <th>Simulation?</th>
  43. <th>Debug?</th>
  44. <th>Signing Schema</th>
  45. </tr>
  46. <tr>
  47. <td>SGX Hardware Debug</td>
  48. <td>Hardware</td>
  49. <td>Debug</td>
  50. <td>Single Step</td>
  51. </tr>
  52. <tr>
  53. <td>SGX Hardware Pre-release</td>
  54. <td>Hardware</td>
  55. <td>Non-debug</td>
  56. <td>Single Step</td>
  57. </tr>
  58. <tr>
  59. <td>SGX Hardware Release</td>
  60. <td>Hardware</td>
  61. <td>Non-debug</td>
  62. <td>Two Step</td>
  63. </tr>
  64. <tr>
  65. <td>SGX Simulation</td>
  66. <td>Simulation</td>
  67. <td>Non-debug</td>
  68. <td>Single Step</td>
  69. </tr>
  70. <tr>
  71. <td>SGX Simulation</td>
  72. <td>Debug Simulation</td>
  73. <td>Debug</td>
  74. <td>Single step</td>
  75. </tr>
  76. </tbody>
  77. </table>
  78. <p>Intel® Software Guard Extensions Eclipse Plug-in uses standard GNU* make tool to build the trusted and the untrusted code, using the generated file <code>sgx/Makefile</code>.</p>
  79. <p>This fact does not impose any restriction on the build tool chosen for the hosting project. Intel® Software Guard Extensions Eclipse* Plug-in uses its own build configurations which do not interfere with the configurations that you might have in your project.</p>
  80. <p>When SGX configurations are selected, by default only code under <code>&lt;root&gt;/sgx</code> directory get built.</p>
  81. <p>You can customize SGX configurations as any other Eclipse build configurations from the project properties dialog. For example:</p>
  82. <ol>
  83. <li>Right-click in Project Explorer Properties → C/C++ Build</li>
  84. <li>Uncheck the Use default build command checkbox.</li>
  85. </ol>
  86. <p>Then you can customize and integrate SGX build process. You can use Makefile instead of <code>sgx/Makefile</code> in the example shown in the following figure:</p>
  87. <p>
  88. <img src="Resources/Images/Customization_of_SGX_build_command.png" />
  89. </p>
  90. <p class="figcap">Customization of SGX Build Command </p>
  91. <p>The build process is done using standard Eclipse interface for build, by example from the main <b>Project</b> menu: </p>
  92. <p>
  93. <img src="Resources/Images/Project_Menu.png" />
  94. </p>
  95. <p class="figcap">Project Menu </p>
  96. </body>
  97. </html>