Browse Source

Adding in verifier manifest template and the makefile to update the graphene repo with over to this repo, to avoid running into complicated build sequencing issues.

dettanym 2 years ago
parent
commit
8f7c9a6043
2 changed files with 109 additions and 0 deletions
  1. 37 0
      grapheneMakefile
  2. 72 0
      verifier.manifest.template

+ 37 - 0
grapheneMakefile

@@ -0,0 +1,37 @@
+special_executables = static pie
+c_executables = $(filter-out $(special_executables),$(patsubst %.c,%,$(wildcard *.c)))
+cxx_executables = $(patsubst %.cpp,%,$(wildcard *.cpp))
+manifests = $(patsubst %.template,%,$(wildcard *.manifest.template)) manifest
+
+exec_target = $(special_executables) $(c_executables) $(cxx_executables) ls.manifest verifier.manifest
+target = $(exec_target) $(manifests)
+
+level = ../
+include ../Makefile
+
+CFLAGS-libos = -I$(SHIMDIR)/../include -L$(SHIMDIR)/../../glibc-build/libos
+
+ifeq ($(SYS),x86_64-linux-gnu)
+$(c_executables): %: %.c
+	@echo [ $@ ]
+	@$(CC) $(CFLAGS) $(if $(findstring .libos,$@),$(CFLAGS-libos),) -o $@ $< \
+	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
+
+$(cxx_executables): %: %.cpp
+	@echo [ $@ ]
+	@$(CC) $(CFLAGS) $(if $(findstring .libos,$@),$(CFLAGS-libos),) -o $@ $< \
+	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
+
+static: %: %.c
+	@echo [ $@ ]
+	@$(CC) $(CFLAGS) -o $@ -static $< \
+	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
+
+pie: %: %.c
+	@echo [ $@ ]
+	@$(CC) $(CFLAGS) -fPIC --pie -o $@ $< \
+	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
+else
+.IGNORE: $(special_executables) $(c_executables) $(cxx_executables)
+$(special_executables) $(c_executables) $(cxx_executables):
+endif

+ 72 - 0
verifier.manifest.template

@@ -0,0 +1,72 @@
+loader.preload = file:$(LIBCDIR)/libsysdb.so
+loader.exec = file:verifier
+loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu:/usr/lib:/usr/lib/x86_64-linux-gnu:/opt/intel/sgxsdk/lib64:
+#/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/server
+#loader.env.LD_PRELOAD = /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/server/libjsig.so
+loader.env.PATH = /usr/bin:/bin
+
+loader.debug_type = none
+
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
+
+fs.mount.hostlib.type = chroot
+fs.mount.hostlib.path = /lib/x86_64-linux-gnu
+fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu
+
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
+
+fs.mount.usr.type = chroot
+fs.mount.usr.path = /usr
+fs.mount.usr.uri = file:/usr
+
+#fs.mount.java.type = chroot
+#fs.mount.java.path = /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/
+#fs.mount.java.uri = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/
+
+sgx.thread_num=16 #Needed for JVM, otherwise "cannot attach to any TCS message is shown"
+sgx.enclave_size=8G
+
+# sgx-related
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.libselinux = file:/lib/x86_64-linux-gnu/libselinux.so.1
+sgx.trusted_files.libprotobuf = file:/usr/lib/x86_64-linux-gnu/libprotobuf.so.9
+sgx.trusted_files.liburts = file:/opt/intel/sgxsdk/lib64/libsgx_urts.so
+sgx.trusted_files.libuaeservice = file:/opt/intel/sgxsdk/lib64/libsgx_uae_service.so
+sgx.trusted_files.libstdcpp = file:/usr/lib/x86_64-linux-gnu/libstdc++.so.6
+sgx.trusted_files.libgcc_s = file:/lib/x86_64-linux-gnu/libgcc_s.so.1
+sgx.trusted_files.libz = file:/lib/x86_64-linux-gnu/libz.so.1
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.allowed_files.sealed_msg = file:sealed_msg.txt
+sgx.trusted_files.libopensslcrypto = file:/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
+sgx.allowed_files.apache_signer_keypair = file:apache_signature_keypair.pem
+
+#For Pixy:
+#sgx.trusted_files.libjvm = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/server/libjvm.so
+#sgx.trusted_files.libjsig = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/server/libjsig.so
+#sgx.trusted_files.libverify = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/libverify.so
+#sgx.trusted_files.libjava = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/libjava.so
+#sgx.trusted_files.libzip = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/libzip.so
+#sgx.trusted_files.librt = file:$(LIBCDIR)/librt.so.1
+#sgx.trusted_files.libnss_compat = file:/lib/x86_64-linux-gnu/libnss_compat.so.2
+#sgx.trusted_files.libnsl = file:/usr/lib/x86_64-linux-gnu/libnsl.so
+#sgx.trusted_files.libnss_nis = file:/usr/lib/x86_64-linux-gnu/libnss_nis.so
+#sgx.trusted_files.libnss_files = file:/usr/lib/x86_64-linux-gnu/libnss_files.so
+#sgx.allowed_files.jrelib = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib
+##Throws class initialization error otherwise
+sgx.allowed_files.jrelibext = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext
+#Throws class initialization error otherwise
+
+#For Python
+#sgx.allow_file_creation = 1
+#sgx.trusted_files.libpython = file:/usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0
+#sgx.trusted_files.libutil = file:$(LIBCDIR)/libutil.so.1
+#sgx.allowed_files.pyhome = file:/usr/lib/python2.7
+#sgx.allowed_files.pyhome2 = file:/usr/local/lib/python2.7
+