diff --git a/sgx-jvm/Makefile b/sgx-jvm/Makefile index c35585f3b8..a68e28a7ae 100644 --- a/sgx-jvm/Makefile +++ b/sgx-jvm/Makefile @@ -7,7 +7,7 @@ SHELL=/bin/bash JDK_IMAGE=$(PWD)/jdk8u/build/linux-x86_64-normal-server-release/images/j2re-image .PHONY: all -all: jvm-enclave/standalone/build/standalone_sgx_verify +all: jvm-enclave/standalone/build/standalone_sgx_verify linux-sgx-driver/isgx.ko # The final binary jvm-enclave/standalone/build/standalone_sgx_verify: avian linux-sgx/build/linux/aesm_service @@ -34,6 +34,9 @@ $(JDK_IMAGE): jdk8u linux-sgx/external/ippcp_internal/inc: cd linux-sgx && $(SHELL) ./download_prebuilt.sh +linux-sgx-driver/isgx.ko: + $(MAKE) -C linux-sgx-driver + build: mkdir -p $@ @@ -41,6 +44,7 @@ build: clean: $(MAKE) -C jvm-enclave clean $(MAKE) -C linux-sgx clean + $(MAKE) -C linux-sgx-driver clean [ ! -d jdk8u ] || $(MAKE) -C jdk8u clean $(MAKE) -C avian clean diff --git a/sgx-jvm/noop-enclave/build_in_image.sh b/sgx-jvm/noop-enclave/build_in_image.sh deleted file mode 100644 index 814824be58..0000000000 --- a/sgx-jvm/noop-enclave/build_in_image.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -set -euo pipefail - -if [ $# -le 1 ]; then - echo "Usage: build_in_image.sh " - exit 1 -fi - -IMAGE=$1 -shift -ARGUMENTS=$@ - -DOCKER_BUILD_DIR=/tmp/corda-sgx-build - -GID=$(id -g $USER) - -exec docker run -v $PWD/../..:$DOCKER_BUILD_DIR -v $PWD/../docker-.gradle:/root/.gradle --user=$UID:$GID -it $IMAGE make -C $DOCKER_BUILD_DIR/sgx-jvm/noop-enclave $ARGUMENTS diff --git a/sgx-jvm/noop-enclave/src/test.cpp b/sgx-jvm/noop-enclave/src/test.cpp index eb48a25fb5..e92689a223 100644 --- a/sgx-jvm/noop-enclave/src/test.cpp +++ b/sgx-jvm/noop-enclave/src/test.cpp @@ -140,5 +140,6 @@ int main(int argc, char **argv) { if (false == check_sgx_return_value(noop(enclave_id))) { return 1; } + puts("Enclave ran successfully!"); return 0; } diff --git a/sgx-jvm/run_in_image.sh b/sgx-jvm/run_in_image.sh new file mode 100644 index 0000000000..02310e3777 --- /dev/null +++ b/sgx-jvm/run_in_image.sh @@ -0,0 +1,26 @@ +#!/bin/bash +set -euo pipefail + +if [ $# -le 1 ]; then + echo "Usage: run_in_image.sh " + exit 1 +fi + +SCRIPT_DIR=$(dirname "$(readlink -f "$0")") + +IMAGE=$1 +shift +ARGUMENTS=$@ + +DOCKER_BUILD_DIR=/tmp/corda-sgx-build + +GID=$(id -g $USER) + +exec docker run \ + -v $SCRIPT_DIR/..:$DOCKER_BUILD_DIR \ + -v /usr/src:/usr/src \ + -v /lib/modules:/lib/modules \ + --user=$UID:$GID \ + --workdir=$DOCKER_BUILD_DIR \ + -it $IMAGE \ + $ARGUMENTS diff --git a/sgx-jvm/with_aesmd.sh b/sgx-jvm/with_aesmd.sh new file mode 100644 index 0000000000..e4c1e69ee5 --- /dev/null +++ b/sgx-jvm/with_aesmd.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -euo pipefail + +SCRIPT_DIR=$(dirname "$(readlink -f "$0")") + +TIMESTAMP=$(date +%Y%m%d_%H%M%S) +AESM_DIR=$SCRIPT_DIR/build/aesm/$TIMESTAMP + +mkdir -p $AESM_DIR + +SERVICE_FILES="aesm_service le_prod_css.bin libsgx_le.signed.so libsgx_pce.signed.so libsgx_pve.signed.so libsgx_qe.signed.so" + +sed -e "s:@aesm_folder@:$AESM_DIR:" $SCRIPT_DIR/linux-sgx/build/linux/aesmd.service | sed -e '/InaccessibleDirectories=/d' | sed -e "s!^\\[Service\\]![Service]\nEnvironment=LD_LIBRARY_PATH=$SCRIPT_DIR/linux-sgx/build/linux:$SCRIPT_DIR/dependencies/root/usr/lib/x86_64-linux-gnu!" > $AESM_DIR/aesmd.service + +for FILE in $SERVICE_FILES +do + ln -s $SCRIPT_DIR/linux-sgx/build/linux/$FILE $AESM_DIR/$FILE +done + +sudo systemctl --runtime link $AESM_DIR/aesmd.service + +function finish { + sudo systemctl stop aesmd + sudo systemctl --runtime disable aesmd +} +trap finish EXIT + +sudo systemctl start aesmd +$@ diff --git a/sgx-jvm/with_hsm_simulator.sh b/sgx-jvm/with_hsm_simulator.sh new file mode 100644 index 0000000000..42a1da15e0 --- /dev/null +++ b/sgx-jvm/with_hsm_simulator.sh @@ -0,0 +1,24 @@ +#!/bin/bash +set -euo pipefail + +if [ $# -le 1 ]; then + echo "Usage: with_hsm_simulator.sh " + exit 1 +fi + +SCRIPT_DIR=$(dirname "$(readlink -f "$0")") +UTIMACO_HSM_DIR=$1 +shift + +TIMESTAMP=$(date +%Y%m%d_%H%M%S) +SIMULATOR_RUN_DIR=$SCRIPT_DIR/build/hsm_simulator/$TIMESTAMP + +mkdir -p $SIMULATOR_RUN_DIR + +script -q -c $UTIMACO_HSM_DIR/SDK/Linux/bin/cs_sim.sh -f $SIMULATOR_RUN_DIR/stdout > /dev/null & + +function finish { + kill -- -$$ +} +trap finish EXIT +$@ diff --git a/sgx-jvm/with_isgx.sh b/sgx-jvm/with_isgx.sh new file mode 100644 index 0000000000..1031fd0adc --- /dev/null +++ b/sgx-jvm/with_isgx.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -euo pipefail + +function finish { + sudo modprobe -r isgx +} +trap finish EXIT +sudo modprobe isgx +$@ diff --git a/sgx-jvm/with_ld_library_path.sh b/sgx-jvm/with_ld_library_path.sh index 6ad573fcc5..5273993db4 100644 --- a/sgx-jvm/with_ld_library_path.sh +++ b/sgx-jvm/with_ld_library_path.sh @@ -3,4 +3,4 @@ set -euo pipefail SCRIPT_DIR=$(dirname "$(readlink -f "$0")") -exec env LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-}:$SCRIPT_DIR/linux-sgx/build/linux:$SCRIPT_DIR/dependencies/root/usr/lib/x86_64-linux-gnu $@ +env LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-}:$SCRIPT_DIR/linux-sgx/build/linux:$SCRIPT_DIR/dependencies/root/usr/lib/x86_64-linux-gnu $@