mirror of
https://github.com/corda/corda.git
synced 2025-01-16 17:59:46 +00:00
6bb9d0015a
commit 2133df2d4ad82119333a003c8f05156998550615 Merge: 0356eb624 f2cf6d18a Author: yuyuany <yuan.yu@intel.com> Date: Wed Sep 13 10:06:33 2017 +0800 Merge pull request #155 from 01org/revert-151-ocall_exit_enclave Revert "Check for crash in sgx_ocall and exit enclave if enclave is crashed" commit f2cf6d18aa73fdaa916f95b1f3c5ac605a90ff06 Author: yuyuany <yuan.yu@intel.com> Date: Thu Sep 7 15:21:45 2017 +0800 Revert "Check for crash in sgx_ocall and exit enclave if enclave is crashed" commit 0356eb6249ed93510ca66f057a5ae74dda7b10a2 Merge: 2fe247145 38023b61a Author: lzha101 <lili.z.zhang@intel.com> Date: Wed Sep 6 15:58:16 2017 +0800 Merge pull request #153 from greglaun/greglaun-typos Correct typos in some of the sample apps. Signed-off-by: Zhang Lili lili.z.zhang@intel.com commit 2fe247145943827f04eea8e065a8ad3b0a3d11bd Merge: df9b03289 2e00f11ed Author: Li Xun <xun.li@intel.com> Date: Wed Sep 6 14:10:42 2017 +0800 Merge pull request #154 from llly/pull Fix build issues with latest OpenSSL and Gcc commit 2e00f11ed5a2e48445aeabd668105161a55a4502 Author: Vytautas Mickus <vmickus@gmx.com> Date: Sat Jul 15 21:00:57 2017 +0300 Make code compatible with OpenSSL 1.0 and 1.1 commit 95ea2c21a921ceb3851b090f092709c5b08b9b37 Author: Vytautas Mickus <vmickus@gmx.com> Date: Sat Jul 15 21:12:03 2017 +0300 Tell gcc about the fallthroughs (needed because of -Werror in makefiles) commit 6e0580d110d4c799e0c8aba0cdadee46efe15055 Author: Vytautas Mickus <vmickus@gmx.com> Date: Sat Jul 15 21:22:55 2017 +0300 Use `uname -m` instead of `arch` in installer. commit 38023b61aaa8f76fbad4391ecafd1342d9a2b4f0 Author: Greg Laun <greg.laun@gmail.com> Date: Tue Sep 5 12:33:37 2017 -0700 Correct typos in some of the sample apps. Signed-off-by: Greg Laun <greg.laun@gmail.com> commit df9b0328986784b603ce0b5af847d15382c795cb Merge: a2f33d828 a20449f5f Author: lzha101 <lili.z.zhang@intel.com> Date: Tue Sep 5 10:41:22 2017 +0800 Merge pull request #151 from yuyuany/ocall_exit_enclave Check for crash in sgx_ocall and exit enclave if enclave is crashed. Signed-off-by: Zhang Lili lili.z.zhang@intel.com commit a20449f5f85acd4e482c35dd6f8f27f36a3caa60 Author: Yu Yuan <yuan.yu@intel.com> Date: Fri Sep 1 22:46:27 2017 +0800 tRTS check the enclave crash state when doing an OCALL. If the enclave is crashed, tRTS unwind the stack to ECALL, and exit the enclave with SGX_ERROR_ENCLAVE_CRASHED. Signed-off-by: Yu Yuan <yuan.yu@intel.com> commit a2f33d828bc76b49256e9a3128254e3322ef5d52 Merge: aa8e9755a 6979d8180 Author: Andy Zhao <yebin.andy.zhao@intel.com> Date: Mon Aug 28 16:30:00 2017 +0800 Merge pull request #149 from lzha101/add_missing_delete Add two missing delete functions commit 6979d818077c310ec4e75a56937b5aa87b718dae Author: Zhang Lili <lili.z.zhang@intel.com> Date: Mon Aug 28 23:17:47 2017 +0800 Add two missing delete functions. Signed-off-by: Zhang Lili <lili.z.zhang@intel.com> commit aa8e9755aaecc4c04ed3f3993a1596adb4ba6286 Author: Dionna Glaze <dionnaglaze@google.com> Date: Wed Aug 2 10:48:18 2017 -0700 Move pms pointer validation before its dereference in local_vars definitions. Also fix "sgx_status_t" typo in generated comment. commit 6f0e20cfd992c073aefe76926d28893c51f52445 Author: John Mechalas <john.p.mechalas@intel.com> Date: Thu Aug 10 19:00:34 2017 -0700 Implements most of libsgx_capable for Linux (previously only available in the Windows SDK) (#107) * Adds libsgx_capable, which is currently only available in the Windows version of the Intel SGX SDK. The Linux implementation of this library adds the following functions: sgx_status_t sgx_is_capable (int *sgx_capable); sgx_status_t sgx_cap_get_status (sgx_device_status_t *sgx_device_status); sgx_status_t sgx_cap_enable_device (sgx_device_status_t *sgx_device_status); And adds the following error code (also from the Windows version of the Intel SGX SDK): SGX_ERROR_NO_PRIVILEGE Generates both a static and dynamic build of libsgx_capable. This is incorporated into the SDK package, not the PSW package, since software installers need to check for Intel SGX capability on systems where the PSW may not already be installed. This means that installers will either have to statically link, or distribute the .so with their installation package. ---------------------- Developer Certificate of Origin Version 1.1 Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 660 York Street, Suite 102, San Francisco, CA 94110 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. Signed-off-by: John P Mechalas <john.p.mechalas@intel.com> commit 268b206f15f25671382b95c5650422b335d5c446 Merge: 803250734 136610236 Author: lzha101 <lili.z.zhang@intel.com> Date: Fri Jul 28 12:38:05 2017 +0800 Merge pull request #129 from dingelish/master Fix a mis-understood memory alignment in enclave_create(). Signed-off-by: Zhang Lili <lili.z.zhang@intel.com> commit 1366102364ce67f8c63eaba9bdae80c08634f07f Author: Yu Ding <dingyu02@baidu.com> Date: Mon Jul 24 20:00:04 2017 -0700 Fix to a mis-understood in enclave_create(). The memory alignment is mistakenly done twice. Once in urts and once in driver. It is unnecessary. This bug has a great impact on the upper limit of enclave memory. commit 803250734883037a4a1f69085fb31daa6bd8448b Author: Li Xun <xun.li@intel.com> Date: Tue Jul 25 10:44:47 2017 +0800 Update server port to 80 (#128) Signed-off-by: Li, Xun <xun.li@intel.com> commit d42cd14bdd01a43c58554a4c73231733426356cd Author: Jaak Randmets <jaak.ra+github@gmail.com> Date: Mon Jul 24 09:04:03 2017 +0300 Merge pull request #124 from Jaak/master Improve const correctness of sgx_fopen and sgx_fimport_auto_key. Signed-off-by: Zhang Lili <lili.z.zhang@intel.com> commit 8383b8c65f49fca017c62eb7efdd97a212829caf Merge: 0fb9f47e7 768c95174 Author: lzha101 <lili.z.zhang@intel.com> Date: Tue Jul 4 09:39:53 2017 +0800 Merge pull request #120 from aminueza/master Fixes sdk and psw version in download_prebuild.sh script Zhang Lili <lili.z.zhang@intel.com> commit 768c95174150e64207b31f5a733bccba25085775 Author: Amanda Souza <amandasouza@quimera.lsd.ufcg.edu.br> Date: Mon Jul 3 15:22:45 2017 -0300 Fixes sdk and psw version in download_prebuild.sh script Signed-off-by: Amanda Souza <amandasouza@quimera.lsd.ufcg.edu.br> commit 0fb9f47e784261369c52c1b49d1484f34409ecaf Author: Li, Xun <xun.li@intel.com> Date: Fri Jun 30 15:51:16 2017 +0800 Linux 1.9 Open Source Gold release Signed-off-by: Li, Xun <xun.li@intel.com> commit 199911ebaf60d068e4641331a06e71462ba8d324 Merge: 109545891 a2abe4b0d Author: lzha101 <lili.z.zhang@intel.com> Date: Fri Jun 16 12:42:58 2017 +0800 Merge pull request #115 from danzsmith53/master Update README.md Signed-off-by: Zhang Lili <lili.z.zhang@intel.com> commit a2abe4b0d0490112fff7eb9669adf9d0bc866c54 Author: Daniel Smith <daniel.e.smith@intel.com> Date: Wed May 31 16:21:21 2017 -0700 Update README.md Updated grammar and style many places throughout file Signed-off-by: Daniel Smith <daniel.e.smith@intel.com> commit 1095458916fafd9e5870403e1d50cd7e1ca379bc Merge: a4bfecb96 d6acac1d2 Author: Li Xun <xun.li@intel.com> Date: Mon Jun 12 09:26:58 2017 +0800 Merge pull request #113 from mitar/patch-3 pkg-config is needed for compilation commit a4bfecb965a7588dc073a295dd842c301bbf075c Merge: 02b7d490a 6a7ec7a8c Author: lzha101 <lili.z.zhang@intel.com> Date: Thu Jun 8 13:10:03 2017 +0800 Merge pull request #112 from mitar/patch-2 Removing sudo Signed-off-by: Zhang Lili <lili.z.zhang@intel.com> commit 6a7ec7a8c14ee2ee8f6977110dae9fe99137064d Author: Mitar <mitar.github@tnode.com> Date: Sun Jun 4 14:18:07 2017 -0700 Removing sudo. The whole script has to be run as root anyway. Signed-off-by: Mi Tar <mitar.github@tnode.com> commit d6acac1d25e67516dc6cb8d1dc7b155416078bb1 Author: Mitar <mitar.github@tnode.com> Date: Sun Jun 4 16:47:43 2017 -0700 pkg-config is needed for compilation. See: https://github.com/01org/dynamic-application-loader-host-interface/issues/2#issuecomment-306074645 Signed-off-by: Mi Tar <mitar.github@tnode.com> commit 02b7d490aca40af134166221c9b4f332f6ca947a Author: Li, Xun <xun.li@intel.com> Date: Tue May 16 08:40:33 2017 +0800 fix a aesm_service IPC bug aesm_service handles closed client socket incorrectly found in #101 Signed-off-by: Li, Xun <xun.li@intel.com> commit f287674fef604f4a6ef8710033f6a091fe644d7a Merge: ce0f128d2 e7f074381 Author: Li Xun <xun.li@intel.com> Date: Fri May 12 16:10:42 2017 +0800 Merge pull request #91 from sean-jc/docker/merge Add support for running the AESM and SGX applications in Docker commit e7f0743812b065750135220a37d890988633cc64 Author: Sean Christopherson <sean.j.christopherson@intel.com> Date: Thu Mar 30 09:26:47 2017 -0700 Add --no-daemon option to AESM Application container runtimes, e.g. Docker and RKT, do not provide a program manager, e.g. systemd, inside the container, and so attempting to run AESM as a daemon will fail. Add --no-daemon to allow running the AESM in a container as a normal process, i.e. do not call daemon(). Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> commit ce0f128d290e116748a78899673709730ac45964 Author: Li, Xun <xun.li@intel.com> Date: Mon May 8 09:01:52 2017 +0800 fix aesm_service compilation with latest openssl Signed-off-by: Li, Xun <xun.li@intel.com> commit fd91609f543ae08991d76d94d28c4ec300bcbc84 Merge: 9e0c32ee5 75336444e Author: lzha101 <lili.z.zhang@intel.com> Date: Wed Apr 19 13:41:12 2017 +0800 Merge pull request #96 from lzha101/master Fix alignment issue for metadata section Signed-off-by: Zhang Lili <lili.z.zhang@intel.com> commit 75336444e867082159cd7c99bbe0eca57013c806 Author: lzha101 <lili.z.zhang@intel.com> Date: Fri Apr 14 16:03:48 2017 +0800 Update comment Signed-off-by: Zhang Lili <lili.z.zhang@intel.com> commit d455716f9c00265976870d167ee2fae52f354daf Author: lzha101 <lili.z.zhang@intel.com> Date: Fri Apr 14 15:45:41 2017 +0800 Update ELF parser for metadata alignment Signed-off-by: Lili Zhang <lili.z.zhang@intel.com> commit 2224616cb4675c0225a3e1080059f3360e69f800 Author: lzha101 <lili.z.zhang@intel.com> Date: Fri Apr 14 15:43:05 2017 +0800 Change alignment for metadata section Signed-off-by: Lili Zhang <lili.z.zhang@intel.com> commit 9e0c32ee57f7dbd343cc1d75303e308b58b1fe93 Author: lzha101 <lili.z.zhang@intel.com> Date: Thu Apr 13 10:33:35 2017 +0800 Fix typo flase -> false in urts_internal.cpp Fix typo flase -> false in urts_internal.cpp Signed-off-by: Zhang Lili <lili.z.zhang@intel.com> commit 765af6169d80beada705086ec9d5226bbdd96218 Merge: 0cbb1f074 38b3d5f46 Author: lzha101 <lili.z.zhang@intel.com> Date: Thu Apr 13 10:30:06 2017 +0800 Merge pull request #94 from neo9ree/master fixed typo flase -> false in psw/urts/linux/urts.cpp:45 Signed-off-by: Zhang Lili <lili.z.zhang@intel.com> commit 0cbb1f074d4b805a0492f6a000c5ddd1fda9efd7 Author: Li, Xun <xun.li@intel.com> Date: Mon Apr 10 14:24:45 2017 +0800 Update Linux_SGXEclipsePlugin Signed-off-by: Li, Xun <xun.li@intel.com> commit 38b3d5f4635c617d8181f3b8c1c6aa109a81dc21 Author: Eunchan Kim <eunchan.kim@kaist.ac.kr> Date: Thu Apr 6 15:31:02 2017 +0900 fixed typo flase -> false in psw/urts/linux/urts.cpp:45 Signed-off-by: Eunchan Kim <eunchan.kim@kaist.ac.kr> commit 56783b38820f82dcb37f1f48c37a5f705ddf7358 Merge: e5c01189d 885287c13 Author: Li Xun <xun.li@intel.com> Date: Wed Apr 5 12:29:14 2017 +0800 Merge pull request #92 from dcmiddle/fix-readme-pse-install fix readme section for PSW install commit 885287c13df2519ca0318bd908b3827d6e247e17 Author: Dan Middleton <dan.middleton@intel.com> Date: Fri Mar 31 22:16:38 2017 -0500 fix readme section for PSW install add missing cmake prerequisite to ubuntu instructions correct typos on systemctl Signed-off-by: Dan Middleton <dan.middleton@intel.com> commit 65965c6ab61d103028b8b6a886b57e98ccf7ea9d Author: Sean Christopherson <sean.j.christopherson@intel.com> Date: Tue Feb 7 12:51:44 2017 -0800 Bind the AESM socket to /var/run/aesmd/aesm.socket Exposing sockets to Docker containers is typically done via bind mounts, which does not work for abstract sockets since they don't exist in the file system. Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> commit e5c01189d318e8c59f576377e231c159ffb71abb Author: Li, Xun <xun.li@intel.com> Date: Thu Mar 30 13:45:20 2017 +0900 update white list URL Signed-off-by: Li, Xun <xun.li@intel.com> commit 072f4e40c0a5f6b7b27bf77f00872853933bd33a Author: Li, Xun <xun.li@intel.com> Date: Fri Mar 24 11:20:35 2017 +0900 add missing error code logging in aesm_service Signed-off-by: Li, Xun <xun.li@intel.com> commit c7a3f14de9dbda16fd0fa1edbce1af24b350a678 Author: Li, Xun <xun.li@intel.com> Date: Mon Mar 20 14:14:23 2017 +0900 update instructions in README Signed-off-by: Li, Xun <xun.li@intel.com> commit 525cefa817457d8a412d64677d347ebe64f0f77a Merge: 1115c195c 157108515 Author: lzha101 <lili.z.zhang@intel.com> Date: Fri Mar 17 11:32:05 2017 +0800 Merge pull request #86 from lzha101/master Update README.md Signed-off-by: Lili Zhang <lili.z.zhang@intel.com> commit 157108515551a5b465e7ba5e977df5c3e8df20b9 Author: lzha101 <lili.z.zhang@intel.com> Date: Fri Mar 17 11:23:06 2017 +0800 Update README.md Update README.md: fix format, update hardware requiremet, etc. Signed-off-by: Lili Zhang <lili.z.zhang@intel.com> commit 1115c195cd60d5ab2b80c12d07e21663e5aa8030 Author: Li, Xun <xun.li@intel.com> Date: Thu Mar 16 15:30:38 2017 +0900 Linux 1.8 Open Source Gold release Signed-off-by: Li, Xun <xun.li@intel.com> commit 2e379dc79fb58cdf921e36d617e6e4b9d694301c Merge: 0d8a7d24824dc91d77
Author: lzha101 <lili.z.zhang@intel.com> Date: Mon Feb 27 16:24:11 2017 +0800 Merge pull request #65 from corda/fix-mallinfo Change mallinfo field type to int as per system malloc.h Signed-off-by: Lili Zhang <lili.z.zhang@intel.com> commit 0d8a7d248a8ec6ae08451d78c7588711050d7477 Merge: 2cd3c7309 7e00ad320 Author: lzha101 <lili.z.zhang@intel.com> Date: Thu Feb 23 16:30:28 2017 +0800 Merge pull request #75 from kaimast/master Fix simulator under GCC6 Signed-off-by: Lili Zhang <lili.z.zhang@intel.com> commit 2cd3c73094637b1fa11740b7b9f51254050a9382 Merge: ddec9f872 171c04e0a Author: lzha101 <lili.z.zhang@intel.com> Date: Thu Feb 23 16:30:04 2017 +0800 Merge pull request #78 from mitar/patch-1 Added missing dependencies Signed-off-by: Lili Zhang <lili.z.zhang@intel.com> commit 171c04e0a2d079e75580018f891dd32562963cc4 Author: Mitar <mitar.github@tnode.com> Date: Wed Feb 22 17:56:41 2017 -0800 Added missing dependencies. Signed-off-by: Mi Tar <mitar.github@tnode.com> commit 7e00ad320f7dd2c6070d92bec5bf8f52af8d2af0 Author: Kai Mast <kaimast@cs.cornell.edu> Date: Sun Feb 19 20:42:49 2017 -0500 Fix simulator under GCC6 commit ddec9f8725b597b7b656847b5c7cff1e25cb8018 Merge: dd537b756 75349459a Author: lzha101 <lili.z.zhang@intel.com> Date: Thu Feb 16 13:47:12 2017 +0800 Merge pull request #71 from sean-jc/master Bug fix - mprotect may be called with wrong flags Signed-off-by: lzha101 <lili.z.zhang@intel.com> commit 75349459a935f2b1a5a794ee8c0a0f45f50c5c1e Author: Sean Christopherson <sean.j.christopherson@intel.com> Date: Mon Feb 6 12:31:30 2017 -0800 Bug fix - mprotect may be called with wrong flags Query si_flags instead of attributes when determining whether a layout entry should be readable/writable or not accessible. The current code magically works because all layout entries that should be marked R/W will have a non-zero value for attributes since added pages are marked with either ADD_EXTEND_PAGE or ADD_EXTEND_PAGE. Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> commit dd537b7562e16a83a1adf863e9e2874d05e2a9f3 Merge:d89c9abfd
91d5e850d Author: haitaohuang <haitao.huang@intel.com> Date: Tue Jan 31 07:55:26 2017 -0600 Merge pull request #68 from haitaohuang/master Clarify versions of the IPP crypto primitives commit 91d5e850d1fcd1f4ae289639670bd48c67b2c6e1 Author: haitao huang <haitao.huang@intel.com> Date: Mon Jan 30 17:17:59 2017 -0600 Clarify versions of the IPP crypto primitives Added statement in README.txt to clarify differences in two versions IPP crypto used for build. Signed-off-by: haitao huang <haitao.huang@intel.com>
230 lines
11 KiB
Markdown
230 lines
11 KiB
Markdown
Intel(R) Software Guard Extensions for Linux\* OS
|
|
================================================
|
|
|
|
# linux-sgx
|
|
|
|
Introduction
|
|
------------
|
|
Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification.
|
|
|
|
The Linux\* Intel(R) SGX software stack is comprised of the Intel(R) SGX driver, the Intel(R) SGX SDK, and the Intel(R) SGX Platform Software (PSW). The Intel(R) SGX SDK and Intel(R) SGX PSW are hosted in the [linux-sgx](https://github.com/01org/linux-sgx) project.
|
|
|
|
The [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project hosts the out-of-tree driver for the Linux\* Intel(R) SGX software stack, which will be used until the driver upstreaming process is complete.
|
|
|
|
**Note** This repository includes a subset of the Intel(R) Integrated Performance Primitives (IPP) Cryptography library under [external/crypto_px](external/crypto_px). It is provided as reference implementation for the cryptographic primitives used in SDK and PSW. The primitives are written in pure C and are not optimized for performance. Instructions are provided below for building the SDK and PSW with both precompiled optimized IPP binaries and the non-optimized source code version.
|
|
|
|
License
|
|
-------
|
|
See [License.txt](License.txt) for details.
|
|
|
|
Contributing
|
|
-------
|
|
See [CONTRIBUTING.md](CONTRIBUTING.md) for details.
|
|
|
|
Documentation
|
|
-------------
|
|
- [Intel(R) SGX for Linux\* OS](https://01.org/intel-softwareguard-extensions) project home page on [01.org](https://01.org)
|
|
- [Intel(R) SGX Programming Reference](https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf)
|
|
|
|
Build and Install the Intel(R) SGX Driver
|
|
-----------------------------------------
|
|
Follow the instructions in the [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project to build and install the Intel(R) SGX driver.
|
|
|
|
Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package
|
|
-------------------------------------------------------
|
|
### Prerequisites:
|
|
- Ensure that you have one of the following required operating systems:
|
|
* Ubuntu\* Desktop-16.04-LTS 64bits
|
|
* Red Hat Enterprise Linux Server release 7.3 64bits
|
|
* CentOS 7.3.1611 64bits
|
|
|
|
- Use the following command(s) to install the required tools to build the Intel(R) SGX SDK:
|
|
* On Ubuntu 16.04:
|
|
```
|
|
$ sudo apt-get install build-essential ocaml automake autoconf libtool wget python
|
|
```
|
|
* On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
|
|
```
|
|
$ sudo yum groupinstall 'Development Tools'
|
|
$ sudo yum install ocaml wget python
|
|
```
|
|
- Use the following command to install additional required tools to build the Intel(R) SGX PSW:
|
|
* On Ubuntu 16.04:
|
|
```
|
|
$ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev
|
|
```
|
|
* On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
|
|
```
|
|
$ sudo yum install openssl-devel libcurl-devel protobuf-compiler protobuf-devel
|
|
```
|
|
- Use the script ``download_prebuilt.sh`` inside source code package to download prebuilt binaries to prebuilt folder
|
|
You may need set an https proxy for the `wget` tool used by the script (such as ``export https_proxy=http://test-proxy:test-port``)
|
|
```
|
|
$ ./download_prebuilt.sh
|
|
```
|
|
|
|
### Build the Intel(R) SGX SDK and Intel(R) SGX PSW
|
|
The following steps describe how to build the Intel(R) SGX SDK and PSW. You can build the project according to your requirements.
|
|
- To build both Intel(R) SGX SDK and PSW with default configuration, enter the following command:
|
|
```
|
|
$ make
|
|
```
|
|
You can find the tools and libraries generated in the `build/linux` directory.
|
|
**Note**: You can also go to the `sdk` folder and use the `make` command to build the Intel(R) SGX SDK component only. However, building the PSW component is dependent on the result of building the Intel(R) SGX SDK.
|
|
|
|
- The default build uses precompiled optimized libraries, which are downloaded by the script ``./download_prebuilt.sh``.
|
|
You can also use the non-optimized source code version implementation instead by entering the following command:
|
|
```
|
|
$ make USE_OPT_LIBS=0
|
|
```
|
|
- To build Intel(R) SGX SDK and PSW with debug information, enter the following command:
|
|
```
|
|
$ make DEBUG=1
|
|
```
|
|
- To clean the files generated by previous `make` command, enter the following command:
|
|
```
|
|
$ make clean
|
|
```
|
|
|
|
- The build above uses prebuilt Intel(R) Architecture Enclaves(LE/PvE/QE/PCE/PSE-OP/PSE-PR) and applet(PSDA) - the files ``psw/ae/data/prebuilt/libsgx_*.signed.so`` and ``psw/ae/data/prebuilt/PSDA.dalp``, which have been signed by Intel in advance.
|
|
To build those enclaves by yourself (without a signature), first you need to build both Intel(R) SGX SDK and PSW with the default configuration. After that, you can build each Architecture Enclave by using the `make` command from the corresponding folder:
|
|
```
|
|
$ cd psw/ae/le
|
|
$ make
|
|
```
|
|
|
|
### Build the Intel(R) SGX SDK Installer
|
|
To build the Intel(R) SGX SDK installer, enter the following command:
|
|
```
|
|
$ make sdk_install_pkg
|
|
```
|
|
You can find the generated Intel(R) SGX SDK installer ``sgx_linux_x64_sdk_${version}.bin`` located under `linux/installer/bin/`, where `${version}` refers to the version number.
|
|
|
|
**Note**: The above command builds the Intel(R) SGX SDK with default configuration firstly and then generates the target SDK Installer. To build the Intel(R) SGX SDK Installer with debug information kept in the tools and libraries, enter the following command:
|
|
```
|
|
$ make sdk_install_pkg DEBUG=1
|
|
```
|
|
|
|
### Build the Intel(R) SGX PSW Installer
|
|
To build the Intel(R) SGX PSW installer, enter the following command:
|
|
```
|
|
$ make psw_install_pkg
|
|
```
|
|
You can find the generated Intel(R) SGX PSW installer ``sgx_linux_x64_psw_${version}.bin`` located under `linux/installer/bin/`, where `${version}` refers to the version number.
|
|
|
|
**Note**: The above command builds the Intel(R) SGX SDK and PSW with default configuration firstly and then generates the target PSW Installer. To build the Intel(R) SGX PSW Installer with debug information kept in the tools and libraries, enter the following command:
|
|
```
|
|
$ make psw_install_pkg DEBUG=1
|
|
```
|
|
|
|
|
|
Install the Intel(R) SGX SDK
|
|
------------------------
|
|
### Prerequisites
|
|
- Ensure that you have one of the following operating systems:
|
|
* Ubuntu\* Desktop-16.04-LTS 64bits
|
|
* Red Hat Enterprise Linux Server release 7.3 64bits
|
|
* CentOS 7.3.1611 64bits
|
|
- Use the following command to install the required tool to use Intel(R) SGX SDK:
|
|
* On Ubuntu 16.04:
|
|
```
|
|
$ sudo apt-get install build-essential python
|
|
```
|
|
* On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
|
|
```
|
|
$ sudo yum groupinstall 'Development Tools'
|
|
$ sudo yum install python
|
|
```
|
|
|
|
### Install the Intel(R) SGX SDK
|
|
To install the Intel(R) SGX SDK, invoke the installer, as follows:
|
|
```
|
|
$ cd linux/installer/bin
|
|
$ ./sgx_linux_x64_sdk_${version}.bin
|
|
```
|
|
### Test the Intel(R) SGX SDK Package with the Code Samples
|
|
- Compile and run each code sample in Simulation mode to make sure the package works well:
|
|
```
|
|
$ cd SampleCode/LocalAttestation
|
|
$ make SGX_MODE=SIM
|
|
$ ./app
|
|
```
|
|
Use similar commands for other sample codes.
|
|
### Compile and Run the Code Samples in the Hardware Mode
|
|
If you use an Intel SGX hardware enabled machine, you can run the code samples in Hardware mode.
|
|
Ensure that you install Intel(R) SGX driver and Intel(R) SGX PSW installer on the machine.
|
|
See the earlier topic, *Build and Install the Intel(R) SGX Driver*, for information on how to install the Intel(R) SGX driver.
|
|
See the later topic, *Install Intel(R) SGX PSW*, for information on how to install the PSW package.
|
|
- Compile and run each code sample in Hardware mode, debug build, as follows:
|
|
```
|
|
$ cd SampleCode/LocalAttestation
|
|
$ make
|
|
$ ./app
|
|
```
|
|
Use similar commands for other code samples.
|
|
|
|
|
|
Install the Intel(R) SGX PSW
|
|
------------------------
|
|
### Prerequisites
|
|
- Ensure that you have one of the following operating systems:
|
|
* Ubuntu\* Desktop-16.04-LTS 64bits
|
|
* Red Hat Enterprise Linux Server release 7.3 64bits
|
|
* CentOS 7.3.1611 64bits
|
|
- Ensure that you have a system with the following required hardware:
|
|
* 6th Generation Intel(R) Core(TM) Processor or newer
|
|
- Configure the system with the **Intel SGX hardware enabled** option and install Intel(R) SGX driver in advance.
|
|
See the earlier topic, *Build and Install the Intel(R) SGX Driver*, for information on how to install the Intel(R) SGX driver.
|
|
- Install the library using the following command:
|
|
* On Ubuntu 16.04:
|
|
```
|
|
$ sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev
|
|
```
|
|
* On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
|
|
```
|
|
$ sudo yum install openssl-devel libcurl-devel protobuf-devel
|
|
```
|
|
- To use Trusted Platform Service functions:
|
|
Ensure `mei_me` driver is enabled and `/dev/mei0` exists.
|
|
Download [iclsClient](https://software.intel.com/en-us/sgx-sdk/download) and install it using the following commands:
|
|
* On Ubuntu 16.04:
|
|
```
|
|
$ sudo apt-get install alien
|
|
$ sudo alien --scripts iclsClient-1.45.449.12-1.x86_64.rpm
|
|
$ sudo dpkg -i iclsclient_1.45.449.12-2_amd64.deb
|
|
```
|
|
* On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
|
|
```
|
|
$ sudo yum install iclsClient-1.45.449.12-1.x86_64.rpm
|
|
```
|
|
Download source code from [dynamic-application-loader-host-interface](https://github.com/01org/dynamic-application-loader-host-interface) project. In the source code folder, build and install the `JHI` service using the following commands:
|
|
* On Ubuntu 16.04:
|
|
```
|
|
$ sudo apt-get install uuid-dev libxml2-dev cmake pkg-config
|
|
$ cmake .;make;sudo make install;sudo systemctl enable jhi
|
|
```
|
|
* On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
|
|
```
|
|
$ sudo yum install libuuid-devel libxml2-devel cmake pkgconfig
|
|
$ cmake .;make;sudo make install;sudo ldconfig;sudo systemctl enable jhi
|
|
```
|
|
|
|
### Install the Intel(R) SGX PSW
|
|
To install the Intel(R) SGX PSW, invoke the installer with root privilege:
|
|
```
|
|
$ cd linux/installer/bin
|
|
$ sudo ./sgx_linux_x64_psw_${version}.bin
|
|
```
|
|
|
|
### Start or Stop aesmd Service
|
|
The Intel(R) SGX PSW installer installs an aesmd service in your machine, which is running in a special linux account `aesmd`.
|
|
To stop the service: `$ sudo service aesmd stop`
|
|
To start the service: `$ sudo service aesmd start`
|
|
To restart the service: `$ sudo service aesmd restart`
|
|
|
|
### Configure the Proxy for aesmd Service
|
|
The aesmd service uses the HTTP protocol to initialize some services.
|
|
If a proxy is required for the HTTP protocol, you may need to manually set up the proxy for the aesmd service.
|
|
You should manually edit the file `/etc/aesmd.conf` (refer to the comments in the file) to set the proxy for the aesmd service.
|
|
After you configure the proxy, you need to restart the service to enable the proxy.
|