ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-26 16:11:12 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
e309095ad4
corda/sgx-jvm/noop-enclave
History
Tommy Lillehagen c3f5ca41e1
ENT-319 Enclave to help test Intel signing key (#76) 
* ENT-319 Enclave to help test Intel signing key

* Update build files to allow for release builds

* Strip debug information from release binaries

* Move sign_helper and update references

* Remove paragraph from README

* Two dev modes (simulation and HSM)

* Update make files to take mode and single build directory

* Update reference to self-sign key

* Build script: from_clean.sh

* Fix bad ref to docker-minimal
2017-10-30 14:20:01 +00:00
..
src sgx: prod scripts 2017-08-01 16:49:44 +02:00
CMakeLists.txt ENT-319 Enclave to help test Intel signing key (#76) 2017-10-30 14:20:01 +00:00
enclave-debug.xml ENT-319 Enclave to help test Intel signing key (#76) 2017-10-30 14:20:01 +00:00
enclave-release.xml ENT-319 Enclave to help test Intel signing key (#76) 2017-10-30 14:20:01 +00:00
IntelWhitelistFormInstructions.md sgx: More fiddling 2017-08-01 16:49:44 +02:00
linkerscript.lds Add noop-enclave 2017-06-15 11:17:11 +01:00
Makefile ENT-319 Enclave to help test Intel signing key (#76) 2017-10-30 14:20:01 +00:00
README.md README.md: add sentence on unsigned SIGSTRUCT blob 2017-06-19 17:32:09 +01:00

README.md

What is this?

This project contains a noop enclave with a single ECALL that does nothing. Its purpose is to demonstrate our ability to create a signed enclave and to test the signature process through an HSM.

How to run

The following Makefile targets execute different steps in the signing process and output into build/

  • make unsigned will build the unsigned enclave and extract the unsigned SIGSTRUCT blob to sign (noop_enclave.unsigned.so, noop_enclave_blob_to_sign.bin).

The following targets use OpenSSL instead of the HSM:

  • make signed-openssl will sign the unsigned enclave with openssl using selfsigning.pem (noop_enclave.signed.openssl.so).

  • make sigstruct-openssl will extract the SIGSTRUCT into a blob as well as a pretty printed txt from the openssl signed enclave (noop_enclave.sigstruct.openssl.bin, noop_enclave.sigstruct-pretty.openssl.txt).

The following targets use the HSM. They require an extra PROFILE=[dev|prod] argument to indicate whether to use a local HSM simulator or the real thing.

  • make generate-key-hsm PROFILE=[dev|prod] [OVERWRITE=true] will generate a fresh key for the profile. By default this will not overwrite an existing key, for that pass in OVERWRITE=true.

  • make signed-hsm PROFILE=[dev|prod] will sign the unsigned enclave with the HSM. This target requires authentication (noop_enclave.signed.hsm.so).

  • make sigstruct-hsm PROFILE=[dev|prod] will extract the SIGSTRUCT into a blob as well as a pretty printed txt from the HSM signed enclave (noop_enclave.sigstruct.hsm.bin, noop_enclave.sigstruct-pretty.hsm.txt).

  • make noop_test will create a test binary that loads an enclave and runs the noop ECALL inside it. For example:

    ./build/noop_test ./build/noop_enclave.signed.openssl.so

    will run the noop ECALL using the openssl signed enclave.

See IntelWhitelistFormInstructions.md for details on how to use this project to fill the enclave specific parts of Intel's whitelisting form.