mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-10-05 20:19:16 +03:00
sgx-sdk: 2.16 -> 2.21
Release notes: <https://github.com/intel/linux-sgx/releases/tag/sgx_2.21> sgx-sdk/ipp-crypto: 2021.3 -> 2021.7 * The `substituteInPlace` is no longer necessary as corresponding PR was merged.
This commit is contained in:
parent
e3f251c662
commit
a03b0a37b6
@ -1,6 +1,7 @@
|
||||
{ stdenv
|
||||
, lib
|
||||
, makeWrapper
|
||||
, openssl
|
||||
, sgx-sdk
|
||||
, sgx-psw
|
||||
, which
|
||||
@ -18,6 +19,7 @@ let
|
||||
|
||||
nativeBuildInputs = [
|
||||
makeWrapper
|
||||
openssl
|
||||
which
|
||||
];
|
||||
|
||||
@ -66,7 +68,9 @@ let
|
||||
in
|
||||
{
|
||||
cxx11SGXDemo = buildSample "Cxx11SGXDemo";
|
||||
localAttestation = (buildSample "LocalAttestation").overrideAttrs (oldAttrs: {
|
||||
cxx14SGXDemo = buildSample "Cxx14SGXDemo";
|
||||
cxx17SGXDemo = buildSample "Cxx17SGXDemo";
|
||||
localAttestation = (buildSample "LocalAttestation").overrideAttrs (old: {
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
@ -86,7 +90,7 @@ in
|
||||
});
|
||||
powerTransition = buildSample "PowerTransition";
|
||||
protobufSGXDemo = buildSample "ProtobufSGXDemo";
|
||||
remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: {
|
||||
remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (old: {
|
||||
# Makefile sets rpath to point to $TMPDIR
|
||||
preFixup = ''
|
||||
patchelf --remove-rpath $out/bin/app
|
||||
@ -97,13 +101,40 @@ in
|
||||
'';
|
||||
});
|
||||
sampleEnclave = buildSample "SampleEnclave";
|
||||
sampleEnclavePCL = buildSample "SampleEnclavePCL";
|
||||
sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP";
|
||||
sealUnseal = (buildSample "SealUnseal").overrideAttrs (oldAttrs: {
|
||||
sampleMbedCrypto = buildSample "SampleMbedCrypto";
|
||||
sealUnseal = (buildSample "SealUnseal").overrideAttrs (old: {
|
||||
prePatch = ''
|
||||
substituteInPlace App/App.cpp \
|
||||
--replace '"sealed_data_blob.txt"' '"/tmp/sealed_data_blob.txt"'
|
||||
'';
|
||||
});
|
||||
switchless = buildSample "Switchless";
|
||||
# # Requires SGX-patched openssl (sgxssl) build
|
||||
# sampleAttestedTLS = buildSample "SampleAttestedTLS";
|
||||
} // lib.optionalAttrs (!isSimulation) {
|
||||
# # Requires kernel >= v6.2 && HW SGX
|
||||
# sampleAEXNotify = buildSample "SampleAEXNotify";
|
||||
|
||||
# Requires HW SGX
|
||||
sampleCommonLoader = (buildSample "SampleCommonLoader").overrideAttrs (old: {
|
||||
nativeBuildInputs = [ sgx-psw ] ++ old.nativeBuildInputs;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/{bin,lib}
|
||||
mv sample app
|
||||
install -m 755 app $out/bin
|
||||
|
||||
wrapProgram "$out/bin/app" \
|
||||
--chdir "$out/lib" \
|
||||
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [sgx-psw]}"
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
});
|
||||
|
||||
# # SEGFAULTs in simulation mode?
|
||||
# sampleEnclavePCL = buildSample "SampleEnclavePCL";
|
||||
}
|
||||
|
@ -29,15 +29,15 @@
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "sgx-sdk";
|
||||
# Version as given in se_version.h
|
||||
version = "2.16.100.4";
|
||||
version = "2.21.100.1";
|
||||
# Version as used in the Git tag
|
||||
versionTag = "2.16";
|
||||
versionTag = "2.21";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "intel";
|
||||
repo = "linux-sgx";
|
||||
rev = "sgx_${versionTag}";
|
||||
hash = "sha256-qgXuJJWiqmcU11umCsE3DnlK4VryuTDAsNf53YPw6UY=";
|
||||
hash = "sha256-Yo2G0H0XUI2p9W7lDRLkFHw2t8X1220brGohQJ0r2WY=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
@ -55,10 +55,32 @@ stdenv.mkDerivation rec {
|
||||
})
|
||||
];
|
||||
|
||||
# There's a `make preparation` step that downloads some prebuilt binaries and
|
||||
# applies some patches to the in-repo git submodules. We can't just run it,
|
||||
# since it downloads things, so this step just extracts the patching steps.
|
||||
postPatch = ''
|
||||
patchShebangs linux/installer/bin/build-installpkg.sh \
|
||||
linux/installer/common/sdk/createTarball.sh \
|
||||
linux/installer/common/sdk/install.sh
|
||||
linux/installer/common/sdk/install.sh \
|
||||
external/sgx-emm/create_symlink.sh
|
||||
|
||||
echo "Running 'make preparation' but without download steps"
|
||||
|
||||
# Seems to download something. Build currently uses ipp-crypto and not
|
||||
# sgxssl so probably not an issue.
|
||||
# $ ./external/dcap_source/QuoteVerification/prepare_sgxssl.sh nobuild
|
||||
|
||||
pushd external/openmp/openmp_code
|
||||
git apply ../0001-Enable-OpenMP-in-SGX.patch >/dev/null 2>&1 \
|
||||
|| git apply ../0001-Enable-OpenMP-in-SGX.patch --check -R
|
||||
popd
|
||||
|
||||
pushd external/protobuf/protobuf_code
|
||||
git apply ../sgx_protobuf.patch >/dev/null 2>&1 \
|
||||
|| git apply ../sgx_protobuf.patch --check -R
|
||||
popd
|
||||
|
||||
./external/sgx-emm/create_symlink.sh
|
||||
'';
|
||||
|
||||
# We need `cmake` as a build input but don't use it to kick off the build phase
|
||||
@ -123,7 +145,7 @@ stdenv.mkDerivation rec {
|
||||
lib/linux/intel64/cve_2020_0551_cf/libippcp.a
|
||||
|
||||
rm inc/ippcp.h
|
||||
patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u3.patch -o inc/ippcp.h
|
||||
patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u7.patch -o inc/ippcp.h
|
||||
|
||||
install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE
|
||||
|
||||
@ -136,8 +158,6 @@ stdenv.mkDerivation rec {
|
||||
"DEBUG=1"
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
postBuild = ''
|
||||
patchShebangs linux/installer/bin/sgx_linux_x64_sdk_${version}.bin
|
||||
'';
|
||||
@ -166,6 +186,11 @@ stdenv.mkDerivation rec {
|
||||
mv $installDir/lib64 lib
|
||||
ln -s lib/ lib64
|
||||
|
||||
# Fixup the symlinks for libsgx_urts.so.* -> libsgx_urts.so
|
||||
for file in lib/libsgx_urts.so.*; do
|
||||
ln -srf lib/libsgx_urts.so $file
|
||||
done
|
||||
|
||||
mv $installDir/include/ .
|
||||
|
||||
mkdir -p share/
|
||||
@ -204,7 +229,6 @@ stdenv.mkDerivation rec {
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
|
||||
preFixup = ''
|
||||
echo "Strip sgxsdk prefix"
|
||||
for path in "$out/share/bin/environment" "$out/bin/sgx-gdb"; do
|
||||
|
@ -1,5 +1,4 @@
|
||||
{ lib
|
||||
, gcc11Stdenv
|
||||
{ gcc11Stdenv
|
||||
, fetchFromGitHub
|
||||
, cmake
|
||||
, nasm
|
||||
@ -7,29 +6,24 @@
|
||||
, python3
|
||||
, extraCmakeFlags ? [ ]
|
||||
}:
|
||||
|
||||
gcc11Stdenv.mkDerivation rec {
|
||||
pname = "ipp-crypto";
|
||||
version = "2021.3";
|
||||
version = "2021.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "intel";
|
||||
repo = "ipp-crypto";
|
||||
rev = "ippcp_${version}";
|
||||
hash = "sha256-QEJXvQ//zhQqibFxXwPMdS1MHewgyb24LRmkycVSGrM=";
|
||||
hash = "sha256-3W0LlJgmrp2Rk7xQ+0GQfkF2UpH4htx9R7IL86smtnY=";
|
||||
};
|
||||
|
||||
# Fix typo: https://github.com/intel/ipp-crypto/pull/33
|
||||
postPatch = ''
|
||||
substituteInPlace sources/cmake/ippcp-gen-config.cmake \
|
||||
--replace 'ippcpo-config.cmake' 'ippcp-config.cmake'
|
||||
'';
|
||||
|
||||
cmakeFlags = [ "-DARCH=intel64" ] ++ extraCmakeFlags;
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
nasm
|
||||
# TODO(phlip9): The most recent `ipp-crypto` version (2021.9) now uses
|
||||
# OpenSSL v3 so we can avoid this EOL version when sgx-sdk updates.
|
||||
openssl_1_1
|
||||
python3
|
||||
];
|
||||
|
Loading…
Reference in New Issue
Block a user