You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by sh...@apache.org on 2022/11/11 05:18:04 UTC
[incubator-teaclave-java-tee-sdk] 24/48: [sdk] Update Tee SDK version to 2.17
This is an automated email from the ASF dual-hosted git repository.
shaojunwang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit 78e06fd79fb7a3b2d2b02819aa42385bf9546f48
Author: jeffery.wsj <je...@alibaba-inc.com>
AuthorDate: Fri Jul 15 10:33:04 2022 +0800
[sdk] Update Tee SDK version to 2.17
Summary: update tee sdk version to 2.17
Test Plan: all tests pass
Reviewers: lei.yul, cengfeng.lzy, sanhong.lsh
Issue: https://aone.alibaba-inc.com/task/43319236
CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/9398746
---
.../platform/tee_sdk_svm/edge_routines/sgx_mmap.c | 25 ++++---
.../platform/tee_sdk_svm/edge_routines/sgx_mmap.h | 5 +-
.../tee_sdk_svm/edge_routines/tee_sdk_symbol.c | 87 ++++++++++++++--------
.../tee_sdk_svm/edge_routines/tee_sdk_symbol.h | 43 +++++++----
.../main/native/cpp/platform/tee_sdk_svm/Makefile | 5 +-
.../platform/tee_sdk_svm/edge_routines/Makefile | 2 +-
.../edge_routines/{ocall.c => ocall_svm.c} | 2 +-
.../edge_routines/{ocall.h => ocall_svm.h} | 6 +-
.../platform/tee_sdk_svm/edl/tee_sdk_enclave.edl | 6 +-
.../config/platform/tee_sdk_svm/jni/config.mk | 4 +-
tools/cicd/Dockerfile | 21 ++++--
tools/cicd/make.sh | 10 +--
12 files changed, 137 insertions(+), 79 deletions(-)
diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c
index bc2fb8e..8ed5c23 100644
--- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c
+++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c
@@ -2,30 +2,31 @@
#include <stdio.h>
#include <assert.h>
-#include "tee_sdk_enclave_t.h"
+#include "unistd.h"
#include "sgx_mmap.h"
-#define PHYSICAL_PAGE_SIZE 4096
-#define VIRTUAL_PAGE_SIZE 4096
-
// get memory physical page size in enclave.
long physical_page_size() {
- return PHYSICAL_PAGE_SIZE;
+ TRACE_SYMBOL_CALL();
+ return getpagesize();
}
// get memory physical page number in enclave.
long physical_page_number() {
- return get_heap_size() / PHYSICAL_PAGE_SIZE;
+ TRACE_SYMBOL_CALL();
+ return get_heap_size() / getpagesize();
}
// get memory virtual page size in enclave.
long virtual_page_size() {
- return VIRTUAL_PAGE_SIZE;
+ TRACE_SYMBOL_CALL();
+ return getpagesize();
}
// mmap and munmap is only partially supported in tee sdk enclave, and mmap doesn't
// support memory space reserve, but support memory space allocation.
void* mmap(void *hint, int size, int prot, int flags) {
+ TRACE_SYMBOL_CALL();
void *ptr = 0;
// flags == 0x4022, svm runtime expects to reserve a memory buffer with giving start address hint;
// flags == 0x22 and hint == 0x0, svm runtime expects to reserve a memory buffer, the start address depends.
@@ -35,16 +36,18 @@ void* mmap(void *hint, int size, int prot, int flags) {
// (int fd, off_t offset) must be (-1, 0);
// parameter pro = 0x3 (0B0011) indicates allocated buffer could be read and written.
// parameter flags = 0x21, because ts_mmap only support this kind of operation.
- ptr = ts_mmap(hint, size, 0x3, 0x21, -1, 0);
+ ptr = _mmap(hint, size, 0x3, 0x21, -1, 0);
} else if (flags == 0x32) {
ptr = hint;
} else {
- printf("JavaEnclave Warning: unsupported mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags);
- assert(-1);
+ // printf("JavaEnclave Warning: unsupported mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags);
+ ASSERT();
}
+ // printf("JavaEnclave Warning: mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags);
return ptr;
}
int munmap(void *addr, int size) {
- return ts_munmap(addr, size);
+ TRACE_SYMBOL_CALL();
+ return _munmap(addr, size);
}
\ No newline at end of file
diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.h b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.h
index 34350c7..411340e 100644
--- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.h
+++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.h
@@ -1,4 +1,5 @@
#include "tee_sdk_enclave_t.h"
+#include "tee_sdk_symbol.h"
#ifndef _SGX_MMAP_H_
#define _SGX_MMAP_H_
@@ -8,8 +9,8 @@ long physical_page_number();
long virtual_page_size();
void* mmap(void *hint, int size, int prot, int flags);
int munmap(void *addr, int size);
-extern void* ts_mmap(void *addr, size_t length, int prot, int flags, int fd, int offset);
-extern int ts_munmap(void *addr, size_t len);
+extern void* _mmap(void *addr, size_t length, int prot, int flags, int fd, int offset);
+extern int _munmap(void *addr, size_t len);
extern size_t get_heap_size(void);
#endif /* !_SGX_MMAP_H_ */
\ No newline at end of file
diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c
index d34b495..5f7a22e 100644
--- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c
+++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.c
@@ -1,20 +1,6 @@
#include "tee_sdk_enclave_t.h"
#include "tee_sdk_symbol.h"
-//#define ENABLE_TRACE_SYSCALL
-#if defined(ENABLE_TRACE_SYSCALL)
-#define TRACE_SYMBOL_CALL() printf("JavaEnclave Warning: %s is called in enclave svm.\n", __FUNCTION__);
-#else
-#define TRACE_SYMBOL_CALL()
-#endif
-
-//#define UNSUPPORTED_SYSCALL_SYMBOL_ASSERT
-#if defined(UNSUPPORTED_SYSCALL_SYMBOL_ASSERT)
-#define ASSERT() assert(-1);
-#else
-#define ASSERT()
-#endif
-
void __fxstat() {TRACE_SYMBOL_CALL(); ASSERT();}
void __fxstat64() {TRACE_SYMBOL_CALL(); ASSERT();}
void __isnan() {TRACE_SYMBOL_CALL(); ASSERT();}
@@ -25,6 +11,7 @@ void __lxstat64() {TRACE_SYMBOL_CALL(); ASSERT();}
void __sched_cpucount() {TRACE_SYMBOL_CALL(); ASSERT();}
void __strdup() {TRACE_SYMBOL_CALL(); ASSERT();}
void __xmknod() {TRACE_SYMBOL_CALL(); ASSERT();}
+void __xpg_strerror_r() {TRACE_SYMBOL_CALL(); ASSERT();}
void __xstat() {TRACE_SYMBOL_CALL(); ASSERT();}
void __xstat64() {TRACE_SYMBOL_CALL(); ASSERT();}
void chmod() {TRACE_SYMBOL_CALL(); ASSERT();}
@@ -38,48 +25,63 @@ void deflateSetHeader() {TRACE_SYMBOL_CALL(); ASSERT();}
void dlopen() {TRACE_SYMBOL_CALL(); ASSERT();}
void dlsym() {TRACE_SYMBOL_CALL(); ASSERT();}
void endmntent() {TRACE_SYMBOL_CALL(); ASSERT();}
-void fchmod() {TRACE_SYMBOL_CALL(); ASSERT();}
-void fchown() {TRACE_SYMBOL_CALL(); ASSERT();}
-void fpathconf() {TRACE_SYMBOL_CALL(); ASSERT();}
+void fscanf() {TRACE_SYMBOL_CALL(); ASSERT();}
void fstatvfs() {TRACE_SYMBOL_CALL(); ASSERT();}
void fstatvfs64() {TRACE_SYMBOL_CALL(); ASSERT();}
void getgrnam_r() {TRACE_SYMBOL_CALL(); ASSERT();}
void getmntent_r() {TRACE_SYMBOL_CALL(); ASSERT();}
void getpwnam_r() {TRACE_SYMBOL_CALL(); ASSERT();}
+void inet_pton() {TRACE_SYMBOL_CALL(); ASSERT();}
void inflate() {TRACE_SYMBOL_CALL(); ASSERT();}
void inflateEnd() {TRACE_SYMBOL_CALL(); ASSERT();}
void inflateInit2_() {TRACE_SYMBOL_CALL(); ASSERT();}
void inflateReset() {TRACE_SYMBOL_CALL(); ASSERT();}
void inflateSetDictionary() {TRACE_SYMBOL_CALL(); ASSERT();}
+void ioctl() {TRACE_SYMBOL_CALL(); ASSERT();}
void lchown() {TRACE_SYMBOL_CALL(); ASSERT();}
-void lstat() {TRACE_SYMBOL_CALL(); ASSERT();}
void mknod() {TRACE_SYMBOL_CALL(); ASSERT();}
-void pathconf() {TRACE_SYMBOL_CALL(); ASSERT();}
void pipe() {TRACE_SYMBOL_CALL(); ASSERT();}
-void pthread_attr_init() {TRACE_SYMBOL_CALL(); ASSERT();}
-void pthread_attr_setdetachstate() {TRACE_SYMBOL_CALL(); ASSERT();}
void pthread_kill() {TRACE_SYMBOL_CALL(); ASSERT();}
-void pthread_setname_np() {TRACE_SYMBOL_CALL(); ASSERT();}
-void readlink() {TRACE_SYMBOL_CALL(); ASSERT();}
-void realpath() {TRACE_SYMBOL_CALL(); ASSERT();}
void sched_getaffinity() {TRACE_SYMBOL_CALL(); ASSERT();}
void sendfile() {TRACE_SYMBOL_CALL(); ASSERT();}
void sendfile64() {TRACE_SYMBOL_CALL(); ASSERT();}
void setmntent() {TRACE_SYMBOL_CALL(); ASSERT();}
+void sigaction() {TRACE_SYMBOL_CALL(); ASSERT();}
void sigaddset() {TRACE_SYMBOL_CALL(); ASSERT();}
void sigemptyset() {TRACE_SYMBOL_CALL(); ASSERT();}
void sigprocmask() {TRACE_SYMBOL_CALL(); ASSERT();}
void statvfs() {TRACE_SYMBOL_CALL(); ASSERT();}
void statvfs64() {TRACE_SYMBOL_CALL(); ASSERT();}
void symlink() {TRACE_SYMBOL_CALL(); ASSERT();}
-void utimes() {TRACE_SYMBOL_CALL(); ASSERT();}
+void timezone() {TRACE_SYMBOL_CALL(); ASSERT();}
-int posix_memalign(void **memptr, size_t alignment, size_t size) {
+char* strcat(char* dest, const char* source) {
TRACE_SYMBOL_CALL();
- void* ptr = malloc(size);
- if (ptr == NULL) { return -1; }
- *memptr = ptr;
- return 0;
+ if (dest == NULL || source == NULL) { return dest; }
+ char* p = dest;
+ while (*p != '\0') { p++; }
+ while (*source != '\0') { *p = *source; p++; source++; }
+ *p = '\0';
+ return dest;
+}
+
+char* strcpy(char* dest,const char* sourse) {
+ TRACE_SYMBOL_CALL();
+ if(dest==NULL || sourse==NULL) return NULL;
+ char* res=dest;
+ while((*dest++ = *sourse++)!='\0');
+ return res;
+}
+
+char* stpcpy(char *dest, const char *src) {
+ TRACE_SYMBOL_CALL();
+ size_t len = strlen (src);
+ return memcpy(dest, src, len + 1) + len;
+}
+
+size_t __getdelim(char **lineptr, size_t *n, int delim, FILE *stream) {
+ TRACE_SYMBOL_CALL();
+ return getdelim(lineptr, n, delim, stream);
}
unsigned long int pthread_self(void) {
@@ -87,6 +89,21 @@ unsigned long int pthread_self(void) {
return (unsigned long int)get_thread_data();
}
+int pthread_attr_init(pthread_attr *attr) {
+ TRACE_SYMBOL_CALL();
+ return 0;
+}
+
+int pthread_setname_np() {
+ TRACE_SYMBOL_CALL();
+ return 0;
+}
+
+int pthread_attr_setdetachstate(pthread_attr *attr, int detachstate) {
+ TRACE_SYMBOL_CALL();
+ return 0;
+}
+
int pthread_attr_getstack(const pthread_attr *a, void ** addr, size_t *size) {
TRACE_SYMBOL_CALL();
thread_data *self = (thread_data *)get_thread_data();
@@ -125,11 +142,21 @@ int pthread_condattr_setclock() {
return 0;
}
+int pthread_cond_timedwait() {
+ TRACE_SYMBOL_CALL();
+ return 0;
+}
+
int pthread_getattr_np() {
TRACE_SYMBOL_CALL();
return 0;
}
+int pthread_attr_setstacksize() {
+ TRACE_SYMBOL_CALL();
+ return 0;
+}
+
int pthread_attr_destroy() {
TRACE_SYMBOL_CALL();
return 0;
diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h
index 56d44dd..66c9071 100644
--- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h
+++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h
@@ -5,6 +5,20 @@
#include <stdio.h>
#include <assert.h>
+//#define ENABLE_TRACE_SYSCALL
+#if defined(ENABLE_TRACE_SYSCALL)
+#define TRACE_SYMBOL_CALL() printf("JavaEnclave Warning: %s is called in enclave svm.\n", __FUNCTION__);
+#else
+#define TRACE_SYMBOL_CALL()
+#endif
+
+//#define UNSUPPORTED_SYSCALL_SYMBOL_ASSERT
+#if defined(UNSUPPORTED_SYSCALL_SYMBOL_ASSERT)
+#define ASSERT() assert(-1);
+#else
+#define ASSERT()
+#endif
+
void __fxstat();
void __fxstat64();
void __isnan();
@@ -15,6 +29,7 @@ void __lxstat64();
void __sched_cpucount();
void __strdup();
void __xmknod();
+void __xpg_strerror_r();
void __xstat();
void __xstat64();
void chmod();
@@ -28,44 +43,41 @@ void deflateSetHeader();
void dlopen();
void dlsym();
void endmntent();
-void fchmod();
-void fchown();
-void fpathconf();
+void fscanf();
void fstatvfs();
void fstatvfs64();
void getgrnam_r();
void getmntent_r();
void getpwnam_r();
+void inet_pton();
void inflate();
void inflateEnd();
void inflateInit2_();
void inflateReset();
void inflateSetDictionary();
+void ioctl();
void lchown();
-void lstat();
void mknod();
-void pathconf();
void pipe();
-void pthread_attr_init();
-void pthread_attr_setdetachstate();
-void pthread_attr_setstacksize();
void pthread_kill();
-void pthread_setname_np();
-void readlink();
-void realpath();
void sched_getaffinity();
void sendfile();
void sendfile64();
void setmntent();
+void sigaction();
void sigaddset();
void sigemptyset();
void sigprocmask();
void statvfs();
void statvfs64();
void symlink();
-void utimes();
+void timezone();
+
+char* strcat(char *restrict dest, const char *restrict src);
+char* strcpy(char* dest,const char* src);
+char* stpcpy(char *dest, const char *src);
-int posix_memalign(void **memptr, size_t alignment, size_t size);
+size_t __getdelim(char **lineptr, size_t *n, int delim, FILE *stream);
unsigned long int pthread_self();
@@ -87,6 +99,8 @@ typedef struct _pthread_attr {
thread_data* get_thread_data(void);
unsigned long int pthread_self(void);
+int pthread_attr_init(pthread_attr *attr);
+int pthread_attr_setdetachstate(pthread_attr *attr, int detachstate);
int pthread_attr_getstack(const pthread_attr *a, void ** addr, uint64_t *size);
int pthread_attr_getguardsize(const pthread_attr *a, size_t *size);
int mprotect();
@@ -103,7 +117,10 @@ typedef struct {
int getrlimit(int resource, rlimit* rlim);
int setrlimit();
int pthread_condattr_init();
+int pthread_setname_np();
int pthread_condattr_setclock();
+int pthread_cond_timedwait();
int pthread_attr_destroy();
+int pthread_attr_setstacksize();
#endif /* end of _TEE_SDK_SYMBOL_H */
\ No newline at end of file
diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/Makefile b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/Makefile
index 88dcd14..0620ffd 100644
--- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/Makefile
+++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/Makefile
@@ -8,9 +8,10 @@ include $(NATIVE_BASE_DIR)/config/platform/tee_sdk_svm/jni/config.mk
all: build
build: jni.o
- $(CC) edge_routines/ocall.o edge_routines/tee_sdk_enclave_u.o jni/jni_tee_sdk_svm.o \
+ $(CC) edge_routines/ocall_svm.o edge_routines/tee_sdk_enclave_u.o jni/jni_tee_sdk_svm.o \
$(TS_HOST_CFLAGS) $(TS_HOST_LDFLAGS) -fPIC -shared -o $(BIN)/platform/tee_sdk_svm/jni/lib_jni_tee_sdk_svm.so
- rm -rf edge_routines/*.o edge_routines/tee_sdk_enclave_u.c jni/*.o
+
+ rm -rf edge_routines/*.o edge_routines/tee_sdk_enclave_u.* jni/*.o
edge_routines.o:
$(MAKE) -C edge_routines
diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/Makefile b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/Makefile
index b5271b9..26b7183 100644
--- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/Makefile
+++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/Makefile
@@ -11,7 +11,7 @@ build:
$(SGX_EDGER8R) $(CONFIG)/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl --untrusted \
--search-path $(TEE_SDK_PATH)/include
- $(CC) -g -c -fPIC $(TS_HOST_INCDIR) $(TS_HOST_CFLAGS) -fPIC ocall.c
+ $(CC) -g -c -fPIC $(TS_HOST_INCDIR) $(TS_HOST_CFLAGS) -fPIC ocall_svm.c
$(CC) -g -c -fPIC $(TS_HOST_INCDIR) $(TS_HOST_CFLAGS) -fPIC tee_sdk_enclave_u.c
clean:
diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.c b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.c
similarity index 92%
rename from sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.c
rename to sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.c
index 36166ee..cf31243 100644
--- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.c
+++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.c
@@ -1,4 +1,4 @@
-#include "ocall.h"
+#include "ocall_svm.h"
int ocall_getrlimit(int resource, void *rlim) {
return getrlimit(resource, (struct rlimit *)rlim);
diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.h b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.h
similarity index 80%
rename from sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.h
rename to sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.h
index 3940471..7ef8bb9 100644
--- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall.h
+++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/ocall_svm.h
@@ -1,5 +1,5 @@
-#ifndef _OCALL_H_
-#define _OCALL_H_
+#ifndef _OCALL_SVM_H_
+#define _OCALL_SVM_H_
#include <sys/resource.h>
#include <sys/mman.h>
@@ -17,4 +17,4 @@ extern "C"
}
#endif
-#endif /* !_OCALL_H_ */
\ No newline at end of file
+#endif /* !_OCALL_SVM_H_ */
\ No newline at end of file
diff --git a/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl b/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl
index b89d8db..6f61cee 100644
--- a/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl
+++ b/sdk/native/config/platform/tee_sdk_svm/edl/tee_sdk_enclave.edl
@@ -1,9 +1,9 @@
enclave {
include "sgx_report.h"
- from "sgx_tstdc.edl" import *;
- from "sgx_pthread.edl" import *;
- from "openenclave/edl/syscall.edl" import *;
+ from "sgx_tstdc.edl" import *;
+ from "sgx_pthread.edl" import *;
+ from "sgx_stdc_ex.edl" import *;
trusted {
// create a graal isolate;
diff --git a/sdk/native/config/platform/tee_sdk_svm/jni/config.mk b/sdk/native/config/platform/tee_sdk_svm/jni/config.mk
index d402596..536f413 100644
--- a/sdk/native/config/platform/tee_sdk_svm/jni/config.mk
+++ b/sdk/native/config/platform/tee_sdk_svm/jni/config.mk
@@ -46,7 +46,7 @@ SGX_COMMON_CXXFLAGS := $(SGX_COMMON_FLAGS) -Wnon-virtual-dtor -std=c++11
TS_HOST_INCDIR = -I$(TEE_SDK_PATH)/include
TS_HOST_CFLAGS = $(TS_HOST_INCDIR) $(SGX_COMMON_CFLAGS)
TS_HOST_CXXFLAGS = $(SGX_COMMON_CXXFLAGS)
-TS_HOST_LDFLAGS = -L$(SGX_LIBRARY_PATH) -Wl,-z,noexecstack -lc -l$(Urts_Library_Name) -lpthread -lsgx_usyscall -lsgx_urts
+TS_HOST_LDFLAGS = -L$(SGX_LIBRARY_PATH) -Wl,-z,noexecstack -lc -l$(Urts_Library_Name) -lpthread -lsgx_ustdc_ex
Enclave_Security_Link_Flags = -Wl,-z,relro,-z,now,-z,noexecstack
@@ -55,7 +55,7 @@ TS_ENCLAVE_CFLAGS = $(TS_ENCLAVE_INCDIR) -nostdinc -fvisibility=hidden -fpie -ff
TS_ENCLAVE_CXXFLAGS = $(TS_ENCLAVE_CFLAGS) -nostdinc++
TS_ENCLAVE_LDFLAGS = -L$(SGX_LIBRARY_PATH) $(TS_ENCLAVE_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles $(Enclave_Security_Link_Flags) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
- -Wl,--start-group -lsgx_tsyscall -lsgx_tstdc -lsgx_tcxx -lsgx_pthread -lsgx_tcrypto -l$(Service_Library_Name) -Wl,--end-group \
+ -Wl,--start-group -lsgx_tstdc -lsgx_tstdc_ex -lsgx_tcxx -lsgx_pthread -lsgx_tcrypto -l$(Service_Library_Name) -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--defsym,__ImageBase=0
diff --git a/tools/cicd/Dockerfile b/tools/cicd/Dockerfile
index f112fcd..a611185 100644
--- a/tools/cicd/Dockerfile
+++ b/tools/cicd/Dockerfile
@@ -7,21 +7,30 @@ ENV DEBIAN_FRONTEND noninteractive
ADD ["graalvm-enclave-22.1.0.tar", "/root/tools/"]
ADD ["x86_64-linux-musl-native.tgz", "/root/tools/"]
-ADD ["zlib-1.2.12.tar.gz", "/root/tools/"]
+ADD ["zlib-1.2.11.tar.gz", "/root/tools/"]
ADD ["settings.xml", "/root/tools/"]
-ADD ["sgx_linux_x64_sdk_2.15.100.0.bin", "/root/tools/"]
+ADD ["sgx_linux_x64_sdk_2.17.100.0.bin", "/root/tools/"]
ENV GRAALVM_HOME "/root/tools/graalvm-enclave-22.1.0"
ENV JAVA_HOME "/root/tools/graalvm-enclave-22.1.0"
ENV CC "/root/tools/x86_64-linux-musl-native/bin/gcc"
ENV PATH $PATH:"/root/tools/x86_64-linux-musl-native/bin"
+ARG PSW_VERSION=2.17.100.3
+ARG DCAP_VERSION=1.14.100.3
# install necessary tools.
-RUN apt-get update && apt-get install -y gnupg wget && \
+RUN apt-get update && apt-get install -y gdb gnupg wget aptitude && \
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' > /etc/apt/sources.list.d/intel-sgx.list && \
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \
- apt-get update && apt-get install -y --no-install-recommends libsgx-launch libsgx-urts && \
+ apt-get update && aptitude install -y \
+ libsgx-launch-dev=$PSW_VERSION-bionic1 \
+ libsgx-urts=$PSW_VERSION-bionic1 \
+ libsgx-urts-dbgsym=$PSW_VERSION-bionic1 \
+ libsgx-uae-service=$PSW_VERSION-bionic1 \
+ libsgx-dcap-quote-verify-dev=$DCAP_VERSION-bionic1 \
+ libsgx-dcap-ql-dev=$DCAP_VERSION-bionic1 \
+ libsgx-dcap-default-qpl=$DCAP_VERSION-bionic1 && \
echo -e 'yes\n' | apt-get install -y maven && \
echo -e 'yes\n' | apt-get install -y build-essential libz-dev zlib1g-dev && \
- cd /root/tools/zlib-1.2.12 && ./configure --prefix=/root/tools/x86_64-linux-musl-native --static && make && make install && \
- cd /root/tools && chmod 777 sgx_linux_x64_sdk_2.15.100.0.bin && echo -e 'no\n/opt/teesdk\n' | ./sgx_linux_x64_sdk_2.15.100.0.bin
+ cd /root/tools/zlib-1.2.11 && ./configure --prefix=/root/tools/x86_64-linux-musl-native --static && make && make install && \
+ cd /root/tools && chmod 777 sgx_linux_x64_sdk_2.17.100.0.bin && echo -e 'no\n/opt/teesdk\n' | ./sgx_linux_x64_sdk_2.17.100.0.bin
diff --git a/tools/cicd/make.sh b/tools/cicd/make.sh
index 7609320..77f0311 100755
--- a/tools/cicd/make.sh
+++ b/tools/cicd/make.sh
@@ -1,7 +1,7 @@
#!/bin/bash
BUILD_IMAGE=javaenclave_build
-BUILD_TAG=v0.1.7
+BUILD_TAG=v0.1.8
SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
@@ -15,14 +15,14 @@ if [[ "$(docker images -q ${BUILD_IMAGE}:${BUILD_TAG} 2> /dev/null)" == "" ]]; t
# This should be replaced to the offical version when all patches are accepted by the Graal community
wget https://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/JDK11-22.1.0/graalvm-enclave-22.1.0.tar
wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/x86_64-linux-musl-native.tgz
- wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/zlib-1.2.12.tar.gz
+ wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/zlib-1.2.11.tar.gz
wget http://graal.oss-cn-beijing.aliyuncs.com/graal-enclave/settings_taobao.xml -O settings.xml
- wget https://dragonwell.oss-cn-shanghai.aliyuncs.com/11/tee_java/dependency/sgx_linux_x64_sdk_2.15.100.0.bin
+ wget https://dragonwell.oss-cn-shanghai.aliyuncs.com/11/tee_java/dependency/sgx_linux_x64_sdk_2.17.100.0.bin
docker build -t ${BUILD_IMAGE}:${BUILD_TAG} .
rm -f graalvm-enclave-22.1.0.tar
rm -f x86_64-linux-musl-native.tgz
- rm -f zlib-1.2.12.tar.gz
- rm -f sgx_linux_x64_sdk_2.15.100.0.bin
+ rm -f zlib-1.2.11.tar.gz
+ rm -f sgx_linux_x64_sdk_2.17.100.0.bin
fi
# test JavaEnclave's unit test cases and samples
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org