dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #149948 from veehaitch/sgx-sdk-2.15.1

Browse Source 
sgx-sdk, sgx-psw: 2.14 -> 2.15.1
This commit is contained in:
Bobby Rong 2021-12-17 15:53:06 +08:00 committed by GitHub
commit b4693d8dae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 50 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkgs/os-specific/linux/sgx/psw/default.nix
View File

@ -25,14 +25,14 @@ stdenv.mkDerivation rec {
let let
ae.prebuilt = fetchurl { ae.prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz"; url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz";
hash = "sha256-nGKZEpT2Mx0DLgqjv9qbZqBt1pQaSHcnA0K6nHma3sk"; hash = "sha256-JriA9UGYFkAPuCtRizk8RMM1YOYGR/eO9ILnx47A40s=";
}; };
dcap = rec { dcap = rec {
version = "1.11"; version = "1.12.1";
filename = "prebuilt_dcap_${version}.tar.gz"; filename = "prebuilt_dcap_${version}.tar.gz";
prebuilt = fetchurl { prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}"; url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
hash = "sha256-ShGScS4yNLki04RNPxxLvqzGmy4U1L0gVETvfAo8w9M="; hash = "sha256-V/XHva9Sq3P36xSW+Sd0G6Dnk4H0ANO1Ns/u+FI1eGI=";
}; };
}; };
in in

53
pkgs/os-specific/linux/sgx/sdk/default.nix
View File

@ -1,7 +1,8 @@
{ lib { lib
, stdenv , stdenv
, fetchzip
, fetchFromGitHub , fetchFromGitHub
, fetchpatch
, fetchzip
, callPackage , callPackage
, autoconf , autoconf
, automake , automake
@ -25,40 +26,33 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "sgx-sdk"; pname = "sgx-sdk";
version = "2.14.100.2"; # Version as given in se_version.h
version = "2.15.101.1";
versionTag = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version)); # Version as used in the Git tag
versionTag = "2.15.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "intel"; owner = "intel";
repo = "linux-sgx"; repo = "linux-sgx";
rev = "sgx_${versionTag}"; rev = "sgx_${versionTag}";
hash = "sha256-D/QZWBUe1gRbbjWnV10b7IPoM3utefAsOEKnQuasIrM="; hash = "sha256-e11COTR5eDPMB81aPRKatvIkAOeX+OZgnvn2utiv78M=";
fetchSubmodules = true; fetchSubmodules = true;
}; };
postUnpack = postUnpack = ''
let # Make sure this is the right version of linux-sgx
optlibName = "optimized_libs_${versionTag}.tar.gz"; grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \
optimizedLibs = fetchzip { || (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/${optlibName}"; '';
hash = "sha256-FjNhNV9+KDMvBYdWXZbua6qYOc3Z1/jtcF4j52TSxQY=";
stripRoot = false;
};
sgxIPPCryptoHeader = "${optimizedLibs}/external/ippcp_internal/inc/sgx_ippcp.h";
in
''
# Make sure this is the right version of linux-sgx
grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \
|| (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)
# Make sure we use the correct version to build IPP Crypto patches = [
grep -q 'optlib_name=${optlibName}' "$src/download_prebuilt.sh" \ # Commit to add missing sgx_ippcp.h not yet part of this release
|| (echo "Could not find expected optimized libs ${optlibName} in linux-sgx source" >&2 && exit 1) (fetchpatch {
name = "add-missing-sgx_ippcp-header.patch";
# Add missing sgx_ippcp.h: https://github.com/intel/linux-sgx/pull/752 url = "https://github.com/intel/linux-sgx/commit/51d1087b707a47e18588da7bae23e5f686d44be6.patch";
ln -s ${sgxIPPCryptoHeader} "$sourceRoot/external/ippcp_internal/inc/sgx_ippcp.h" sha256 = "sha256-RZC14H1oEuGp0zn8CySDPy1KNqP/POqb+KMYoQt2A7M=";
''; })
];
postPatch = '' postPatch = ''
# https://github.com/intel/linux-sgx/pull/730 # https://github.com/intel/linux-sgx/pull/730
@ -121,7 +115,7 @@ stdenv.mkDerivation rec {
pushd 'external/ippcp_internal' pushd 'external/ippcp_internal'
install ${ipp-crypto-no_mitigation}/include/* inc/ cp -r ${ipp-crypto-no_mitigation}/include/. inc/
install -D -m a+rw ${ipp-crypto-no_mitigation}/lib/intel64/libippcp.a \ install -D -m a+rw ${ipp-crypto-no_mitigation}/lib/intel64/libippcp.a \
lib/linux/intel64/no_mitigation/libippcp.a lib/linux/intel64/no_mitigation/libippcp.a
@ -131,7 +125,7 @@ stdenv.mkDerivation rec {
lib/linux/intel64/cve_2020_0551_cf/libippcp.a lib/linux/intel64/cve_2020_0551_cf/libippcp.a
rm inc/ippcp.h rm inc/ippcp.h
patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp20u3.patch -o inc/ippcp.h patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u3.patch -o inc/ippcp.h
install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE
@ -227,8 +221,7 @@ stdenv.mkDerivation rec {
--replace '/opt/intel/sgxsdk' "$out" --replace '/opt/intel/sgxsdk' "$out"
for file in $out/share/SampleCode/*/Makefile; do for file in $out/share/SampleCode/*/Makefile; do
substituteInPlace $file \ substituteInPlace $file \
--replace '/opt/intel/sgxsdk' "$out" \ --replace '/opt/intel/sgxsdk' "$out"
--replace '$(SGX_SDK)/buildenv.mk' "$out/share/bin/buildenv.mk"
done done
header "Fixing BINUTILS_DIR in buildenv.mk" header "Fixing BINUTILS_DIR in buildenv.mk"

22
pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix
View File

@ -2,23 +2,35 @@
, stdenv , stdenv
, fetchFromGitHub , fetchFromGitHub
, cmake , cmake
, python3
, nasm , nasm
, openssl
, python3
, extraCmakeFlags ? [ ] , extraCmakeFlags ? [ ]
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "ipp-crypto"; pname = "ipp-crypto";
version = "2020_update3"; version = "2021.3";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "intel"; owner = "intel";
repo = "ipp-crypto"; repo = "ipp-crypto";
rev = "ipp-crypto_${version}"; rev = "ippcp_${version}";
sha256 = "02vlda6mlhbd12ljzdf65klpx4kmx1ylch9w3yllsiya4hwqzy4b"; hash = "sha256-QEJXvQ//zhQqibFxXwPMdS1MHewgyb24LRmkycVSGrM=";
}; };
# Fix typo: https://github.com/intel/ipp-crypto/pull/33
postPatch = ''
substituteInPlace sources/cmake/ippcp-gen-config.cmake \
--replace 'ippcpo-config.cmake' 'ippcp-config.cmake'
'';
cmakeFlags = [ "-DARCH=intel64" ] ++ extraCmakeFlags; cmakeFlags = [ "-DARCH=intel64" ] ++ extraCmakeFlags;
nativeBuildInputs = [ cmake python3 nasm ]; nativeBuildInputs = [
cmake
nasm
openssl
python3
];
} }

8
pkgs/os-specific/linux/sgx/sdk/samples.nix
View File

@ -12,7 +12,11 @@ let
buildInputs = [ buildInputs = [
sgx-sdk sgx-sdk
]; ];
enableParallelBuilding = true;
# The samples don't have proper support for parallel building
# causing them to fail randomly.
enableParallelBuilding = false;
buildFlags = [ buildFlags = [
"SGX_MODE=SIM" "SGX_MODE=SIM"
]; ];
@ -44,6 +48,7 @@ in
# Requires interaction # Requires interaction
doInstallCheck = false; doInstallCheck = false;
}); });
protobufSGXDemo = buildSample "ProtobufSGXDemo";
remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: { remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: {
dontFixup = true; dontFixup = true;
installCheckPhase = '' installCheckPhase = ''
@ -52,6 +57,7 @@ in
}); });
sampleEnclave = buildSample "SampleEnclave"; sampleEnclave = buildSample "SampleEnclave";
sampleEnclavePCL = buildSample "SampleEnclavePCL"; sampleEnclavePCL = buildSample "SampleEnclavePCL";
sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP";
sealUnseal = buildSample "SealUnseal"; sealUnseal = buildSample "SealUnseal";
switchless = buildSample "Switchless"; switchless = buildSample "Switchless";
} }