diff --git a/README.en.md b/README.en.md index be072d5149b65cd7c514e01ad19dd5d4d11c643e..a7318e509ddaf73a1a8211a9dc36790593871a72 100644 --- a/README.en.md +++ b/README.en.md @@ -1,4 +1,4 @@ -secGear +secGear secGear ============================ @@ -13,22 +13,24 @@ in ARM Trustzone. Build and Install ---------------- -- [reference build & install](./docs/build_install.md) +- [reference build & install](./sdk/docs/build_install.md) -Develop Application and Compile +Develope Application and Compile ------------------------------ Assuming the development directory is .../secGear/examples/test/ - + ### 1 Write edl interface description - - enclave { - include "secgear_urts.h" - from "secgear_tstdc.edl" import *; - trusted { - public int get_string([out, size=32]char *buf); - }; - }; + +```edl +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + trusted { + public int get_string([out, size=32]char *buf); + }; +}; +``` include "secgear_urts.h", from "secgear_tstdc.edl" import *, to shield the difference between SGX and iTrustee when calling the C library. So as long as the C library functions are used, for the consistency of the source code, the two @@ -43,26 +45,31 @@ Then save as test.edl ### 2 Write the top-level CMakeLists.txt - cmake_minimum_required(VERSION 3.10 FATAL_ERROR) - project(TEST C) - set(CMAKE_C_STANDARD 99) - set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) - set(EDL_FILE test.edl) - set(LOCAL_ROOT_PATH "$ENV{CC_SDK}") - set(SECGEAR_INSTALL_PATH /usr/lib64/) - set(CODEGEN codegen) - if(CC_GP) - set(CODETYPE trustzone) - execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID) - string(REPLACE "\n" "" UUID ${UUID}) - add_definitions(-DPATH="/data/${UUID}.sec") - endif() - if(CC_SGX) - set(CODETYPE sgx) - add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") - endif() - add_subdirectory(${CURRENT_ROOT_PATH}/enclave) - add_subdirectory(${CURRENT_ROOT_PATH}/host) +```cmake +cmake_minimum_required(VERSION 3.10 FATAL_ERROR) +project(TEST C) +set(CMAKE_C_STANDARD 99) +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) +set(EDL_FILE test.edl) +set(LOCAL_ROOT_PATH "$ENV{CC_SDK}") +set(SECGEAR_INSTALL_PATH /usr/lib64/) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID) + string(REPLACE "\n" "" UUID ${UUID}) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) +``` Set the CODETYPE EDL_FILE and CODETYPE attributes, which are used when automatically generating code at later phase. On ARM platform, the enclave image needs be named with a unique UUID, so it is dynamically uniquely generated using @@ -70,47 +77,49 @@ the uuidgen command. The defined DPATH macro is used when loading the enclave im ### 3 Write the non-secure side code and CMakeLists.txt - + #### 3.1 Create a new host directory and write main.c - #include - #include "enclave.h" - #include "test_u.h" - - #define BUF_LEN 32 - - int main() - { - int retval = 0; - char *path = PATH; - char buf[BUF_LEN]; - cc_enclave_t *context = NULL; - cc_enclave_result_t res; - - res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); - ... - - res = get_string(context, &retval, buf); - if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { - printf("Ecall enclave error\n"); - } else { - printf("%s\n", buf); - } - - if (context != NULL) { - res = cc_enclave_destroy(context); - ... - } - return res; - } - +```c +#include +#include "enclave.h" +#include "test_u.h" + +#define BUF_LEN 32 + +int main() +{ + int retval = 0; + char *path = PATH; + char buf[BUF_LEN]; + cc_enclave_t *context = NULL; + cc_enclave_result_t res; + + res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); +... + + res = get_string(context, &retval, buf); + if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { + printf("Ecall enclave error\n"); + } else { + printf("%s\n", buf); + } + + if (context != NULL) { + res = cc_enclave_destroy(context); + ... + } + return res; +} +``` + include "enclave.h", to import the secGear header file, include "test_u.h" to import the automatically generated code header file. Next, call cc_enclave_create(...) to create the enclave context, and then call the wrapper of the interface described in the edl file to enter the enclave to execute confidential code. Finally, call cc_enclave_destroy(...) to destroy the enclave context. - + Note that comparing to arguments defined in edl file, the interface called here has two more arguments, context and retval. -This is because the function, generated by the automatic code generation tool according to edl, is a wrapper of the real +This is because the function, generated by the automatic code generation tool according to edl, is a wrapper of the real enclave function, and its declaration is in the test_u.h header file. Where the context parameter is the cc_enclave_t * context created before calling the function, and retval is the return value of the function defined in edl, and the res argument is the return value of the wrapped function. The prefix of test_u.h is consistent with the prefix of @@ -124,225 +133,264 @@ compilation phase, which simplifies the development and compilation steps. #### 3.2 Write the CMakeLists.txt file of the host. - #set auto code prefix - set(PREFIX test) - #set host exec name - set(OUTPUT secgear_test) - #set host src code - set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c) +```cmake +#set auto code prefix +set(PREFIX test) +#set host exec name +set(OUTPUT secgear_test) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c) Set some variables, which are described in comments. - #set auto code - if(CC_GP) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) - endif() - - if(CC_SGX) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) - endif() +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) +endif() +``` Use the code generation tool to generate auxiliary code based on the edl. Variables such as CODEGEN and CODETYPE are defined at the top of CMakeList.txt. --search-path is used to search for other edl files imported in test.edl. When SGX is used, the edl imported in test.edl indirectly depends on the edl of the SGX SDK. Therefore, the search path of the SGX SDK is also specified here. - set(CMAKE_C_FLAGS "-fstack-protector-all -W -Wall -Werror -Wextra -Werror=array-bounds -D_FORTIFY_SOURCE=2 -O2 -ftrapv -fPIE") - set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack") - -Set compile and link options - - if(CC_GP) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${SECGEAR_INSTALL_PATH}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) - endif() - endif() +```cmake +set(CMAKE_C_FLAGS "-fstack-protector-all -W -Wall -Werror -Wextra -Werror=array-bounds -D_FORTIFY_SOURCE=2 -O2 -ftrapv -fPIE") + +set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack") +``` + +Set compile and link options. + +```cmake +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() + + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) + endif() +endif() +``` In the case of iTrustee, set the search paths of the header file and compile the final non-secure binary. - if(CC_SGX) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${SECGEAR_INSTALL_PATH}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) - endif() - endif() +```cmake +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() + + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR}) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) + endif() +endif() +``` In the case of SGX, set the search paths of the header file and compile the final non-secure binary. - if(CC_SIM) - target_link_libraries(${OUTPUT} secgearsim) - else() - target_link_libraries(${OUTPUT} secgear) - endif() - set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) - if(CC_GP) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION /vendor/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) - endif() - if(CC_SGX) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION ${CMAKE_BINARY_DIR}/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) - endif() - -Based on -DCC_SIM=ON or none transferred from cmake, linking secgear or secgearsim. Specify the installation -path of the final binary. The non-secure side image of iTrustee must be installed on the specified whitelist. +```cmake +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim) +else() + target_link_libraries(${OUTPUT} secgear) +endif() + +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) +endif() +``` + +Based on -DCC_SIM=ON or none transferred from cmake, linking secgear or secgearsim. Specify the installation +path of the final binary. The non-secure side image of iTrustee must be installed on the specified whitelist. The whitelist configuration will be introduced below. ### 4 Write security side code, CMakeLists.txt and some configuration files - + #### 4.1 Create a new enclave directory and write hello.c - #include - #include - #include "test_t.h" +```c +#include +#include +#include "test_t.h" + +#define TA_HELLO_WORLD "secGear hello world!" +#define BUF_MAX 32 - #define TA_HELLO_WORLD "secGear hello world!" - #define BUF_MAX 32 - int get_string(char *buf) - { - strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); - return 0; - } +int get_string(char *buf) +{ + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; +} +``` Import the test_t.h generated by the automatic code generation tool, and then write the function according to the interface description in test.edl. - -#### 4.2 Write CMakeLists.txt - - #set auto code prefix - set(PREFIX test) - #set sign key - set(PEM Enclave_private.pem) -Set the private key file name used to sign the enclave binary +#### 4.2 Write CMakeLists.txt - #set sign tool - set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) - #set enclave src code - set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/hello.c) - #set log level - set(PRINT_LEVEL 3) - add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) +```cmake +#set auto code prefix +set(PREFIX test) +#set sign key +set(PEM Enclave_private.pem) +``` + +Set the private key file name used to sign the enclave binary. + +```cmake +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/hello.c) +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) +``` Set sign tool and the security side log printing level - if(CC_GP) - #set signed output - set(OUTPUT ${UUID}.sec) - - set(WHITE_LIST_0 /vendor/bin/helloworld) - set(WHITE_LIST_1 /vendor/bin/secgear_test) - set(WHITE_LIST_OWNER root) - set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) - - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) - endif() +```cmake +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_1 /vendor/bin/secgear_test) + set(WHITE_LIST_OWNER root) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h + ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() +``` WHITE_LIS_X sets the whitelist of iTrustee, only the host binaries in these paths can call this secure image, and up to 8 list paths can be configured. WHITE_LIST_OWNER set user, this user will be applied to all whitelist paths. Finally, set the name of the security image after the final signing, and generate auxiliary code. - if(CC_SGX) - set(OUTPUT enclave.signed.so) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) - endif() +```cmake +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) +endif() +``` In the case of SGX, set the name of the security image after the final signing, and generate auxiliary code. +```cmake +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums \ + -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") - set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ - -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ - -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ - -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") +``` - set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") - Set the security side, no matter whether it is SGX or iTrustee will use some compilation and link options, for example, because the security side is different from the non-secure side, the default library of host OS cannot be used, -so -nostdinc -nodefaultlibs -nostdlib -nodefaultlibs compile link options is introduced. - - if(CC_GP) - configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt") - - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") - - set(ITRUSTEE_TEEDIR ${SDK_PATH}/) - set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${SECGEAR_INSTALL_PATH}) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories( ${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${LOCAL_ROOT_PATH}/inc/enclave_inc - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp - ${ITRUSTEE_TEEDIR}/include/TA - ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext - ${ITRUSTEE_LIBC}/arch/aarch64 - ${ITRUSTEE_LIBC}/ - ${ITRUSTEE_LIBC}/arch/arm/bits - ${ITRUSTEE_LIBC}/arch/generic - ${ITRUSTEE_LIBC}/arch/arm - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE ${SECGEAR_INSTALL_PATH}) - endif() - - foreach(WHITE_LIST ${WHITELIST}) - add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") - endforeach(WHITE_LIST) - add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") - - target_link_libraries(${PREFIX} -lsecgear_tee) - - add_custom_command(TARGET ${PREFIX} - POST_BUILD - COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini - -o ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT}) - - install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT} - DESTINATION /data - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - - endif() +so ```-nostdinc -nodefaultlibs -nostdlib -nodefaultlibs``` link options are introduced. + +```cmake +if(CC_GP) + configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt") + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE ${SECGEAR_INSTALL_PATH}) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini + -o ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT}) + + install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT} + DESTINATION /data + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() +``` In the case of iTrustee, generate the configuration file manifest.txt, and details of the configuration file will be explained later, specify some compilation options related to iTrustee, set the search paths of the header file and the link file, and build the enclave binary. @@ -351,51 +399,57 @@ Regarding the use of iTrustee ocall, there are some other notes, which will be i whitelist macro. Next, you need to link to the secgear_tee library, in which there are interfaces for generating random numbers, seal, unseal, etc. The last step is to sign and install. - if(CC_SGX) - set(SGX_DIR ${SDK_PATH}) - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") - set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) - - if(CC_SIM) - set(Trts_Library_Name sgx_trts_sim) - set(Service_Library_Name sgx_tservice_sim) - else() - set(Trts_Library_Name sgx_trts) - set(Service_Library_Name sgx_tservice) - endif() - - set(Crypto_Library_Name sgx_tcrypto) - - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ - -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${LINK_LIBRARY_PATH}) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories(${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${SGX_DIR}/include/tlibc - ${SGX_DIR}/include/libcxx - ${SGX_DIR}/include - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE - ${LINK_LIBRARY_PATH}) - endif() - - target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive - -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group) - add_custom_command(TARGET ${PREFIX} - POST_BUILD - COMMAND openssl genrsa -3 -out ${PEM} 3072 - COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) - endif() +```cmake +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${LINK_LIBRARY_PATH}) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH}) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive \ + ${Trts_Library_Name} -Wl,--no-whole-archive \ + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx \ + -l${Crypto_Library_Name} -l${Service_Library_Name} \ + -Wl,--end-group) + + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) +endif() +``` In the case of SGX, specify some compilation and link options related to SGX. When linking libraries, SGX and iTrustee are quite different. This is because iTrustee is a secure OS with more capabilities, such as musl libc and openssl. @@ -406,24 +460,26 @@ correctly, some libraries must be linked between specified options, such as sgx_ For more detailed information, please refer to the Makefile of SGX examples. Finally, sign the enclave with the configuration file, which will be introduced later. Note that secGear does not currently support remote authentication. - - set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) - + +```cmake +set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +``` + Set some safe compilation options. - + #### 4.3 Enclave image configuration file - + Write SGX enclave related configuration files The configuration content in the Enclave.config.xml and Enclave.lds files is the same as the official SGX configuration file. For details, please refer to the official development document. Write iTrustee related configuration files -The gpd.ta.appID in the manifest.txt.in file is the uuid configuration item, which is dynamically generated, +The gpd.ta.appID in the manifest.txt.in file is the uuid configuration item, which is dynamically generated, and the other configuration items can refer to the iTrustee development document. - + ### 5 build and install test -[reference build & install](./docs/build_install.md) +[reference build & install](./sdk/docs/build_install.md) Log --- @@ -438,20 +494,22 @@ Security side development, due to restrictions on the different security capabil impossible to directly develop the log function like the non-secure side, Therefore, we provide the PrintInfo interface to record the security side log to the Syslog system. The related configuration files secgear and secgear.conf have been installed in the system directory during the build and install secGear phase. - + Note that when using on iTrustee, you need to import the secgear_log.h header file, but SGX does not need it. Because SGX implements the log function through ocall, the relevant code is in the auxiliary code. And when the configuration file is installed, you need to run "systemctl restart rsyslog" to make the log effective. Finally, in order to enable iTrustee logs to be dumped to the place specified in the configuration file, you also need to run /vendor/bin/tlogcat -f. The tlogcat tool is a part of the iTrustee sdk. - -The meaning of log level (set(PRINT_LEVEL 3)). - PRINT_ERROR 0 - PRINT_WARNING 1 - PRINT_STRACE 2 - PRINT_DEBUG 3 +The meaning of log level (set(PRINT_LEVEL 3)). + +```c +PRINT_ERROR 0 +PRINT_WARNING 1 +PRINT_STRACE 2 +PRINT_DEBUG 3 +``` At present, there are some differences in the usage of the log function. After the iTrustee ocall function is stabilized, the usage will be unified. @@ -461,10 +519,10 @@ Use ocall The secGear ocall function can be used normally on the SGX platform. There are currently restrictions with iTrustee: - only the specified a3d88d2a-ae2a-4ea5-a37d-35fc5f607e9e uuid can be used, - and two programs that enable ocall cannot be run at the same time, - and config cannot be enabled. ta.instanceKeepAlive. - +**Only the specified a3d88d2a-ae2a-4ea5-a37d-35fc5f607e9e uuid can be used.** +**Only one programs enables ocall or error will be triggered.** +**Config option ```ta.instanceKeepAlive``` shall not be enabled.** + Moreover, if the underlying iTrustee does not enable ocall, the SDK will only report an error registration ocall failure, and the ecall function can be used normally. @@ -478,7 +536,7 @@ supported on the iTrustee platform. Remote authentication capability is currently not supported. ------------------------------------------------------------ -secGear does not currently support plc, switchless and other about SGX features. +secGear does not currently support plc, switchless and other about SGX features -------------------------------------------------------------------------------- Learning More About codegener @@ -487,16 +545,15 @@ Learning More About codegener secGear introduces EDL (Enclave Description Language) and intermediate code generation tool codegener. EDL is compatible with Intel SGX's definition. -- [Learn how to use codegener](./docs/codegener.md) +- [Learn how to use codegener](./sdk/docs/codegener.md) Learning More About sign_tool ----------------------------- secGear introduces the signing tool to sign the enclave. -- [Learn how to use signing tool](./docs/sign_tool.md) +- [Learn how to use signing tool](./sdk/docs/sign_tool.md) Milestone --------- -secGear - +Join openEuler/sig-confidential-computing to get more detailed information. diff --git a/README.md b/README.md index 338606072019565c5c9713df211eea827d33f8d3..246fd08c54f601fdb2636bc51a6256938fbb2795 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -secGear +secGear secGear ============================ @@ -12,8 +12,8 @@ secGear是开源的机密计算项目,致力于提供简单、易用的机密 ----------- | 目录 | 用途 | |-----------|-----------| -| [src](./src/) | 统一SDK:屏蔽Intel SGX、鲲鹏Trustzone以及RISC-V蓬莱TEE等SDK差异,提供统一API,实现不同架构共源码,提供代码生成工具,使用户聚焦业务,提升开发效率。开发可参考[HelloWorld开发流程](./docs/HelloWorld开发流程和特性使用指南.md)。| -| [component](./component) | 安全组件:提供通用安全组件货架,支持传统lib库集成方式快速集成,构建机密计算解决方案。| +| [sdk/src](./sdk/src/) | 统一SDK:屏蔽Intel SGX、鲲鹏Trustzone以及RISC-V蓬莱TEE等SDK差异,提供统一API,实现不同架构共源码,提供代码生成工具,使用户聚焦业务,提升开发效率。开发可参考[HelloWorld开发流程](./docs/HelloWorld开发流程和特性使用指南.md)。| +| [sdk/component](./sdk/component) | 安全组件:提供通用安全组件货架,支持传统lib库集成方式快速集成,构建机密计算解决方案。| | [service](./service) | 提供通用安全服务,如[远程证明统一框架](https://gitee.com/openeuler/secGear/blob/master/service/attestation/README.md) ,支持快速集成、部署远程证明服务。| @@ -26,17 +26,28 @@ Quick start - 操作系统:openEuler 21.03、openEuler 20.03 LTS SP2或更高版本 #### Build and Run -``` + +```bash // install build require sudo yum install -y cmake ocaml-dune linux-sgx-driver sgxsdk libsgx-launch libsgx-urts intel-sgx-ssl-devel // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples -cd secGear -source /opt/intel/sgxsdk/environment && source environment -mkdir debug && cd debug && cmake .. && make && sudo make install +// build secGear core sdk +/* + * note: secGear component/secure_channnel requires service/attestation/attestation-agent, + * which should be built first. + */ +cd secGear/sdk +source environment +mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install + +// build an example after installing secGear, e.g. helloworld +cd examples/helloworld +mkdir debug && cd debug +cmake -DENCLAVE=GP .. +make && sudo make install // run helloworld ./examples/helloworld/host/secgear_helloworld @@ -48,22 +59,38 @@ mkdir debug && cd debug && cmake .. && make && sudo make install - 操作系统:openEuler 21.03、openEuler 20.03 LTS SP2或更高版本 #### Build and Run -``` -// install build require + +```bash +// install dependencies sudo yum install -y cmake ocaml-dune itrustee_sdk-devel openssl-devel // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples -cd secGear +// build secGear core sdk +/* + * note: secGear component/secure_channnel requires service/attestation/attestation-agent, + * which should be built first. + */ +cd secGear/sdk source environment mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install +// build an example after installing secGear, e.g. helloworld +cd examples/helloworld +mkdir debug && cd debug +cmake -DENCLAVE=GP .. +make && sudo make install + // run helloworld /vendor/bin/secgear_helloworld ``` +使用sdk进行开发,请参考[Guide](./README.en.md) + +编译&部署远程证明服务框架及组件,请参考[attestation/README](./service/attestation/README.md) +``` + 如何贡献 ---------------- diff --git a/examples/npu_attestation/HowTo.en.md b/examples/npu_attestation/README.en.md similarity index 100% rename from examples/npu_attestation/HowTo.en.md rename to examples/npu_attestation/README.en.md diff --git a/examples/npu_attestation/HowTo.md b/examples/npu_attestation/README.md similarity index 100% rename from examples/npu_attestation/HowTo.md rename to examples/npu_attestation/README.md diff --git a/examples/ra_tls/client.c b/examples/ra_tls/client.c index 177b09aacefb9ec4b29df92244912b2eef464c98..bf670d77573eaa61ca55217a1c3df95085549e93 100644 --- a/examples/ra_tls/client.c +++ b/examples/ra_tls/client.c @@ -109,7 +109,7 @@ err: #endif #define BUF_LEN_MAX 256 -int main(int argc, char *argv[]) +int main(void) { int res = 0; int ret = -1; @@ -119,9 +119,9 @@ int main(int argc, char *argv[]) int port = 10001; int server_sokcet = -1; uint8_t send_buf[BUF_LEN_MAX] = {"Hello Server\n"}; - size_t send_buf_len = strlen(send_buf); + size_t send_buf_len = strlen((const char *)send_buf); uint8_t recv_buf[BUF_LEN_MAX] = {0}; - size_t recv_buf_len = strlen(recv_buf); + size_t recv_buf_len = strlen((const char *)recv_buf); #ifdef CLIENT_WITH_CERT ra_tls_buf cert = RA_TLS_BUF_INIT; ra_tls_buf prv_key = RA_TLS_BUF_INIT; @@ -188,7 +188,7 @@ int main(int argc, char *argv[]) goto end; } recv_buf_len = res; - printf("read from peer[len = %d]: %s\n", recv_buf_len, recv_buf); + printf("read from peer[len = %lu]: %s\n", recv_buf_len, recv_buf); #endif end: SSL_shutdown(ssl); diff --git a/examples/ra_tls/server.c b/examples/ra_tls/server.c index a85c79cd99564c36773fe8e9349428e9089c7944..5a6485c81ad511ef7ea49e4864068a43b20702d2 100644 --- a/examples/ra_tls/server.c +++ b/examples/ra_tls/server.c @@ -117,9 +117,8 @@ err: } -int main(int argc, char *argv[]) +int main(void) { - int res = 0; ra_tls_buf cert = RA_TLS_BUF_INIT; ra_tls_buf prv_key = RA_TLS_BUF_INIT; int client_socket = -1; @@ -196,7 +195,7 @@ int main(int argc, char *argv[]) break; } read_buf[read_len] = '\0'; - printf("read data[%d]: %s\n", read_len, read_buf); + printf("read data[%lu]: %s\n", read_len, read_buf); printf("write back\n"); write_len = SSL_write(ssl, read_buf, read_len); if (write_len <= 0) { diff --git a/examples/switchless/README.md b/examples/switchless/README.md index 4d266d65eca9b52aa224cf92a81ec393e457c7f5..e2478be7a850bba66bcf6e7b3a46b4fe596cddd1 100644 --- a/examples/switchless/README.md +++ b/examples/switchless/README.md @@ -1,4 +1,4 @@ -secGear +secGear switchless ============================ diff --git a/examples/switchless_performance/README.md b/examples/switchless_performance/README.md index 7f37f4d8e6280f8e7c75d286958cab67b0532f71..19c9a3f2f94f8e73bbe7135d1f9f610a30f5454d 100644 --- a/examples/switchless_performance/README.md +++ b/examples/switchless_performance/README.md @@ -1,4 +1,4 @@ -secGear +secGear switchless ============================ diff --git a/CMakeLists.txt b/sdk/CMakeLists.txt similarity index 92% rename from CMakeLists.txt rename to sdk/CMakeLists.txt index a14c482f41543e94bffa97c2a5cf2ac82acf891f..7e16c212e5f61a049cabbcc75f2c6fde2ce8f0a6 100644 --- a/CMakeLists.txt +++ b/sdk/CMakeLists.txt @@ -20,13 +20,16 @@ set(LOCAL_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) message("=============cmake help info=======================") message("Example default cmd: cmake ..") message("same with default: cmake -DENCLAVE=SGX -DSDK_PATH=/opt/intel/sgxsdk -DSSL_PATH=/opt/intel/sgxssl ..") -message("cmake [-DCMAKE_BUILD_TYPE=val] [-DENCLAVE=val] [-DCC_SIM=ON] [-DSDK_PATH=path] [-DSSL_PATH=path] ..") +message("cmake [-DCMAKE_BUILD_TYPE=val] [-DENCLAVE=val] [-DCC_SIM=ON] [-DSDK_PATH=path] [-DSSL_PATH=path]") +message("[-DCODEGEN=val] [-DCOMPONENT=val] ..") message("CMAKE_BUILD_TYPE:[optional] pass Debug if you need file line info in log, default log without file line") message("ENCLAVE:[optional] valid val: SGX --default, GP --trustzone, PL --Penglai") message("CC_SIM:[optional] only support by SGX") message("SDK_PATH:[optional] default SGX:/opt/intel/sgxsdk, GP:/opt/itrustee_sdk, PL:/root/dev/sdk; pass SDK_PATH if you installed sdk in custom path") message("SSL_PATH:[optional] pass security ssl installed path when your application use ssl") +message("CODEGEN:[optional] default ON, set to OFF to skip building tools/codegener, not recommended") +message("COMPONENT:[optional] default ON, set to OFF to skip building component/*, including secure_channel") message("=============cmake help info=======================") if (NOT DEFINED ENCLAVE) set(ENCLAVE "SGX") @@ -97,13 +100,14 @@ if(${ENCLAVE} STREQUAL "PL") set(CC_PL ON) endif() -option(CODEGEN "default off" ON) +option(CODEGEN "default on" ON) if(CODEGEN) add_subdirectory(tools/codegener) endif() add_subdirectory(src) -option(COMPONENT "default off" ON) + +option(COMPONENT "default on" ON) if(COMPONENT) add_subdirectory(component) endif() @@ -112,7 +116,6 @@ if(NOT IS_DIRECTORY ${LOCAL_ROOT_PATH}/bin) execute_process(COMMAND mkdir ${LOCAL_ROOT_PATH}/bin) endif() -#add_subdirectory(examples) add_subdirectory(test) install(FILES ${LOCAL_ROOT_PATH}/conf/logrotate.d/secgear diff --git a/component/CMakeLists.txt b/sdk/component/CMakeLists.txt similarity index 100% rename from component/CMakeLists.txt rename to sdk/component/CMakeLists.txt diff --git a/component/local_attest/CMakeLists.txt b/sdk/component/local_attest/CMakeLists.txt similarity index 100% rename from component/local_attest/CMakeLists.txt rename to sdk/component/local_attest/CMakeLists.txt diff --git a/component/local_attest/gp_local_attest.c b/sdk/component/local_attest/gp_local_attest.c similarity index 100% rename from component/local_attest/gp_local_attest.c rename to sdk/component/local_attest/gp_local_attest.c diff --git a/component/local_attest/local_attest_agent.h b/sdk/component/local_attest/local_attest_agent.h similarity index 100% rename from component/local_attest/local_attest_agent.h rename to sdk/component/local_attest/local_attest_agent.h diff --git a/component/local_attest/sg_local_attest.c b/sdk/component/local_attest/sg_local_attest.c similarity index 100% rename from component/local_attest/sg_local_attest.c rename to sdk/component/local_attest/sg_local_attest.c diff --git a/component/local_attest/sg_local_attest.h b/sdk/component/local_attest/sg_local_attest.h similarity index 100% rename from component/local_attest/sg_local_attest.h rename to sdk/component/local_attest/sg_local_attest.h diff --git a/component/local_attest/sgx_local_attest.c b/sdk/component/local_attest/sgx_local_attest.c similarity index 100% rename from component/local_attest/sgx_local_attest.c rename to sdk/component/local_attest/sgx_local_attest.c diff --git a/component/ra_tls/CMakeLists.txt b/sdk/component/ra_tls/CMakeLists.txt similarity index 97% rename from component/ra_tls/CMakeLists.txt rename to sdk/component/ra_tls/CMakeLists.txt index c46a3ee4528ae32673efb1974583c2aa90dad405..7644a6998696d20dd28384801dff873bd029cb37 100644 --- a/component/ra_tls/CMakeLists.txt +++ b/sdk/component/ra_tls/CMakeLists.txt @@ -1,43 +1,43 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -cmake_minimum_required(VERSION 3.10 FATAL_ERROR) -project(ra_tls VERSION 0.1) - -set(LIB_NAME ra_tls) -set(LIB_SRC ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls.c) -set(LD_SO cjson curl) -set(HEADER_FILES ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls.h ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls_imp.h) -if (NOT TLS_LIB) -set(TLS_LIB OPENSSL) -endif() -if (CMAKE_BUILD_TYPE MATCHES Debug) -add_definitions(-DDEBUG) -endif() -if (TLS_LIB MATCHES OPENSSL) - add_definitions(-DUSE_OPENSSL) - set(LD_SO ${LD_SO} crypto ssl) - set(LIB_SRC ${LIB_SRC} ${CMAKE_CURRENT_SOURCE_DIR}/openssl_imp.c) -else() - message(FATAL_ERROR "TLS_LIB should defined") -endif() - -FILE(GLOB_RECURSE BASE64_SRC CONFIGURE_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/../../thirdparty/base64url/*.c") -include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../thirdparty/base64url) - -set(LIB_SRC ${LIB_SRC} ${BASE64_SRC}) -add_library(${LIB_NAME} SHARED ${LIB_SRC}) -target_link_libraries(${LIB_NAME} PUBLIC ${LD_SO}) - -set_target_properties(${LIB_NAME} PROPERTIES PUBLIC_HEADER "${HEADER_FILES}") -install(TARGETS ${LIB_NAME} - LIBRARY DESTINATION ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64 - PUBLIC_HEADER DESTINATION ${LOCAL_ROOT_PATH_INSTALL}/usr/include/secGear +# Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +cmake_minimum_required(VERSION 3.10 FATAL_ERROR) +project(ra_tls VERSION 0.1) + +set(LIB_NAME ra_tls) +set(LIB_SRC ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls.c) +set(LD_SO cjson curl) +set(HEADER_FILES ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls.h ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls_imp.h) +if (NOT TLS_LIB) +set(TLS_LIB OPENSSL) +endif() +if (CMAKE_BUILD_TYPE MATCHES Debug) +add_definitions(-DDEBUG) +endif() +if (TLS_LIB MATCHES OPENSSL) + add_definitions(-DUSE_OPENSSL) + set(LD_SO ${LD_SO} crypto ssl) + set(LIB_SRC ${LIB_SRC} ${CMAKE_CURRENT_SOURCE_DIR}/openssl_imp.c) +else() + message(FATAL_ERROR "TLS_LIB should defined") +endif() + +FILE(GLOB_RECURSE BASE64_SRC CONFIGURE_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/../../thirdparty/base64url/*.c") +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../thirdparty/base64url) + +set(LIB_SRC ${LIB_SRC} ${BASE64_SRC}) +add_library(${LIB_NAME} SHARED ${LIB_SRC}) +target_link_libraries(${LIB_NAME} PUBLIC ${LD_SO}) + +set_target_properties(${LIB_NAME} PROPERTIES PUBLIC_HEADER "${HEADER_FILES}") +install(TARGETS ${LIB_NAME} + LIBRARY DESTINATION ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64 + PUBLIC_HEADER DESTINATION ${LOCAL_ROOT_PATH_INSTALL}/usr/include/secGear PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) \ No newline at end of file diff --git a/component/ra_tls/LICENSE b/sdk/component/ra_tls/LICENSE similarity index 100% rename from component/ra_tls/LICENSE rename to sdk/component/ra_tls/LICENSE diff --git a/component/ra_tls/README.md b/sdk/component/ra_tls/README.md similarity index 100% rename from component/ra_tls/README.md rename to sdk/component/ra_tls/README.md diff --git a/component/ra_tls/openssl_imp.c b/sdk/component/ra_tls/openssl_imp.c similarity index 100% rename from component/ra_tls/openssl_imp.c rename to sdk/component/ra_tls/openssl_imp.c diff --git a/component/ra_tls/ra_tls.c b/sdk/component/ra_tls/ra_tls.c similarity index 100% rename from component/ra_tls/ra_tls.c rename to sdk/component/ra_tls/ra_tls.c diff --git a/component/ra_tls/ra_tls.h b/sdk/component/ra_tls/ra_tls.h similarity index 100% rename from component/ra_tls/ra_tls.h rename to sdk/component/ra_tls/ra_tls.h diff --git a/component/ra_tls/ra_tls_imp.h b/sdk/component/ra_tls/ra_tls_imp.h similarity index 100% rename from component/ra_tls/ra_tls_imp.h rename to sdk/component/ra_tls/ra_tls_imp.h diff --git a/component/remote_attest/CMakeLists.txt b/sdk/component/remote_attest/CMakeLists.txt similarity index 100% rename from component/remote_attest/CMakeLists.txt rename to sdk/component/remote_attest/CMakeLists.txt diff --git a/component/remote_attest/ra_report/CMakeLists.txt b/sdk/component/remote_attest/ra_report/CMakeLists.txt similarity index 100% rename from component/remote_attest/ra_report/CMakeLists.txt rename to sdk/component/remote_attest/ra_report/CMakeLists.txt diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/sdk/component/remote_attest/ra_report/gp_ra_report.c similarity index 100% rename from component/remote_attest/ra_report/gp_ra_report.c rename to sdk/component/remote_attest/ra_report/gp_ra_report.c diff --git a/component/remote_attest/ra_report/gp_report_helper.c b/sdk/component/remote_attest/ra_report/gp_report_helper.c similarity index 100% rename from component/remote_attest/ra_report/gp_report_helper.c rename to sdk/component/remote_attest/ra_report/gp_report_helper.c diff --git a/component/remote_attest/ra_report/gp_report_helper.h b/sdk/component/remote_attest/ra_report/gp_report_helper.h similarity index 100% rename from component/remote_attest/ra_report/gp_report_helper.h rename to sdk/component/remote_attest/ra_report/gp_report_helper.h diff --git a/component/remote_attest/ra_report/sg_ra_report.c b/sdk/component/remote_attest/ra_report/sg_ra_report.c similarity index 100% rename from component/remote_attest/ra_report/sg_ra_report.c rename to sdk/component/remote_attest/ra_report/sg_ra_report.c diff --git a/component/remote_attest/ra_report/sg_ra_report.h b/sdk/component/remote_attest/ra_report/sg_ra_report.h similarity index 100% rename from component/remote_attest/ra_report/sg_ra_report.h rename to sdk/component/remote_attest/ra_report/sg_ra_report.h diff --git a/component/remote_attest/ra_report/sgx_ra_report.c b/sdk/component/remote_attest/ra_report/sgx_ra_report.c similarity index 100% rename from component/remote_attest/ra_report/sgx_ra_report.c rename to sdk/component/remote_attest/ra_report/sgx_ra_report.c diff --git a/component/remote_attest/ra_report/uni_ra_agent.h b/sdk/component/remote_attest/ra_report/uni_ra_agent.h similarity index 100% rename from component/remote_attest/ra_report/uni_ra_agent.h rename to sdk/component/remote_attest/ra_report/uni_ra_agent.h diff --git a/component/remote_attest/ra_verify/CMakeLists.txt b/sdk/component/remote_attest/ra_verify/CMakeLists.txt similarity index 100% rename from component/remote_attest/ra_verify/CMakeLists.txt rename to sdk/component/remote_attest/ra_verify/CMakeLists.txt diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.c b/sdk/component/remote_attest/ra_verify/gp_ra_report_verify.c similarity index 100% rename from component/remote_attest/ra_verify/gp_ra_report_verify.c rename to sdk/component/remote_attest/ra_verify/gp_ra_report_verify.c diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.c b/sdk/component/remote_attest/ra_verify/sg_ra_report_verify.c similarity index 100% rename from component/remote_attest/ra_verify/sg_ra_report_verify.c rename to sdk/component/remote_attest/ra_verify/sg_ra_report_verify.c diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.h b/sdk/component/remote_attest/ra_verify/sg_ra_report_verify.h similarity index 100% rename from component/remote_attest/ra_verify/sg_ra_report_verify.h rename to sdk/component/remote_attest/ra_verify/sg_ra_report_verify.h diff --git a/component/remote_attest/ra_verify/sgx_ra_report_verify.c b/sdk/component/remote_attest/ra_verify/sgx_ra_report_verify.c similarity index 100% rename from component/remote_attest/ra_verify/sgx_ra_report_verify.c rename to sdk/component/remote_attest/ra_verify/sgx_ra_report_verify.c diff --git a/component/remote_attest/ra_verify/uni_ra_verify_agent.h b/sdk/component/remote_attest/ra_verify/uni_ra_verify_agent.h similarity index 100% rename from component/remote_attest/ra_verify/uni_ra_verify_agent.h rename to sdk/component/remote_attest/ra_verify/uni_ra_verify_agent.h diff --git a/component/remote_attest/sg_report_st.h b/sdk/component/remote_attest/sg_report_st.h similarity index 100% rename from component/remote_attest/sg_report_st.h rename to sdk/component/remote_attest/sg_report_st.h diff --git a/component/secure_channel/CMakeLists.txt b/sdk/component/secure_channel/CMakeLists.txt similarity index 100% rename from component/secure_channel/CMakeLists.txt rename to sdk/component/secure_channel/CMakeLists.txt diff --git a/component/secure_channel/Readme.md b/sdk/component/secure_channel/Readme.md similarity index 100% rename from component/secure_channel/Readme.md rename to sdk/component/secure_channel/Readme.md diff --git a/component/secure_channel/client/CMakeLists.txt b/sdk/component/secure_channel/client/CMakeLists.txt similarity index 88% rename from component/secure_channel/client/CMakeLists.txt rename to sdk/component/secure_channel/client/CMakeLists.txt index 98a80ef42aaa6e8e464cda7653ce01fc812f6c9a..2a4180dd32dc6b83bbd1d0cec5d02998cca33cf8 100644 --- a/component/secure_channel/client/CMakeLists.txt +++ b/sdk/component/secure_channel/client/CMakeLists.txt @@ -31,14 +31,15 @@ include_directories( ${LOCAL_ROOT_PATH}/component/remote_attest/ra_verify ${LOCAL_ROOT_PATH}/thirdparty/cjson ${LOCAL_ROOT_PATH}/thirdparty/base64url - ${LOCAL_ROOT_PATH}/service/attestation/attestation-agent/c_header + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/c_header ) add_library(c${PREFIX} SHARED ${SOURCE_FILE} ${CJSON_SRC} ${BASE64_SRC}) if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") target_link_directories(c${PREFIX} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} - ${LOCAL_ROOT_PATH}/service/attestation/attestation-agent/target/debug/ + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/target/release + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/target/debug ) endif() diff --git a/component/secure_channel/client/python/sec_chl_client.py b/sdk/component/secure_channel/client/python/sec_chl_client.py similarity index 100% rename from component/secure_channel/client/python/sec_chl_client.py rename to sdk/component/secure_channel/client/python/sec_chl_client.py diff --git a/component/secure_channel/client/python/sec_chl_wrapper.py b/sdk/component/secure_channel/client/python/sec_chl_wrapper.py similarity index 100% rename from component/secure_channel/client/python/sec_chl_wrapper.py rename to sdk/component/secure_channel/client/python/sec_chl_wrapper.py diff --git a/component/secure_channel/client/secure_channel_client.c b/sdk/component/secure_channel/client/secure_channel_client.c similarity index 100% rename from component/secure_channel/client/secure_channel_client.c rename to sdk/component/secure_channel/client/secure_channel_client.c diff --git a/component/secure_channel/client/secure_channel_client.h b/sdk/component/secure_channel/client/secure_channel_client.h similarity index 100% rename from component/secure_channel/client/secure_channel_client.h rename to sdk/component/secure_channel/client/secure_channel_client.h diff --git a/component/secure_channel/enclave/CMakeLists.txt b/sdk/component/secure_channel/enclave/CMakeLists.txt similarity index 100% rename from component/secure_channel/enclave/CMakeLists.txt rename to sdk/component/secure_channel/enclave/CMakeLists.txt diff --git a/component/secure_channel/enclave/Enclave.lds b/sdk/component/secure_channel/enclave/Enclave.lds similarity index 100% rename from component/secure_channel/enclave/Enclave.lds rename to sdk/component/secure_channel/enclave/Enclave.lds diff --git a/component/secure_channel/enclave/secure_channel_enclave.c b/sdk/component/secure_channel/enclave/secure_channel_enclave.c similarity index 100% rename from component/secure_channel/enclave/secure_channel_enclave.c rename to sdk/component/secure_channel/enclave/secure_channel_enclave.c diff --git a/component/secure_channel/enclave/secure_channel_enclave.h b/sdk/component/secure_channel/enclave/secure_channel_enclave.h similarity index 100% rename from component/secure_channel/enclave/secure_channel_enclave.h rename to sdk/component/secure_channel/enclave/secure_channel_enclave.h diff --git a/component/secure_channel/host/CMakeLists.txt b/sdk/component/secure_channel/host/CMakeLists.txt similarity index 88% rename from component/secure_channel/host/CMakeLists.txt rename to sdk/component/secure_channel/host/CMakeLists.txt index 4b092b621b9797bcd431214b3d05a7cd57cf936d..671e1af020d1b355d068a16aaf65412235f1c6c6 100644 --- a/component/secure_channel/host/CMakeLists.txt +++ b/sdk/component/secure_channel/host/CMakeLists.txt @@ -51,14 +51,16 @@ if(CC_GP) ${LOCAL_ROOT_PATH}/inc/host_inc/gp ${LOCAL_ROOT_PATH}/component/remote_attest ${LOCAL_ROOT_PATH}/component/remote_attest/ra_report - ${LOCAL_ROOT_PATH}/service/attestation/attestation-agent/c_header + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/c_header ${LOCAL_ROOT_PATH}/thirdparty/base64url) add_library(u${PREFIX} SHARED ${SOURCE_FILE} ${AUTO_FILES}) if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") target_link_directories(u${PREFIX} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} - ${LOCAL_ROOT_PATH}/service/attestation/attestation-agent/target/debug/) + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/target/release + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/target/debug + ) endif() target_link_libraries(u${PREFIX} secgear_ra attestation_agent) endif() @@ -88,7 +90,7 @@ if(CC_SGX) ${SGX_SDK_PATH}/include ${LOCAL_ROOT_PATH}/component/remote_attest ${LOCAL_ROOT_PATH}/component/remote_attest/ra_report - ${LOCAL_ROOT_PATH}/service/attestation/attestation-agent/c_header + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/c_header ${LOCAL_ROOT_PATH}/thirdparty/base64url) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${host_C_Flags}") add_library(u${PREFIX} SHARED ${SOURCE_FILE} ${AUTO_FILES}) @@ -97,7 +99,9 @@ if(CC_SGX) target_link_directories(u${PREFIX} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} ${CMAKE_BINARY_DIR}/lib/ - ${CMAKE_SOURCE_DIR}/service/attestation/attestation-agent/target/debug/) + ${CMAKE_SOURCE_DIR}/../service/attestation/attestation-agent/target/release + ${CMAKE_SOURCE_DIR}/../service/attestation/attestation-agent/target/debug + ) endif() target_link_libraries(u${PREFIX} secgear_ra attestation_agent) endif() diff --git a/component/secure_channel/host/python/sec_chl_server.py b/sdk/component/secure_channel/host/python/sec_chl_server.py similarity index 100% rename from component/secure_channel/host/python/sec_chl_server.py rename to sdk/component/secure_channel/host/python/sec_chl_server.py diff --git a/component/secure_channel/host/python/sec_chl_wrapper.py b/sdk/component/secure_channel/host/python/sec_chl_wrapper.py similarity index 100% rename from component/secure_channel/host/python/sec_chl_wrapper.py rename to sdk/component/secure_channel/host/python/sec_chl_wrapper.py diff --git a/component/secure_channel/host/secure_channel_host.c b/sdk/component/secure_channel/host/secure_channel_host.c similarity index 100% rename from component/secure_channel/host/secure_channel_host.c rename to sdk/component/secure_channel/host/secure_channel_host.c diff --git a/component/secure_channel/host/secure_channel_host.h b/sdk/component/secure_channel/host/secure_channel_host.h similarity index 100% rename from component/secure_channel/host/secure_channel_host.h rename to sdk/component/secure_channel/host/secure_channel_host.h diff --git a/component/secure_channel/secure_channel.edl b/sdk/component/secure_channel/secure_channel.edl similarity index 100% rename from component/secure_channel/secure_channel.edl rename to sdk/component/secure_channel/secure_channel.edl diff --git a/component/secure_channel/secure_channel.h b/sdk/component/secure_channel/secure_channel.h similarity index 100% rename from component/secure_channel/secure_channel.h rename to sdk/component/secure_channel/secure_channel.h diff --git a/component/secure_channel/secure_channel_common.c b/sdk/component/secure_channel/secure_channel_common.c similarity index 100% rename from component/secure_channel/secure_channel_common.c rename to sdk/component/secure_channel/secure_channel_common.c diff --git a/component/secure_channel/secure_channel_common.h b/sdk/component/secure_channel/secure_channel_common.h similarity index 100% rename from component/secure_channel/secure_channel_common.h rename to sdk/component/secure_channel/secure_channel_common.h diff --git a/conf/logrotate.d/secgear b/sdk/conf/logrotate.d/secgear similarity index 100% rename from conf/logrotate.d/secgear rename to sdk/conf/logrotate.d/secgear diff --git a/conf/rsyslog.d/secgear.conf b/sdk/conf/rsyslog.d/secgear.conf similarity index 100% rename from conf/rsyslog.d/secgear.conf rename to sdk/conf/rsyslog.d/secgear.conf diff --git "a/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/sdk/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" similarity index 94% rename from "docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" rename to "sdk/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" index 0335a725140384427d5e688e0af040b2d1f34831..04bb7b7265033ea4997085a1fbf7a4a5db6eeed2 100644 --- "a/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" +++ "b/sdk/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -8,14 +8,14 @@ HelloWorld开发流程 - 安全侧的代码的编写 - 调用sign_tool.sh对安全侧编译出的so做签名 -以[HelloWorld](../examples/helloworld)样例源码为例详细介绍开发步骤。 +以[HelloWorld](../../examples/helloworld)样例源码为例详细介绍开发步骤。 ### 1 编写edl接口文件 edl文件定义了非安全侧与安全侧交互的接口声明,类似于传统的头文件接口声明,由codegen辅助代码生成工具根据edl文件编译生成非安全侧与安全侧交互代码,从而帮助用户降低开发成本,聚焦业务逻辑。目前ocall仅在sgx平台支持,itrustee尚不支持。 如下定义了ecall函数get_string。 -[参考 HelloWorld edl文件](../examples/helloworld/helloworld.edl) +[参考 HelloWorld edl文件](../../examples/helloworld/helloworld.edl) ``` enclave { @@ -39,7 +39,7 @@ edl文件定义了非安全侧与安全侧交互的接口声明,类似于传 - 调用ecall函数 - 调用cc_enclave_destroy销毁enclave -[参考 HelloWorld main.c文件](../examples/helloworld/host/main.c) +[参考 HelloWorld main.c文件](../../examples/helloworld/host/main.c) ``` // 创建enclave res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, context); @@ -54,7 +54,7 @@ edl文件定义了非安全侧与安全侧交互的接口声明,类似于传 ``` ### 3 调用codegen工具 -[参考 HelloWorld host/CMakeLists.txt文件](../examples/helloworld/host/CMakeLists.txt) +[参考 HelloWorld host/CMakeLists.txt文件](../../examples/helloworld/host/CMakeLists.txt) Helloworld样例的编译工程已经集成codegen的调用,如下。 @@ -72,20 +72,20 @@ Helloworld样例的编译工程已经集成codegen的调用,如下。 开发者在安全侧需要完成: - edl文件中定义的ecall函数的实现,edl文件相当于头文件 -[参考 HelloWorld hello.c文件](../examples/helloworld/enclave/hello.c) +[参考 HelloWorld hello.c文件](../../examples/helloworld/enclave/hello.c) test_t.h:该头文件为自动生成代码工具codegen通过edl文件生成的头文件,该头文件命名为edl文件名加"_t"。 ### 5 调用签名工具 -[参考 HelloWorld enclave/CMakeLists.txt文件](../examples/helloworld/enclave/CMakeLists.txt) +[参考 HelloWorld enclave/CMakeLists.txt文件](../../examples/helloworld/enclave/CMakeLists.txt) 使用SIGN_TOOL对编译出的.so文件进行签名。 ### 6 配置开发者证书 -仅适用鲲鹏平台,以[examples/helloworld](../examples/helloworld)样例介绍 +仅适用鲲鹏平台,以[examples/helloworld](../../examples/helloworld)样例介绍 - 修改uuid - 修改[examples/helloworld/CMakeLists.txt](../examples/helloworld/CMakeLists.txt)中uuid + 修改[examples/helloworld/CMakeLists.txt](../../examples/helloworld/CMakeLists.txt)中uuid ``` if(CC_GP) @@ -96,7 +96,7 @@ if(CC_GP) ``` - 配置证书路径 -修改[examples/helloworld/enclave/config_cloud.ini](../examples/helloworld/enclave/config_cloud.ini)配置证书路径 +修改[examples/helloworld/enclave/config_cloud.ini](../../examples/helloworld/enclave/config_cloud.ini)配置证书路径 ``` ;private key for signing TA @@ -109,7 +109,7 @@ configPath = /home/TA_cert/secgear-app1/config # config开发者证书的路径 ``` - 修改manifest.txt -参照申请证书是的configs.xml字段,修改[manifest.txt](../examples/helloworld/enclave/manifest.txt)中字段 +参照申请证书是的configs.xml字段,修改[manifest.txt](../../examples/helloworld/enclave/manifest.txt)中字段 如果configs.xml中存在,manifest.txt中没有,需要自行添加。 ``` @@ -123,7 +123,7 @@ gpd.ta.stackSize: 40960 ``` - 开启签名 -在[examples/helloworld/enclave/CMakeLists.txt](../examples/helloworld/enclave/CMakeLists.txt)中找到如下注释的行,打开注释 +在[examples/helloworld/enclave/CMakeLists.txt](../../examples/helloworld/enclave/CMakeLists.txt)中找到如下注释的行,打开注释 ``` add_custom_command(TARGET ${PREFIX} @@ -187,7 +187,7 @@ typedef struct { | num_cores | 用于设置安全侧线程绑核
规格:
最大值为当前环境CPU核数 | ### 4 switchless开发流程 -[参考 switchless README.md文件](../examples/switchless/README.md) +[参考 switchless README.md文件](../../examples/switchless/README.md) ### 5 switchless性能优化 #### 5.1 CPU绑核 diff --git a/docs/build_install.md b/sdk/docs/build_install.md similarity index 57% rename from docs/build_install.md rename to sdk/docs/build_install.md index 491ac7c456ffa5efcda47290cc60b912aa6a870a..39b7a3499311e10f10dd0401f89034f4f02d8b95 100644 --- a/docs/build_install.md +++ b/sdk/docs/build_install.md @@ -4,21 +4,42 @@ Ensure your system have installed sgx driver, sgx sdk and sgx psw. You can install by [released version](https://01.org/intel-software-guard-extensions/downloads) or [linux-sgx](https://github.com/intel/linux-sgx) source code. 1. Clone the secGear repository: -``` +```bash git clone https://gitee.com/openeuler/secGear.git ``` -2. Build secGear and examples -``` -cd secGear +2. Build SDK and examples + +```bash +cd secGear/sdk source /opt/intel/sgxsdk/environment && source environment mkdir debug && cd debug && cmake ..&& make && sudo make install + +// build secGear core sdk +/* + * note: secGear component/secure_channnel requires service/attestation/attestation-agent, + * which should be built first. + */ +cd secGear/sdk +source /opt/intel/sgxsdk/environment && source environment +mkdir debug && cd debug && cmake .. && make && sudo make install + + + +// build an example after installing secGear, e.g. helloworld +cd examples/helloworld +mkdir debug && cd debug +source /opt/intel/sgxsdk/environment && source ../../../sdk/environment +cmake .. +make && sudo make install ``` + 3. Run Helloworld -``` +```bash ./examples/helloworld/host/secgear_helloworld ``` + 4. For more complex examples, see `examples` directory. ## Quick start with ARM TrustZone(Kunpeng itrustee) @@ -27,21 +48,40 @@ Ensure your system have installed ocaml-dune, if installed ignore this step. Otherwise install refer to [ocaml-dune](https://github.com/ocaml/dune) 1. Clone the secGear repository: -``` + +```bash git clone https://gitee.com/openeuler/secGear.git ``` -2. Build secGear and examples -``` -cd secGear + +2. Build SDK and examples + +```bash +// build secGear core sdk +/* + * note: secGear component/secure_channnel requires service/attestation/attestation-agent, + * which should be built first. + */ +cd secGear/sdk source environment -mkdir debug && cd debug && cmake -DENCLAVE=GP ..&& make && sudo make install -``` -3. Run Helloworld +mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install + +// build an example after installing secGear, e.g. helloworld +cd examples/helloworld +mkdir debug && cd debug +cmake -DENCLAVE=GP .. +make && sudo make install ``` + +3. Run Helloworld with root + +```bash /vendor/bin/secgear_helloworld ``` + 4. For more complex examples, see `examples` directory. +5. **TO build remote attestation service and components, refer to [attestation/README](../../service/attestation/README.md). + ## Build with RSIC-V Penglai refer to [riscv_tee.md](./riscv_tee.md) @@ -49,7 +89,7 @@ refer to [riscv_tee.md](./riscv_tee.md) The build cmd `cmake ..` used default sdk installed path and default enclave ssl installed path(optional, only need when your application uses libssl). If you install them by customize, you need input your customize path by cmake such as: -``` +```bash // the following two cmd is same cmake .. cmake -DSDK_PATH=/opt/intel/sgxsdk -DSSL_PATH=/opt/intel/sgxssl .. @@ -57,6 +97,3 @@ cmake -DSDK_PATH=/opt/intel/sgxsdk -DSSL_PATH=/opt/intel/sgxssl .. // input your customize path cmake -DSDK_PATH="sdk installed path" -DSSL_PATH="enclave ssl installed path" .. ``` - - - diff --git a/docs/codegener.md b/sdk/docs/codegener.md similarity index 100% rename from docs/codegener.md rename to sdk/docs/codegener.md diff --git a/docs/disclaimer.md b/sdk/docs/disclaimer.md similarity index 100% rename from docs/disclaimer.md rename to sdk/docs/disclaimer.md diff --git a/docs/en/2403_LTS_SP2/_toc.yaml b/sdk/docs/en/2403_LTS_SP2/_toc.yaml similarity index 100% rename from docs/en/2403_LTS_SP2/_toc.yaml rename to sdk/docs/en/2403_LTS_SP2/_toc.yaml diff --git a/docs/en/2403_LTS_SP2/api_reference.md b/sdk/docs/en/2403_LTS_SP2/api_reference.md similarity index 100% rename from docs/en/2403_LTS_SP2/api_reference.md rename to sdk/docs/en/2403_LTS_SP2/api_reference.md diff --git a/docs/en/2403_LTS_SP2/application_scenarios.md b/sdk/docs/en/2403_LTS_SP2/application_scenarios.md similarity index 100% rename from docs/en/2403_LTS_SP2/application_scenarios.md rename to sdk/docs/en/2403_LTS_SP2/application_scenarios.md diff --git a/docs/en/2403_LTS_SP2/developer_guide.md b/sdk/docs/en/2403_LTS_SP2/developer_guide.md similarity index 97% rename from docs/en/2403_LTS_SP2/developer_guide.md rename to sdk/docs/en/2403_LTS_SP2/developer_guide.md index 74fea4d81c08f4616a7633256ff7292b09583630..b68c0a800a9b4b4e54f295b27674de0f711a2bfb 100644 --- a/docs/en/2403_LTS_SP2/developer_guide.md +++ b/sdk/docs/en/2403_LTS_SP2/developer_guide.md @@ -68,8 +68,8 @@ The following figure shows the development procedure. // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples -cd secGear +// build sdk and examples +cd secGear/sdk source environment mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install @@ -83,8 +83,8 @@ mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples -cd secGear +// build sdk and examples +cd secGear/sdk source /opt/intel/sgxsdk/environment && source environment mkdir debug && cd debug && cmake .. && make && sudo make install diff --git a/docs/en/2403_LTS_SP2/figures/BJCA_Crypto_Module.png b/sdk/docs/en/2403_LTS_SP2/figures/BJCA_Crypto_Module.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/BJCA_Crypto_Module.png rename to sdk/docs/en/2403_LTS_SP2/figures/BJCA_Crypto_Module.png diff --git a/docs/en/2403_LTS_SP2/figures/Mindspore.png b/sdk/docs/en/2403_LTS_SP2/figures/Mindspore.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/Mindspore.png rename to sdk/docs/en/2403_LTS_SP2/figures/Mindspore.png diff --git a/docs/en/2403_LTS_SP2/figures/Mindspore_original.png b/sdk/docs/en/2403_LTS_SP2/figures/Mindspore_original.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/Mindspore_original.png rename to sdk/docs/en/2403_LTS_SP2/figures/Mindspore_original.png diff --git a/docs/en/2403_LTS_SP2/figures/develop_step.png b/sdk/docs/en/2403_LTS_SP2/figures/develop_step.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/develop_step.png rename to sdk/docs/en/2403_LTS_SP2/figures/develop_step.png diff --git a/docs/en/2403_LTS_SP2/figures/openLooKeng.png b/sdk/docs/en/2403_LTS_SP2/figures/openLooKeng.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/openLooKeng.png rename to sdk/docs/en/2403_LTS_SP2/figures/openLooKeng.png diff --git a/docs/en/2403_LTS_SP2/figures/secGear_arch.png b/sdk/docs/en/2403_LTS_SP2/figures/secGear_arch.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/secGear_arch.png rename to sdk/docs/en/2403_LTS_SP2/figures/secGear_arch.png diff --git a/docs/en/2403_LTS_SP2/figures/secret_gaussdb.png b/sdk/docs/en/2403_LTS_SP2/figures/secret_gaussdb.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/secret_gaussdb.png rename to sdk/docs/en/2403_LTS_SP2/figures/secret_gaussdb.png diff --git a/docs/en/2403_LTS_SP2/introduction_to_secgear.md b/sdk/docs/en/2403_LTS_SP2/introduction_to_secgear.md similarity index 100% rename from docs/en/2403_LTS_SP2/introduction_to_secgear.md rename to sdk/docs/en/2403_LTS_SP2/introduction_to_secgear.md diff --git a/docs/en/2403_LTS_SP2/public_sys-resources/icon-note.gif b/sdk/docs/en/2403_LTS_SP2/public_sys-resources/icon-note.gif similarity index 100% rename from docs/en/2403_LTS_SP2/public_sys-resources/icon-note.gif rename to sdk/docs/en/2403_LTS_SP2/public_sys-resources/icon-note.gif diff --git a/docs/en/2403_LTS_SP2/secgear_installation.md b/sdk/docs/en/2403_LTS_SP2/secgear_installation.md similarity index 100% rename from docs/en/2403_LTS_SP2/secgear_installation.md rename to sdk/docs/en/2403_LTS_SP2/secgear_installation.md diff --git a/docs/en/2403_LTS_SP2/using_secgear_tools.md b/sdk/docs/en/2403_LTS_SP2/using_secgear_tools.md similarity index 100% rename from docs/en/2403_LTS_SP2/using_secgear_tools.md rename to sdk/docs/en/2403_LTS_SP2/using_secgear_tools.md diff --git a/docs/itrustee_libc_support.md b/sdk/docs/itrustee_libc_support.md similarity index 99% rename from docs/itrustee_libc_support.md rename to sdk/docs/itrustee_libc_support.md index bcfce4613e166dc02d24814e8f79dbebe70ec40b..4b395d34412043bc3f58e45bdb529f39eef01678 100644 --- a/docs/itrustee_libc_support.md +++ b/sdk/docs/itrustee_libc_support.md @@ -1,31 +1,31 @@ -# iTrustee TEE support for libc - ------- - -| Header | Supported | Comments | -| ----------- | --------- | ------------------------------------------------------------ | -| alloca.h | Yes | - | -| arpa/inet.h | Partial | Unsupported functions: inet_neta(), inet_net_ntop(), inet_net_pton(), inet_nsap_addr(), inet_nsap_ntoa() | -| assert.h | Yes | - | -| ctype.h | Partial | Unsupported functions: isctype() | -| dlfcn.h | Partial | Unsupported functions: dlmopen(), dlvsym(), dladdr1() | -| errno.h | Yes | - | -| fcntl.h | Yes | - | -| inttypes.h | Partial | supported functions: imaxabs(), imaxdiv(), strtoimax(), strtoumax(), wcstoimax(), wcstoumax() | -| locale.h | Yes | - | -| malloc.h | Partial | supported functions: malloc(), calloc(), realloc(), free(), valloc(), memalign(), malloc_usable_size() | -| netdb.h | Partial | Unsupported functions: gethostent_r(), getnetent_r(), getnetbyaddr_r(), getnetbyname_r(), getservent_r(), getprotoent_r(), getprotobyname_r(), getprotobynumber_r(), setnetgrent endnetgrent(), getnetgrent innetgr(), getnetgrent_r(), rcmd(), rcmd_af(), rexec(), rexec_af(), ruserok(), ruserok_af(), iruserok(), iruserok_af(), rresvport(), rresvport_af(), getaddrinfo_a(), gai_suspend gai_error(), gai_cancel() | -| poll.h | Partial | Unsupported functions: ppoll() | -| pthread.h | Partial | Unsupported functions: pthread_attr_getstackaddr(), pthread_attr_setstackaddr(), pthread_attr_setaffinity_np(), pthread_attr_getaffinity_np(), pthread_getname_np(), pthread_yield(), pthread_mutex_consistent_np(), pthread_mutexattr_getrobust_np(), pthread_mutexattr_setrobust_np(), pthread_rwlockattr_getkind_np(), pthread_rwlockattr_setkind_np() | -| sched.h | Yes | - | -| semaphore.h | Yes | - | -| setjmp.h | Yes | - | -| signal.h | Partial | Unsupported functions: sysv_signal(), ssignal(), gsignal(), sigblock(), sigsetmask(), siggetmask(), sigreturn(), sigstack() | -| stdio.h | Partial | Unsupported functions: renameat2(), tmpnam_r(), fcloseall(), obstack_printf(), obstack_vprintf(), uflow(), overflow() | -| stdlib.h | Partial | Unsupported functions: strtof16(), strtof32(), strtof64(), strtof128(), strtof32x(), strtof64x(), strtof128x(), strtoq(), strtouq(), strfromd(), strfromf(), strfroml(), strfromf16(), strfromf32(), strfromf64(), strfromf128(), strfromf32x(), strfromf64x(), strfromf128x(), strtol_l(), strtoul_l(), strtoll_l(), strtoull_l(), strtof16_l(), strtof32_l(), strtof64_l(), strtof128_l(), strtof32x_l(), strtof64x_l(), strtof128x_l(), random_r(), srandom_r(), initstate_r(), setstate_r(), drand48_r(), erand48_r(), lrand48_r(), nrand48_r(), mrand48_r(), jrand48_r(), srand48_r(), seed48_r(), lcong48_r(), reallocarray(), on_exit(), canonicalize_file_name(), qsort_r(), qecvt(), qfcvt(), qgcvt(), ecvt_r(), fcvt_r(), fcvt_r(), qfcvt_r(), rpmatch(), getpt(),ttyslot() | -| string.h | Partial | Unsupported functions: rawmemchr(), strfry(), memfrob() | -| strings.h | Yes | - | -| time.h | Partial | Unsupported functions: strptime_l(), timelocal(), dysize(), timespec_get(), getdate_r() | -| unistd.h | Partial | Unsupported functions: lseek(), lseek64(), pread64(), pwrite64(), getwd(), group_member(), ttyslot(), setlogin(), revoke(), profil(), truncate64(), ftruncate64(), lockf(), lockf64(), cuserid(), pthread_atfork() | -| wchar.h | Partial | Unsupported functions: wcschrnul(), wmempcpy(), wcstof16(), wcstof32(), wcstof64(), wcstof128(), wcstof32x(), wcstof64x(), wcstof128x(), wcstoq(), wcstouq(), wcstol_l(), wcstoul_l(), wcstod_l(), wcstof_l(), wcstold_l(), wcstof16_l(), wcstof32_l(), wcstof64_l(), wcstof128_l(), wcstof32x_l(), wcstof64x_l(), wcstof128x_l() | +# iTrustee TEE support for libc + +------ + +| Header | Supported | Comments | +| ----------- | --------- | ------------------------------------------------------------ | +| alloca.h | Yes | - | +| arpa/inet.h | Partial | Unsupported functions: inet_neta(), inet_net_ntop(), inet_net_pton(), inet_nsap_addr(), inet_nsap_ntoa() | +| assert.h | Yes | - | +| ctype.h | Partial | Unsupported functions: isctype() | +| dlfcn.h | Partial | Unsupported functions: dlmopen(), dlvsym(), dladdr1() | +| errno.h | Yes | - | +| fcntl.h | Yes | - | +| inttypes.h | Partial | supported functions: imaxabs(), imaxdiv(), strtoimax(), strtoumax(), wcstoimax(), wcstoumax() | +| locale.h | Yes | - | +| malloc.h | Partial | supported functions: malloc(), calloc(), realloc(), free(), valloc(), memalign(), malloc_usable_size() | +| netdb.h | Partial | Unsupported functions: gethostent_r(), getnetent_r(), getnetbyaddr_r(), getnetbyname_r(), getservent_r(), getprotoent_r(), getprotobyname_r(), getprotobynumber_r(), setnetgrent endnetgrent(), getnetgrent innetgr(), getnetgrent_r(), rcmd(), rcmd_af(), rexec(), rexec_af(), ruserok(), ruserok_af(), iruserok(), iruserok_af(), rresvport(), rresvport_af(), getaddrinfo_a(), gai_suspend gai_error(), gai_cancel() | +| poll.h | Partial | Unsupported functions: ppoll() | +| pthread.h | Partial | Unsupported functions: pthread_attr_getstackaddr(), pthread_attr_setstackaddr(), pthread_attr_setaffinity_np(), pthread_attr_getaffinity_np(), pthread_getname_np(), pthread_yield(), pthread_mutex_consistent_np(), pthread_mutexattr_getrobust_np(), pthread_mutexattr_setrobust_np(), pthread_rwlockattr_getkind_np(), pthread_rwlockattr_setkind_np() | +| sched.h | Yes | - | +| semaphore.h | Yes | - | +| setjmp.h | Yes | - | +| signal.h | Partial | Unsupported functions: sysv_signal(), ssignal(), gsignal(), sigblock(), sigsetmask(), siggetmask(), sigreturn(), sigstack() | +| stdio.h | Partial | Unsupported functions: renameat2(), tmpnam_r(), fcloseall(), obstack_printf(), obstack_vprintf(), uflow(), overflow() | +| stdlib.h | Partial | Unsupported functions: strtof16(), strtof32(), strtof64(), strtof128(), strtof32x(), strtof64x(), strtof128x(), strtoq(), strtouq(), strfromd(), strfromf(), strfroml(), strfromf16(), strfromf32(), strfromf64(), strfromf128(), strfromf32x(), strfromf64x(), strfromf128x(), strtol_l(), strtoul_l(), strtoll_l(), strtoull_l(), strtof16_l(), strtof32_l(), strtof64_l(), strtof128_l(), strtof32x_l(), strtof64x_l(), strtof128x_l(), random_r(), srandom_r(), initstate_r(), setstate_r(), drand48_r(), erand48_r(), lrand48_r(), nrand48_r(), mrand48_r(), jrand48_r(), srand48_r(), seed48_r(), lcong48_r(), reallocarray(), on_exit(), canonicalize_file_name(), qsort_r(), qecvt(), qfcvt(), qgcvt(), ecvt_r(), fcvt_r(), fcvt_r(), qfcvt_r(), rpmatch(), getpt(),ttyslot() | +| string.h | Partial | Unsupported functions: rawmemchr(), strfry(), memfrob() | +| strings.h | Yes | - | +| time.h | Partial | Unsupported functions: strptime_l(), timelocal(), dysize(), timespec_get(), getdate_r() | +| unistd.h | Partial | Unsupported functions: lseek(), lseek64(), pread64(), pwrite64(), getwd(), group_member(), ttyslot(), setlogin(), revoke(), profil(), truncate64(), ftruncate64(), lockf(), lockf64(), cuserid(), pthread_atfork() | +| wchar.h | Partial | Unsupported functions: wcschrnul(), wmempcpy(), wcstof16(), wcstof32(), wcstof64(), wcstof128(), wcstof32x(), wcstof64x(), wcstof128x(), wcstoq(), wcstouq(), wcstol_l(), wcstoul_l(), wcstod_l(), wcstof_l(), wcstold_l(), wcstof16_l(), wcstof32_l(), wcstof64_l(), wcstof128_l(), wcstof32x_l(), wcstof64x_l(), wcstof128x_l() | | wctype.h | Yes | - | \ No newline at end of file diff --git a/docs/logo.png b/sdk/docs/logo.png similarity index 100% rename from docs/logo.png rename to sdk/docs/logo.png diff --git a/docs/riscv_tee.md b/sdk/docs/riscv_tee.md similarity index 100% rename from docs/riscv_tee.md rename to sdk/docs/riscv_tee.md diff --git a/docs/secGear_RISC-V_Penglai_demo.jpeg b/sdk/docs/secGear_RISC-V_Penglai_demo.jpeg similarity index 100% rename from docs/secGear_RISC-V_Penglai_demo.jpeg rename to sdk/docs/secGear_RISC-V_Penglai_demo.jpeg diff --git a/docs/sign_tool.md b/sdk/docs/sign_tool.md similarity index 100% rename from docs/sign_tool.md rename to sdk/docs/sign_tool.md diff --git a/docs/zh/2403_LTS_SP2/_toc.yaml b/sdk/docs/zh/2403_LTS_SP2/_toc.yaml similarity index 100% rename from docs/zh/2403_LTS_SP2/_toc.yaml rename to sdk/docs/zh/2403_LTS_SP2/_toc.yaml diff --git a/docs/zh/2403_LTS_SP2/api_reference.md b/sdk/docs/zh/2403_LTS_SP2/api_reference.md similarity index 100% rename from docs/zh/2403_LTS_SP2/api_reference.md rename to sdk/docs/zh/2403_LTS_SP2/api_reference.md diff --git a/docs/zh/2403_LTS_SP2/application_scenarios.md b/sdk/docs/zh/2403_LTS_SP2/application_scenarios.md similarity index 100% rename from docs/zh/2403_LTS_SP2/application_scenarios.md rename to sdk/docs/zh/2403_LTS_SP2/application_scenarios.md diff --git a/docs/zh/2403_LTS_SP2/developer_guide.md b/sdk/docs/zh/2403_LTS_SP2/developer_guide.md similarity index 97% rename from docs/zh/2403_LTS_SP2/developer_guide.md rename to sdk/docs/zh/2403_LTS_SP2/developer_guide.md index b788f9d38871c421d6fae636ec3cd74ecf47adc6..f82693e6c03933c0b62cf5a5b5495bb6946bbf70 100644 --- a/docs/zh/2403_LTS_SP2/developer_guide.md +++ b/sdk/docs/zh/2403_LTS_SP2/developer_guide.md @@ -68,8 +68,8 @@ cd examples/helloworld // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples -cd secGear +// build sdk and examples +cd secGear/sdk source environment mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install @@ -83,8 +83,8 @@ mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples -cd secGear +// build sdk and examples +cd secGear/sdk source /opt/intel/sgxsdk/environment && source environment mkdir debug && cd debug && cmake .. && make && sudo make install diff --git a/docs/zh/2403_LTS_SP2/figures/BJCA_Crypto_Module.png b/sdk/docs/zh/2403_LTS_SP2/figures/BJCA_Crypto_Module.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/BJCA_Crypto_Module.png rename to sdk/docs/zh/2403_LTS_SP2/figures/BJCA_Crypto_Module.png diff --git a/docs/zh/2403_LTS_SP2/figures/Mindspore.png b/sdk/docs/zh/2403_LTS_SP2/figures/Mindspore.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/Mindspore.png rename to sdk/docs/zh/2403_LTS_SP2/figures/Mindspore.png diff --git a/docs/zh/2403_LTS_SP2/figures/Mindspore_original.png b/sdk/docs/zh/2403_LTS_SP2/figures/Mindspore_original.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/Mindspore_original.png rename to sdk/docs/zh/2403_LTS_SP2/figures/Mindspore_original.png diff --git a/docs/zh/2403_LTS_SP2/figures/develop_step.png b/sdk/docs/zh/2403_LTS_SP2/figures/develop_step.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/develop_step.png rename to sdk/docs/zh/2403_LTS_SP2/figures/develop_step.png diff --git a/docs/zh/2403_LTS_SP2/figures/openLooKeng.png b/sdk/docs/zh/2403_LTS_SP2/figures/openLooKeng.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/openLooKeng.png rename to sdk/docs/zh/2403_LTS_SP2/figures/openLooKeng.png diff --git a/docs/zh/2403_LTS_SP2/figures/secGear_arch.png b/sdk/docs/zh/2403_LTS_SP2/figures/secGear_arch.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/secGear_arch.png rename to sdk/docs/zh/2403_LTS_SP2/figures/secGear_arch.png diff --git a/docs/zh/2403_LTS_SP2/figures/secret_gaussdb.png b/sdk/docs/zh/2403_LTS_SP2/figures/secret_gaussdb.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/secret_gaussdb.png rename to sdk/docs/zh/2403_LTS_SP2/figures/secret_gaussdb.png diff --git a/docs/zh/2403_LTS_SP2/introduction_to_secgear.md b/sdk/docs/zh/2403_LTS_SP2/introduction_to_secgear.md similarity index 100% rename from docs/zh/2403_LTS_SP2/introduction_to_secgear.md rename to sdk/docs/zh/2403_LTS_SP2/introduction_to_secgear.md diff --git a/docs/zh/2403_LTS_SP2/public_sys-resources/icon-note.gif b/sdk/docs/zh/2403_LTS_SP2/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/2403_LTS_SP2/public_sys-resources/icon-note.gif rename to sdk/docs/zh/2403_LTS_SP2/public_sys-resources/icon-note.gif diff --git a/docs/zh/2403_LTS_SP2/secgear_installation.md b/sdk/docs/zh/2403_LTS_SP2/secgear_installation.md similarity index 100% rename from docs/zh/2403_LTS_SP2/secgear_installation.md rename to sdk/docs/zh/2403_LTS_SP2/secgear_installation.md diff --git a/docs/zh/2403_LTS_SP2/using_secgear_tools.md b/sdk/docs/zh/2403_LTS_SP2/using_secgear_tools.md similarity index 100% rename from docs/zh/2403_LTS_SP2/using_secgear_tools.md rename to sdk/docs/zh/2403_LTS_SP2/using_secgear_tools.md diff --git a/environment b/sdk/environment similarity index 100% rename from environment rename to sdk/environment diff --git a/inc/common_inc/bit_operation.h b/sdk/inc/common_inc/bit_operation.h similarity index 100% rename from inc/common_inc/bit_operation.h rename to sdk/inc/common_inc/bit_operation.h diff --git a/inc/common_inc/gp/gp_shared_memory_defs.h b/sdk/inc/common_inc/gp/gp_shared_memory_defs.h similarity index 100% rename from inc/common_inc/gp/gp_shared_memory_defs.h rename to sdk/inc/common_inc/gp/gp_shared_memory_defs.h diff --git a/inc/common_inc/secgear_list.h b/sdk/inc/common_inc/secgear_list.h similarity index 100% rename from inc/common_inc/secgear_list.h rename to sdk/inc/common_inc/secgear_list.h diff --git a/inc/common_inc/switchless_defs.h b/sdk/inc/common_inc/switchless_defs.h similarity index 100% rename from inc/common_inc/switchless_defs.h rename to sdk/inc/common_inc/switchless_defs.h diff --git a/inc/enclave_inc/gp/caller.h b/sdk/inc/enclave_inc/gp/caller.h similarity index 100% rename from inc/enclave_inc/gp/caller.h rename to sdk/inc/enclave_inc/gp/caller.h diff --git a/inc/enclave_inc/gp/gp.h b/sdk/inc/enclave_inc/gp/gp.h similarity index 100% rename from inc/enclave_inc/gp/gp.h rename to sdk/inc/enclave_inc/gp/gp.h diff --git a/inc/enclave_inc/gp/gp_ocall.h b/sdk/inc/enclave_inc/gp/gp_ocall.h similarity index 100% rename from inc/enclave_inc/gp/gp_ocall.h rename to sdk/inc/enclave_inc/gp/gp_ocall.h diff --git a/inc/enclave_inc/gp/itrustee/bottom_memory_check.h b/sdk/inc/enclave_inc/gp/itrustee/bottom_memory_check.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/bottom_memory_check.h rename to sdk/inc/enclave_inc/gp/itrustee/bottom_memory_check.h diff --git a/inc/enclave_inc/gp/itrustee/cc_securec.h b/sdk/inc/enclave_inc/gp/itrustee/cc_securec.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/cc_securec.h rename to sdk/inc/enclave_inc/gp/itrustee/cc_securec.h diff --git a/inc/enclave_inc/gp/itrustee/dataseal_internal.h b/sdk/inc/enclave_inc/gp/itrustee/dataseal_internal.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/dataseal_internal.h rename to sdk/inc/enclave_inc/gp/itrustee/dataseal_internal.h diff --git a/inc/enclave_inc/gp/itrustee/error_conversion.h b/sdk/inc/enclave_inc/gp/itrustee/error_conversion.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/error_conversion.h rename to sdk/inc/enclave_inc/gp/itrustee/error_conversion.h diff --git a/inc/enclave_inc/gp/itrustee/random_internal.h b/sdk/inc/enclave_inc/gp/itrustee/random_internal.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/random_internal.h rename to sdk/inc/enclave_inc/gp/itrustee/random_internal.h diff --git a/inc/enclave_inc/gp/itrustee/secgear_log.h b/sdk/inc/enclave_inc/gp/itrustee/secgear_log.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/secgear_log.h rename to sdk/inc/enclave_inc/gp/itrustee/secgear_log.h diff --git a/inc/enclave_inc/gp/itrustee/tee_agent.h b/sdk/inc/enclave_inc/gp/itrustee/tee_agent.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/tee_agent.h rename to sdk/inc/enclave_inc/gp/itrustee/tee_agent.h diff --git a/inc/enclave_inc/gp/itrustee/tee_trusted_storage.h b/sdk/inc/enclave_inc/gp/itrustee/tee_trusted_storage.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/tee_trusted_storage.h rename to sdk/inc/enclave_inc/gp/itrustee/tee_trusted_storage.h diff --git a/inc/enclave_inc/memory_check.h b/sdk/inc/enclave_inc/memory_check.h similarity index 100% rename from inc/enclave_inc/memory_check.h rename to sdk/inc/enclave_inc/memory_check.h diff --git a/inc/enclave_inc/penglai/bottom_memory_check.h b/sdk/inc/enclave_inc/penglai/bottom_memory_check.h similarity index 100% rename from inc/enclave_inc/penglai/bottom_memory_check.h rename to sdk/inc/enclave_inc/penglai/bottom_memory_check.h diff --git a/inc/enclave_inc/penglai/cc_securec.h b/sdk/inc/enclave_inc/penglai/cc_securec.h similarity index 100% rename from inc/enclave_inc/penglai/cc_securec.h rename to sdk/inc/enclave_inc/penglai/cc_securec.h diff --git a/inc/enclave_inc/penglai/dataseal_internal.h b/sdk/inc/enclave_inc/penglai/dataseal_internal.h similarity index 100% rename from inc/enclave_inc/penglai/dataseal_internal.h rename to sdk/inc/enclave_inc/penglai/dataseal_internal.h diff --git a/inc/enclave_inc/penglai/error_conversion.h b/sdk/inc/enclave_inc/penglai/error_conversion.h similarity index 100% rename from inc/enclave_inc/penglai/error_conversion.h rename to sdk/inc/enclave_inc/penglai/error_conversion.h diff --git a/inc/enclave_inc/penglai/penglai.h b/sdk/inc/enclave_inc/penglai/penglai.h similarity index 100% rename from inc/enclave_inc/penglai/penglai.h rename to sdk/inc/enclave_inc/penglai/penglai.h diff --git a/inc/enclave_inc/penglai/penglai_ocall.h b/sdk/inc/enclave_inc/penglai/penglai_ocall.h similarity index 100% rename from inc/enclave_inc/penglai/penglai_ocall.h rename to sdk/inc/enclave_inc/penglai/penglai_ocall.h diff --git a/inc/enclave_inc/penglai/random_internal.h b/sdk/inc/enclave_inc/penglai/random_internal.h similarity index 100% rename from inc/enclave_inc/penglai/random_internal.h rename to sdk/inc/enclave_inc/penglai/random_internal.h diff --git a/inc/enclave_inc/penglai/secgear_log.h b/sdk/inc/enclave_inc/penglai/secgear_log.h similarity index 100% rename from inc/enclave_inc/penglai/secgear_log.h rename to sdk/inc/enclave_inc/penglai/secgear_log.h diff --git a/inc/enclave_inc/secgear_dataseal.h b/sdk/inc/enclave_inc/secgear_dataseal.h similarity index 100% rename from inc/enclave_inc/secgear_dataseal.h rename to sdk/inc/enclave_inc/secgear_dataseal.h diff --git a/inc/enclave_inc/secgear_random.h b/sdk/inc/enclave_inc/secgear_random.h similarity index 100% rename from inc/enclave_inc/secgear_random.h rename to sdk/inc/enclave_inc/secgear_random.h diff --git a/inc/enclave_inc/sgx/bottom_memory_check.h b/sdk/inc/enclave_inc/sgx/bottom_memory_check.h similarity index 100% rename from inc/enclave_inc/sgx/bottom_memory_check.h rename to sdk/inc/enclave_inc/sgx/bottom_memory_check.h diff --git a/inc/enclave_inc/sgx/cc_securec.h b/sdk/inc/enclave_inc/sgx/cc_securec.h similarity index 100% rename from inc/enclave_inc/sgx/cc_securec.h rename to sdk/inc/enclave_inc/sgx/cc_securec.h diff --git a/inc/enclave_inc/sgx/dataseal_internal.h b/sdk/inc/enclave_inc/sgx/dataseal_internal.h similarity index 100% rename from inc/enclave_inc/sgx/dataseal_internal.h rename to sdk/inc/enclave_inc/sgx/dataseal_internal.h diff --git a/inc/enclave_inc/sgx/error_conversion.h b/sdk/inc/enclave_inc/sgx/error_conversion.h similarity index 100% rename from inc/enclave_inc/sgx/error_conversion.h rename to sdk/inc/enclave_inc/sgx/error_conversion.h diff --git a/inc/enclave_inc/sgx/random_internal.h b/sdk/inc/enclave_inc/sgx/random_internal.h similarity index 100% rename from inc/enclave_inc/sgx/random_internal.h rename to sdk/inc/enclave_inc/sgx/random_internal.h diff --git a/inc/enclave_inc/sgx/secgear_log.h b/sdk/inc/enclave_inc/sgx/secgear_log.h similarity index 100% rename from inc/enclave_inc/sgx/secgear_log.h rename to sdk/inc/enclave_inc/sgx/secgear_log.h diff --git a/inc/host_inc/enclave.h b/sdk/inc/host_inc/enclave.h similarity index 100% rename from inc/host_inc/enclave.h rename to sdk/inc/host_inc/enclave.h diff --git a/inc/host_inc/enclave_internal.h b/sdk/inc/host_inc/enclave_internal.h similarity index 100% rename from inc/host_inc/enclave_internal.h rename to sdk/inc/host_inc/enclave_internal.h diff --git a/inc/host_inc/enclave_log.h b/sdk/inc/host_inc/enclave_log.h similarity index 100% rename from inc/host_inc/enclave_log.h rename to sdk/inc/host_inc/enclave_log.h diff --git a/inc/host_inc/gp/secgear_pthread.edl b/sdk/inc/host_inc/gp/secgear_pthread.edl similarity index 100% rename from inc/host_inc/gp/secgear_pthread.edl rename to sdk/inc/host_inc/gp/secgear_pthread.edl diff --git a/inc/host_inc/gp/secgear_tkey_exchange.edl b/sdk/inc/host_inc/gp/secgear_tkey_exchange.edl similarity index 100% rename from inc/host_inc/gp/secgear_tkey_exchange.edl rename to sdk/inc/host_inc/gp/secgear_tkey_exchange.edl diff --git a/inc/host_inc/gp/secgear_tprotected_fs.edl b/sdk/inc/host_inc/gp/secgear_tprotected_fs.edl similarity index 100% rename from inc/host_inc/gp/secgear_tprotected_fs.edl rename to sdk/inc/host_inc/gp/secgear_tprotected_fs.edl diff --git a/inc/host_inc/gp/secgear_tssl.edl b/sdk/inc/host_inc/gp/secgear_tssl.edl similarity index 100% rename from inc/host_inc/gp/secgear_tssl.edl rename to sdk/inc/host_inc/gp/secgear_tssl.edl diff --git a/inc/host_inc/gp/secgear_tstdc.edl b/sdk/inc/host_inc/gp/secgear_tstdc.edl similarity index 100% rename from inc/host_inc/gp/secgear_tstdc.edl rename to sdk/inc/host_inc/gp/secgear_tstdc.edl diff --git a/inc/host_inc/gp/secgear_tswitchless.edl b/sdk/inc/host_inc/gp/secgear_tswitchless.edl similarity index 100% rename from inc/host_inc/gp/secgear_tswitchless.edl rename to sdk/inc/host_inc/gp/secgear_tswitchless.edl diff --git a/inc/host_inc/gp/secgear_urts.h b/sdk/inc/host_inc/gp/secgear_urts.h similarity index 100% rename from inc/host_inc/gp/secgear_urts.h rename to sdk/inc/host_inc/gp/secgear_urts.h diff --git a/inc/host_inc/ocall_log.h b/sdk/inc/host_inc/ocall_log.h similarity index 100% rename from inc/host_inc/ocall_log.h rename to sdk/inc/host_inc/ocall_log.h diff --git a/inc/host_inc/penglai/secgear_pthread.edl b/sdk/inc/host_inc/penglai/secgear_pthread.edl similarity index 100% rename from inc/host_inc/penglai/secgear_pthread.edl rename to sdk/inc/host_inc/penglai/secgear_pthread.edl diff --git a/inc/host_inc/penglai/secgear_tkey_exchange.edl b/sdk/inc/host_inc/penglai/secgear_tkey_exchange.edl similarity index 100% rename from inc/host_inc/penglai/secgear_tkey_exchange.edl rename to sdk/inc/host_inc/penglai/secgear_tkey_exchange.edl diff --git a/inc/host_inc/penglai/secgear_tprotected_fs.edl b/sdk/inc/host_inc/penglai/secgear_tprotected_fs.edl similarity index 100% rename from inc/host_inc/penglai/secgear_tprotected_fs.edl rename to sdk/inc/host_inc/penglai/secgear_tprotected_fs.edl diff --git a/inc/host_inc/penglai/secgear_tssl.edl b/sdk/inc/host_inc/penglai/secgear_tssl.edl similarity index 100% rename from inc/host_inc/penglai/secgear_tssl.edl rename to sdk/inc/host_inc/penglai/secgear_tssl.edl diff --git a/inc/host_inc/penglai/secgear_tstdc.edl b/sdk/inc/host_inc/penglai/secgear_tstdc.edl similarity index 100% rename from inc/host_inc/penglai/secgear_tstdc.edl rename to sdk/inc/host_inc/penglai/secgear_tstdc.edl diff --git a/inc/host_inc/penglai/secgear_tswitchless.edl b/sdk/inc/host_inc/penglai/secgear_tswitchless.edl similarity index 100% rename from inc/host_inc/penglai/secgear_tswitchless.edl rename to sdk/inc/host_inc/penglai/secgear_tswitchless.edl diff --git a/inc/host_inc/penglai/secgear_urts.h b/sdk/inc/host_inc/penglai/secgear_urts.h similarity index 100% rename from inc/host_inc/penglai/secgear_urts.h rename to sdk/inc/host_inc/penglai/secgear_urts.h diff --git a/inc/host_inc/secgear_defs.h b/sdk/inc/host_inc/secgear_defs.h similarity index 100% rename from inc/host_inc/secgear_defs.h rename to sdk/inc/host_inc/secgear_defs.h diff --git a/inc/host_inc/secgear_shared_memory.h b/sdk/inc/host_inc/secgear_shared_memory.h similarity index 100% rename from inc/host_inc/secgear_shared_memory.h rename to sdk/inc/host_inc/secgear_shared_memory.h diff --git a/inc/host_inc/secgear_uswitchless.h b/sdk/inc/host_inc/secgear_uswitchless.h similarity index 100% rename from inc/host_inc/secgear_uswitchless.h rename to sdk/inc/host_inc/secgear_uswitchless.h diff --git a/inc/host_inc/sgx/secgear_pthread.edl b/sdk/inc/host_inc/sgx/secgear_pthread.edl similarity index 100% rename from inc/host_inc/sgx/secgear_pthread.edl rename to sdk/inc/host_inc/sgx/secgear_pthread.edl diff --git a/inc/host_inc/sgx/secgear_tkey_exchange.edl b/sdk/inc/host_inc/sgx/secgear_tkey_exchange.edl similarity index 100% rename from inc/host_inc/sgx/secgear_tkey_exchange.edl rename to sdk/inc/host_inc/sgx/secgear_tkey_exchange.edl diff --git a/inc/host_inc/sgx/secgear_tprotected_fs.edl b/sdk/inc/host_inc/sgx/secgear_tprotected_fs.edl similarity index 100% rename from inc/host_inc/sgx/secgear_tprotected_fs.edl rename to sdk/inc/host_inc/sgx/secgear_tprotected_fs.edl diff --git a/inc/host_inc/sgx/secgear_tssl.edl b/sdk/inc/host_inc/sgx/secgear_tssl.edl similarity index 100% rename from inc/host_inc/sgx/secgear_tssl.edl rename to sdk/inc/host_inc/sgx/secgear_tssl.edl diff --git a/inc/host_inc/sgx/secgear_tstdc.edl b/sdk/inc/host_inc/sgx/secgear_tstdc.edl similarity index 100% rename from inc/host_inc/sgx/secgear_tstdc.edl rename to sdk/inc/host_inc/sgx/secgear_tstdc.edl diff --git a/inc/host_inc/sgx/secgear_tswitchless.edl b/sdk/inc/host_inc/sgx/secgear_tswitchless.edl similarity index 100% rename from inc/host_inc/sgx/secgear_tswitchless.edl rename to sdk/inc/host_inc/sgx/secgear_tswitchless.edl diff --git a/inc/host_inc/sgx/secgear_urts.h b/sdk/inc/host_inc/sgx/secgear_urts.h similarity index 100% rename from inc/host_inc/sgx/secgear_urts.h rename to sdk/inc/host_inc/sgx/secgear_urts.h diff --git a/inc/host_inc/sgx/sgx_enclave.h b/sdk/inc/host_inc/sgx/sgx_enclave.h similarity index 100% rename from inc/host_inc/sgx/sgx_enclave.h rename to sdk/inc/host_inc/sgx/sgx_enclave.h diff --git a/inc/host_inc/status.h b/sdk/inc/host_inc/status.h similarity index 100% rename from inc/host_inc/status.h rename to sdk/inc/host_inc/status.h diff --git a/install_manifest.txt b/sdk/install_manifest.txt similarity index 100% rename from install_manifest.txt rename to sdk/install_manifest.txt diff --git a/src/CMakeLists.txt b/sdk/src/CMakeLists.txt similarity index 100% rename from src/CMakeLists.txt rename to sdk/src/CMakeLists.txt diff --git a/src/enclave_src/CMakeLists.txt b/sdk/src/enclave_src/CMakeLists.txt similarity index 100% rename from src/enclave_src/CMakeLists.txt rename to sdk/src/enclave_src/CMakeLists.txt diff --git a/src/enclave_src/gp/gp.c b/sdk/src/enclave_src/gp/gp.c similarity index 100% rename from src/enclave_src/gp/gp.c rename to sdk/src/enclave_src/gp/gp.c diff --git a/src/enclave_src/gp/gp_ocall.c b/sdk/src/enclave_src/gp/gp_ocall.c similarity index 100% rename from src/enclave_src/gp/gp_ocall.c rename to sdk/src/enclave_src/gp/gp_ocall.c diff --git a/src/enclave_src/gp/itrustee/CMakeLists.txt b/sdk/src/enclave_src/gp/itrustee/CMakeLists.txt similarity index 100% rename from src/enclave_src/gp/itrustee/CMakeLists.txt rename to sdk/src/enclave_src/gp/itrustee/CMakeLists.txt diff --git a/src/enclave_src/gp/itrustee/bottom_memory_check.c b/sdk/src/enclave_src/gp/itrustee/bottom_memory_check.c similarity index 100% rename from src/enclave_src/gp/itrustee/bottom_memory_check.c rename to sdk/src/enclave_src/gp/itrustee/bottom_memory_check.c diff --git a/src/enclave_src/gp/itrustee/error_conversion.c b/sdk/src/enclave_src/gp/itrustee/error_conversion.c similarity index 100% rename from src/enclave_src/gp/itrustee/error_conversion.c rename to sdk/src/enclave_src/gp/itrustee/error_conversion.c diff --git a/src/enclave_src/gp/itrustee/itrustee_random.c b/sdk/src/enclave_src/gp/itrustee/itrustee_random.c similarity index 100% rename from src/enclave_src/gp/itrustee/itrustee_random.c rename to sdk/src/enclave_src/gp/itrustee/itrustee_random.c diff --git a/src/enclave_src/gp/itrustee/itrustee_seal_data.c b/sdk/src/enclave_src/gp/itrustee/itrustee_seal_data.c similarity index 100% rename from src/enclave_src/gp/itrustee/itrustee_seal_data.c rename to sdk/src/enclave_src/gp/itrustee/itrustee_seal_data.c diff --git a/src/enclave_src/gp/itrustee/itrustee_shared_memory.c b/sdk/src/enclave_src/gp/itrustee/itrustee_shared_memory.c similarity index 100% rename from src/enclave_src/gp/itrustee/itrustee_shared_memory.c rename to sdk/src/enclave_src/gp/itrustee/itrustee_shared_memory.c diff --git a/src/enclave_src/gp/itrustee/itrustee_shared_memory.h b/sdk/src/enclave_src/gp/itrustee/itrustee_shared_memory.h similarity index 97% rename from src/enclave_src/gp/itrustee/itrustee_shared_memory.h rename to sdk/src/enclave_src/gp/itrustee/itrustee_shared_memory.h index 35ae829a58426bbe8464eaeb97fa995bd3de1725..806320e9aa47d2a6b6b23127158cb806ff04e423 100644 --- a/src/enclave_src/gp/itrustee/itrustee_shared_memory.h +++ b/sdk/src/enclave_src/gp/itrustee/itrustee_shared_memory.h @@ -1,28 +1,28 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - -#ifndef __ITRUSTEE_SHARED_MEMORY_H__ -#define __ITRUSTEE_SHARED_MEMORY_H__ - -#include "status.h" - -#ifdef __cplusplus -extern "C" { -#endif - -cc_enclave_result_t register_shared_memory_by_session(uint8_t *in_buf, uint8_t *registered_buf, void **sessionContext); -void open_session_unregister_shared_memory(void *sessionContext); - -#ifdef __cplusplus -} -#endif -#endif +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#ifndef __ITRUSTEE_SHARED_MEMORY_H__ +#define __ITRUSTEE_SHARED_MEMORY_H__ + +#include "status.h" + +#ifdef __cplusplus +extern "C" { +#endif + +cc_enclave_result_t register_shared_memory_by_session(uint8_t *in_buf, uint8_t *registered_buf, void **sessionContext); +void open_session_unregister_shared_memory(void *sessionContext); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/enclave_src/gp/itrustee/itrustee_tswitchless.c b/sdk/src/enclave_src/gp/itrustee/itrustee_tswitchless.c similarity index 100% rename from src/enclave_src/gp/itrustee/itrustee_tswitchless.c rename to sdk/src/enclave_src/gp/itrustee/itrustee_tswitchless.c diff --git a/src/enclave_src/gp/itrustee/itrustee_tswitchless.h b/sdk/src/enclave_src/gp/itrustee/itrustee_tswitchless.h similarity index 100% rename from src/enclave_src/gp/itrustee/itrustee_tswitchless.h rename to sdk/src/enclave_src/gp/itrustee/itrustee_tswitchless.h diff --git a/src/enclave_src/memory_check.c b/sdk/src/enclave_src/memory_check.c similarity index 100% rename from src/enclave_src/memory_check.c rename to sdk/src/enclave_src/memory_check.c diff --git a/src/enclave_src/penglai/CMakeLists.txt b/sdk/src/enclave_src/penglai/CMakeLists.txt similarity index 100% rename from src/enclave_src/penglai/CMakeLists.txt rename to sdk/src/enclave_src/penglai/CMakeLists.txt diff --git a/src/enclave_src/penglai/bottom_memory_check.c b/sdk/src/enclave_src/penglai/bottom_memory_check.c similarity index 100% rename from src/enclave_src/penglai/bottom_memory_check.c rename to sdk/src/enclave_src/penglai/bottom_memory_check.c diff --git a/src/enclave_src/penglai/error_conversion.c b/sdk/src/enclave_src/penglai/error_conversion.c similarity index 100% rename from src/enclave_src/penglai/error_conversion.c rename to sdk/src/enclave_src/penglai/error_conversion.c diff --git a/src/enclave_src/penglai/penglai_ocall.c b/sdk/src/enclave_src/penglai/penglai_ocall.c similarity index 100% rename from src/enclave_src/penglai/penglai_ocall.c rename to sdk/src/enclave_src/penglai/penglai_ocall.c diff --git a/src/enclave_src/penglai/penglai_random.c b/sdk/src/enclave_src/penglai/penglai_random.c similarity index 100% rename from src/enclave_src/penglai/penglai_random.c rename to sdk/src/enclave_src/penglai/penglai_random.c diff --git a/src/enclave_src/penglai/penglai_seal_data.c b/sdk/src/enclave_src/penglai/penglai_seal_data.c similarity index 100% rename from src/enclave_src/penglai/penglai_seal_data.c rename to sdk/src/enclave_src/penglai/penglai_seal_data.c diff --git a/src/enclave_src/secgear_random.c b/sdk/src/enclave_src/secgear_random.c similarity index 100% rename from src/enclave_src/secgear_random.c rename to sdk/src/enclave_src/secgear_random.c diff --git a/src/enclave_src/secgear_seal_data.c b/sdk/src/enclave_src/secgear_seal_data.c similarity index 100% rename from src/enclave_src/secgear_seal_data.c rename to sdk/src/enclave_src/secgear_seal_data.c diff --git a/src/enclave_src/sgx/CMakeLists.txt b/sdk/src/enclave_src/sgx/CMakeLists.txt similarity index 100% rename from src/enclave_src/sgx/CMakeLists.txt rename to sdk/src/enclave_src/sgx/CMakeLists.txt diff --git a/src/enclave_src/sgx/bottom_memory_check.c b/sdk/src/enclave_src/sgx/bottom_memory_check.c similarity index 100% rename from src/enclave_src/sgx/bottom_memory_check.c rename to sdk/src/enclave_src/sgx/bottom_memory_check.c diff --git a/src/enclave_src/sgx/error_conversion.c b/sdk/src/enclave_src/sgx/error_conversion.c similarity index 100% rename from src/enclave_src/sgx/error_conversion.c rename to sdk/src/enclave_src/sgx/error_conversion.c diff --git a/src/enclave_src/sgx/sgx_random.c b/sdk/src/enclave_src/sgx/sgx_random.c similarity index 100% rename from src/enclave_src/sgx/sgx_random.c rename to sdk/src/enclave_src/sgx/sgx_random.c diff --git a/src/enclave_src/sgx/sgx_seal_data.c b/sdk/src/enclave_src/sgx/sgx_seal_data.c similarity index 100% rename from src/enclave_src/sgx/sgx_seal_data.c rename to sdk/src/enclave_src/sgx/sgx_seal_data.c diff --git a/src/host_src/CMakeLists.txt b/sdk/src/host_src/CMakeLists.txt similarity index 100% rename from src/host_src/CMakeLists.txt rename to sdk/src/host_src/CMakeLists.txt diff --git a/src/host_src/enclave.c b/sdk/src/host_src/enclave.c similarity index 100% rename from src/host_src/enclave.c rename to sdk/src/host_src/enclave.c diff --git a/src/host_src/enclave_internal.c b/sdk/src/host_src/enclave_internal.c similarity index 100% rename from src/host_src/enclave_internal.c rename to sdk/src/host_src/enclave_internal.c diff --git a/src/host_src/enclave_ocall.c b/sdk/src/host_src/enclave_ocall.c similarity index 100% rename from src/host_src/enclave_ocall.c rename to sdk/src/host_src/enclave_ocall.c diff --git a/src/host_src/gp/CMakeLists.txt b/sdk/src/host_src/gp/CMakeLists.txt similarity index 100% rename from src/host_src/gp/CMakeLists.txt rename to sdk/src/host_src/gp/CMakeLists.txt diff --git a/src/host_src/gp/gp_enclave.c b/sdk/src/host_src/gp/gp_enclave.c similarity index 100% rename from src/host_src/gp/gp_enclave.c rename to sdk/src/host_src/gp/gp_enclave.c diff --git a/src/host_src/gp/gp_enclave.h b/sdk/src/host_src/gp/gp_enclave.h similarity index 100% rename from src/host_src/gp/gp_enclave.h rename to sdk/src/host_src/gp/gp_enclave.h diff --git a/src/host_src/gp/gp_shared_memory.c b/sdk/src/host_src/gp/gp_shared_memory.c similarity index 100% rename from src/host_src/gp/gp_shared_memory.c rename to sdk/src/host_src/gp/gp_shared_memory.c diff --git a/src/host_src/gp/gp_shared_memory.h b/sdk/src/host_src/gp/gp_shared_memory.h similarity index 100% rename from src/host_src/gp/gp_shared_memory.h rename to sdk/src/host_src/gp/gp_shared_memory.h diff --git a/src/host_src/gp/gp_uswitchless.c b/sdk/src/host_src/gp/gp_uswitchless.c similarity index 100% rename from src/host_src/gp/gp_uswitchless.c rename to sdk/src/host_src/gp/gp_uswitchless.c diff --git a/src/host_src/gp/gp_uswitchless.h b/sdk/src/host_src/gp/gp_uswitchless.h similarity index 100% rename from src/host_src/gp/gp_uswitchless.h rename to sdk/src/host_src/gp/gp_uswitchless.h diff --git a/src/host_src/ocall_log.c b/sdk/src/host_src/ocall_log.c similarity index 100% rename from src/host_src/ocall_log.c rename to sdk/src/host_src/ocall_log.c diff --git a/src/host_src/penglai/CMakeLists.txt b/sdk/src/host_src/penglai/CMakeLists.txt similarity index 100% rename from src/host_src/penglai/CMakeLists.txt rename to sdk/src/host_src/penglai/CMakeLists.txt diff --git a/src/host_src/penglai/penglai_enclave.c b/sdk/src/host_src/penglai/penglai_enclave.c similarity index 100% rename from src/host_src/penglai/penglai_enclave.c rename to sdk/src/host_src/penglai/penglai_enclave.c diff --git a/src/host_src/penglai/penglai_enclave.h b/sdk/src/host_src/penglai/penglai_enclave.h similarity index 100% rename from src/host_src/penglai/penglai_enclave.h rename to sdk/src/host_src/penglai/penglai_enclave.h diff --git a/src/host_src/secgear_shared_memory.c b/sdk/src/host_src/secgear_shared_memory.c similarity index 100% rename from src/host_src/secgear_shared_memory.c rename to sdk/src/host_src/secgear_shared_memory.c diff --git a/src/host_src/sgx/CMakeLists.txt b/sdk/src/host_src/sgx/CMakeLists.txt similarity index 100% rename from src/host_src/sgx/CMakeLists.txt rename to sdk/src/host_src/sgx/CMakeLists.txt diff --git a/src/host_src/sgx/sgx_enclave.c b/sdk/src/host_src/sgx/sgx_enclave.c similarity index 100% rename from src/host_src/sgx/sgx_enclave.c rename to sdk/src/host_src/sgx/sgx_enclave.c diff --git a/src/host_src/sgx/sgx_enclave.h b/sdk/src/host_src/sgx/sgx_enclave.h similarity index 100% rename from src/host_src/sgx/sgx_enclave.h rename to sdk/src/host_src/sgx/sgx_enclave.h diff --git a/src/host_src/sgx/sgx_shared_memory.c b/sdk/src/host_src/sgx/sgx_shared_memory.c similarity index 100% rename from src/host_src/sgx/sgx_shared_memory.c rename to sdk/src/host_src/sgx/sgx_shared_memory.c diff --git a/src/host_src/sgx/sgx_shared_memory.h b/sdk/src/host_src/sgx/sgx_shared_memory.h similarity index 100% rename from src/host_src/sgx/sgx_shared_memory.h rename to sdk/src/host_src/sgx/sgx_shared_memory.h diff --git a/test/CMakeLists.txt b/sdk/test/CMakeLists.txt similarity index 97% rename from test/CMakeLists.txt rename to sdk/test/CMakeLists.txt index e3f57316651330bb1774ecb901063d16ad3515c5..98894eabdb767845c346422fe5956356e9f68e43 100644 --- a/test/CMakeLists.txt +++ b/sdk/test/CMakeLists.txt @@ -1,3 +1,3 @@ -project(secGear) - -set(CMAKE_C_FLAGS "-fPIC -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -Wall -Werror") +project(secGear) + +set(CMAKE_C_FLAGS "-fPIC -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -Wall -Werror") diff --git a/test/llt.sh b/sdk/test/llt.sh similarity index 100% rename from test/llt.sh rename to sdk/test/llt.sh diff --git a/thirdparty/base64url/b64/LICENSE b/sdk/thirdparty/base64url/b64/LICENSE similarity index 100% rename from thirdparty/base64url/b64/LICENSE rename to sdk/thirdparty/base64url/b64/LICENSE diff --git a/thirdparty/base64url/b64/README.md b/sdk/thirdparty/base64url/b64/README.md similarity index 100% rename from thirdparty/base64url/b64/README.md rename to sdk/thirdparty/base64url/b64/README.md diff --git a/thirdparty/base64url/b64/b64.h b/sdk/thirdparty/base64url/b64/b64.h similarity index 100% rename from thirdparty/base64url/b64/b64.h rename to sdk/thirdparty/base64url/b64/b64.h diff --git a/thirdparty/base64url/b64/buffer.c b/sdk/thirdparty/base64url/b64/buffer.c similarity index 100% rename from thirdparty/base64url/b64/buffer.c rename to sdk/thirdparty/base64url/b64/buffer.c diff --git a/thirdparty/base64url/b64/decode.c b/sdk/thirdparty/base64url/b64/decode.c similarity index 100% rename from thirdparty/base64url/b64/decode.c rename to sdk/thirdparty/base64url/b64/decode.c diff --git a/thirdparty/base64url/b64/encode.c b/sdk/thirdparty/base64url/b64/encode.c similarity index 100% rename from thirdparty/base64url/b64/encode.c rename to sdk/thirdparty/base64url/b64/encode.c diff --git a/thirdparty/base64url/b64/notes.md b/sdk/thirdparty/base64url/b64/notes.md similarity index 94% rename from thirdparty/base64url/b64/notes.md rename to sdk/thirdparty/base64url/b64/notes.md index 63d23ba7c544666b098eea348b4dba504e50cf57..245275c1f3944af742181eca0f6782c6672b5642 100644 --- a/thirdparty/base64url/b64/notes.md +++ b/sdk/thirdparty/base64url/b64/notes.md @@ -1,10 +1,10 @@ -## b64.c - -### Download - -This library can be downloaded from address https://github.com/jwerle/b64.c. - -### Version - -The version of this library is **tag 0.1.0**. - +## b64.c + +### Download + +This library can be downloaded from address https://github.com/jwerle/b64.c. + +### Version + +The version of this library is **tag 0.1.0**. + diff --git a/thirdparty/base64url/base64url.c b/sdk/thirdparty/base64url/base64url.c similarity index 100% rename from thirdparty/base64url/base64url.c rename to sdk/thirdparty/base64url/base64url.c diff --git a/thirdparty/base64url/base64url.h b/sdk/thirdparty/base64url/base64url.h similarity index 100% rename from thirdparty/base64url/base64url.h rename to sdk/thirdparty/base64url/base64url.h diff --git a/thirdparty/cjson/cJSON.c b/sdk/thirdparty/cjson/cJSON.c similarity index 100% rename from thirdparty/cjson/cJSON.c rename to sdk/thirdparty/cjson/cJSON.c diff --git a/thirdparty/cjson/cJSON.h b/sdk/thirdparty/cjson/cJSON.h similarity index 100% rename from thirdparty/cjson/cJSON.h rename to sdk/thirdparty/cjson/cJSON.h diff --git a/thirdparty/kunpengsecl/verifier/teeverifier.h b/sdk/thirdparty/kunpengsecl/verifier/teeverifier.h similarity index 96% rename from thirdparty/kunpengsecl/verifier/teeverifier.h rename to sdk/thirdparty/kunpengsecl/verifier/teeverifier.h index 4a311f6fc378abfb4ed36eacf40771416b6b3a91..27949d53bdcc0bec22066e4533e49f77a0bc4312 100644 --- a/thirdparty/kunpengsecl/verifier/teeverifier.h +++ b/sdk/thirdparty/kunpengsecl/verifier/teeverifier.h @@ -1,50 +1,50 @@ -/* -kunpengsecl licensed under the Mulan PSL v2. -You can use this software according to the terms and conditions of -the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at: - http://license.coscl.org.cn/MulanPSL2 -THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, -EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, -MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. -See the Mulan PSL v2 for more details. -*/ - -#ifndef __VERIFIER_LIB__ -#define __VERIFIER_LIB__ - -#include -#include -#include -#include -#include -#include -#include - -#define UUID_SIZE 16 -#define HASH_SIZE 32 -//Attester will send the report by this type -typedef struct{ - uint32_t size; - uint8_t *buf; -} buffer_data; - -typedef struct -{ - uint8_t uuid[UUID_SIZE]; - uint8_t valueinfo[2][HASH_SIZE]; // valueinfo[0]=img measurement and valueinfo[1]=mem measurement -} base_value; - -enum error_status_code { - TVS_ALL_SUCCESSED = 0, - TVS_VERIFIED_NONCE_FAILED = -1, - TVS_VERIFIED_SIGNATURE_FAILED = -2, - TVS_VERIFIED_HASH_FAILED = -3, -}; - -int tee_verify_report(buffer_data *data_buf,buffer_data *nonce,int type, char *filename); -int tee_validate_report(buffer_data *buf_data, buffer_data *nonce); -int tee_verify_report2(buffer_data *buf_data, int type,base_value *baseval); -bool tee_verify_akcert(buffer_data *akcert, int type, const char *refval); -bool tee_get_akcert_data(buffer_data *akcert, buffer_data *akpub, buffer_data *drkcrt); - -#endif +/* +kunpengsecl licensed under the Mulan PSL v2. +You can use this software according to the terms and conditions of +the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at: + http://license.coscl.org.cn/MulanPSL2 +THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +See the Mulan PSL v2 for more details. +*/ + +#ifndef __VERIFIER_LIB__ +#define __VERIFIER_LIB__ + +#include +#include +#include +#include +#include +#include +#include + +#define UUID_SIZE 16 +#define HASH_SIZE 32 +//Attester will send the report by this type +typedef struct{ + uint32_t size; + uint8_t *buf; +} buffer_data; + +typedef struct +{ + uint8_t uuid[UUID_SIZE]; + uint8_t valueinfo[2][HASH_SIZE]; // valueinfo[0]=img measurement and valueinfo[1]=mem measurement +} base_value; + +enum error_status_code { + TVS_ALL_SUCCESSED = 0, + TVS_VERIFIED_NONCE_FAILED = -1, + TVS_VERIFIED_SIGNATURE_FAILED = -2, + TVS_VERIFIED_HASH_FAILED = -3, +}; + +int tee_verify_report(buffer_data *data_buf,buffer_data *nonce,int type, char *filename); +int tee_validate_report(buffer_data *buf_data, buffer_data *nonce); +int tee_verify_report2(buffer_data *buf_data, int type,base_value *baseval); +bool tee_verify_akcert(buffer_data *akcert, int type, const char *refval); +bool tee_get_akcert_data(buffer_data *akcert, buffer_data *akpub, buffer_data *drkcrt); + +#endif diff --git a/thirdparty/libqca/ra_client_api.h b/sdk/thirdparty/libqca/ra_client_api.h similarity index 100% rename from thirdparty/libqca/ra_client_api.h rename to sdk/thirdparty/libqca/ra_client_api.h diff --git a/tools/codegener/CMakeLists.txt b/sdk/tools/codegener/CMakeLists.txt similarity index 100% rename from tools/codegener/CMakeLists.txt rename to sdk/tools/codegener/CMakeLists.txt diff --git a/tools/codegener/Codegener.ml b/sdk/tools/codegener/Codegener.ml similarity index 100% rename from tools/codegener/Codegener.ml rename to sdk/tools/codegener/Codegener.ml diff --git a/tools/codegener/Commonfunc.ml b/sdk/tools/codegener/Commonfunc.ml similarity index 100% rename from tools/codegener/Commonfunc.ml rename to sdk/tools/codegener/Commonfunc.ml diff --git a/tools/codegener/Genheader.ml b/sdk/tools/codegener/Genheader.ml similarity index 100% rename from tools/codegener/Genheader.ml rename to sdk/tools/codegener/Genheader.ml diff --git a/tools/codegener/Gentrust.ml b/sdk/tools/codegener/Gentrust.ml similarity index 100% rename from tools/codegener/Gentrust.ml rename to sdk/tools/codegener/Gentrust.ml diff --git a/tools/codegener/Genuntrust.ml b/sdk/tools/codegener/Genuntrust.ml similarity index 100% rename from tools/codegener/Genuntrust.ml rename to sdk/tools/codegener/Genuntrust.ml diff --git a/tools/codegener/dune b/sdk/tools/codegener/dune similarity index 100% rename from tools/codegener/dune rename to sdk/tools/codegener/dune diff --git a/tools/codegener/dune-project b/sdk/tools/codegener/dune-project similarity index 100% rename from tools/codegener/dune-project rename to sdk/tools/codegener/dune-project diff --git a/tools/codegener/intel/Ast.ml b/sdk/tools/codegener/intel/Ast.ml similarity index 100% rename from tools/codegener/intel/Ast.ml rename to sdk/tools/codegener/intel/Ast.ml diff --git a/tools/codegener/intel/CodeGen.ml b/sdk/tools/codegener/intel/CodeGen.ml similarity index 100% rename from tools/codegener/intel/CodeGen.ml rename to sdk/tools/codegener/intel/CodeGen.ml diff --git a/tools/codegener/intel/Edger8r.ml b/sdk/tools/codegener/intel/Edger8r.ml similarity index 100% rename from tools/codegener/intel/Edger8r.ml rename to sdk/tools/codegener/intel/Edger8r.ml diff --git a/tools/codegener/intel/Lexer.mll b/sdk/tools/codegener/intel/Lexer.mll similarity index 100% rename from tools/codegener/intel/Lexer.mll rename to sdk/tools/codegener/intel/Lexer.mll diff --git a/tools/codegener/intel/Makefile b/sdk/tools/codegener/intel/Makefile similarity index 100% rename from tools/codegener/intel/Makefile rename to sdk/tools/codegener/intel/Makefile diff --git a/tools/codegener/intel/Parser.mly b/sdk/tools/codegener/intel/Parser.mly similarity index 100% rename from tools/codegener/intel/Parser.mly rename to sdk/tools/codegener/intel/Parser.mly diff --git a/tools/codegener/intel/Plugin.ml b/sdk/tools/codegener/intel/Plugin.ml similarity index 100% rename from tools/codegener/intel/Plugin.ml rename to sdk/tools/codegener/intel/Plugin.ml diff --git a/tools/codegener/intel/Preprocessor.ml b/sdk/tools/codegener/intel/Preprocessor.ml similarity index 100% rename from tools/codegener/intel/Preprocessor.ml rename to sdk/tools/codegener/intel/Preprocessor.ml diff --git a/tools/codegener/intel/SimpleStack.ml b/sdk/tools/codegener/intel/SimpleStack.ml similarity index 100% rename from tools/codegener/intel/SimpleStack.ml rename to sdk/tools/codegener/intel/SimpleStack.ml diff --git a/tools/codegener/intel/Util.ml b/sdk/tools/codegener/intel/Util.ml similarity index 100% rename from tools/codegener/intel/Util.ml rename to sdk/tools/codegener/intel/Util.ml diff --git a/tools/codegener/intel/dune b/sdk/tools/codegener/intel/dune similarity index 100% rename from tools/codegener/intel/dune rename to sdk/tools/codegener/intel/dune diff --git a/tools/codegener/main.ml b/sdk/tools/codegener/main.ml similarity index 100% rename from tools/codegener/main.ml rename to sdk/tools/codegener/main.ml diff --git a/tools/codegener/penglai/CodeGenPL.ml b/sdk/tools/codegener/penglai/CodeGenPL.ml similarity index 100% rename from tools/codegener/penglai/CodeGenPL.ml rename to sdk/tools/codegener/penglai/CodeGenPL.ml diff --git a/tools/codegener/penglai/CommonfuncPL.ml b/sdk/tools/codegener/penglai/CommonfuncPL.ml similarity index 100% rename from tools/codegener/penglai/CommonfuncPL.ml rename to sdk/tools/codegener/penglai/CommonfuncPL.ml diff --git a/tools/codegener/penglai/GenheaderPL.ml b/sdk/tools/codegener/penglai/GenheaderPL.ml similarity index 100% rename from tools/codegener/penglai/GenheaderPL.ml rename to sdk/tools/codegener/penglai/GenheaderPL.ml diff --git a/tools/codegener/penglai/GentrustPL.ml b/sdk/tools/codegener/penglai/GentrustPL.ml similarity index 100% rename from tools/codegener/penglai/GentrustPL.ml rename to sdk/tools/codegener/penglai/GentrustPL.ml diff --git a/tools/codegener/penglai/GenuntrustPL.ml b/sdk/tools/codegener/penglai/GenuntrustPL.ml similarity index 100% rename from tools/codegener/penglai/GenuntrustPL.ml rename to sdk/tools/codegener/penglai/GenuntrustPL.ml diff --git a/tools/codegener/penglai/dune b/sdk/tools/codegener/penglai/dune similarity index 100% rename from tools/codegener/penglai/dune rename to sdk/tools/codegener/penglai/dune diff --git a/tools/sign_tool/sign_tool.sh b/sdk/tools/sign_tool/sign_tool.sh similarity index 100% rename from tools/sign_tool/sign_tool.sh rename to sdk/tools/sign_tool/sign_tool.sh