From e8b1043698692aeb6c140f59e6cbb3faa5cf5110 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Sun, 27 Jul 2025 21:56:37 +0800 Subject: [PATCH 01/19] Reorgnize repo structure for incoming OS security features. Signed-off-by: MaxMadMax --- CMakeLists.txt => sdk/CMakeLists.txt | 0 {component => sdk/component}/CMakeLists.txt | 0 .../component}/local_attest/CMakeLists.txt | 0 .../component}/local_attest/gp_local_attest.c | 0 .../local_attest/local_attest_agent.h | 0 .../component}/local_attest/sg_local_attest.c | 0 .../component}/local_attest/sg_local_attest.h | 0 .../local_attest/sgx_local_attest.c | 0 .../component}/ra_tls/CMakeLists.txt | 84 +++++++-------- {component => sdk/component}/ra_tls/LICENSE | 0 {component => sdk/component}/ra_tls/README.md | 0 .../component}/ra_tls/openssl_imp.c | 0 {component => sdk/component}/ra_tls/ra_tls.c | 0 {component => sdk/component}/ra_tls/ra_tls.h | 0 .../component}/ra_tls/ra_tls_imp.h | 0 .../component}/remote_attest/CMakeLists.txt | 0 .../remote_attest/ra_report/CMakeLists.txt | 0 .../remote_attest/ra_report/gp_ra_report.c | 0 .../ra_report/gp_report_helper.c | 0 .../ra_report/gp_report_helper.h | 0 .../remote_attest/ra_report/sg_ra_report.c | 0 .../remote_attest/ra_report/sg_ra_report.h | 0 .../remote_attest/ra_report/sgx_ra_report.c | 0 .../remote_attest/ra_report/uni_ra_agent.h | 0 .../remote_attest/ra_verify/CMakeLists.txt | 0 .../ra_verify/gp_ra_report_verify.c | 0 .../ra_verify/sg_ra_report_verify.c | 0 .../ra_verify/sg_ra_report_verify.h | 0 .../ra_verify/sgx_ra_report_verify.c | 0 .../ra_verify/uni_ra_verify_agent.h | 0 .../component}/remote_attest/sg_report_st.h | 0 .../component}/secure_channel/CMakeLists.txt | 0 .../component}/secure_channel/Readme.md | 0 .../secure_channel/client/CMakeLists.txt | 0 .../client/python/sec_chl_client.py | 0 .../client/python/sec_chl_wrapper.py | 0 .../client/secure_channel_client.c | 0 .../client/secure_channel_client.h | 0 .../secure_channel/enclave/CMakeLists.txt | 0 .../secure_channel/enclave/Enclave.lds | 0 .../enclave/secure_channel_enclave.c | 0 .../enclave/secure_channel_enclave.h | 0 .../secure_channel/host/CMakeLists.txt | 0 .../host/python/sec_chl_server.py | 0 .../host/python/sec_chl_wrapper.py | 0 .../secure_channel/host/secure_channel_host.c | 0 .../secure_channel/host/secure_channel_host.h | 0 .../secure_channel/secure_channel.edl | 0 .../secure_channel/secure_channel.h | 0 .../secure_channel/secure_channel_common.c | 0 .../secure_channel/secure_channel_common.h | 0 {conf => sdk/conf}/logrotate.d/secgear | 0 {conf => sdk/conf}/rsyslog.d/secgear.conf | 0 ...77\347\224\250\346\214\207\345\215\227.md" | 0 {docs => sdk/docs}/build_install.md | 0 {docs => sdk/docs}/codegener.md | 0 {docs => sdk/docs}/disclaimer.md | 0 {docs => sdk/docs}/en/2403_LTS_SP2/_toc.yaml | 0 .../docs}/en/2403_LTS_SP2/api_reference.md | 0 .../en/2403_LTS_SP2/application_scenarios.md | 0 .../docs}/en/2403_LTS_SP2/developer_guide.md | 0 .../figures/BJCA_Crypto_Module.png | Bin .../en/2403_LTS_SP2/figures/Mindspore.png | Bin .../figures/Mindspore_original.png | Bin .../en/2403_LTS_SP2/figures/develop_step.png | Bin .../en/2403_LTS_SP2/figures/openLooKeng.png | Bin .../en/2403_LTS_SP2/figures/secGear_arch.png | Bin .../2403_LTS_SP2/figures/secret_gaussdb.png | Bin .../2403_LTS_SP2/introduction_to_secgear.md | 0 .../public_sys-resources/icon-note.gif | Bin .../en/2403_LTS_SP2/secgear_installation.md | 0 .../en/2403_LTS_SP2/using_secgear_tools.md | 0 {docs => sdk/docs}/itrustee_libc_support.md | 60 +++++------ {docs => sdk/docs}/logo.png | Bin {docs => sdk/docs}/riscv_tee.md | 0 .../docs}/secGear_RISC-V_Penglai_demo.jpeg | Bin {docs => sdk/docs}/sign_tool.md | 0 {docs => sdk/docs}/zh/2403_LTS_SP2/_toc.yaml | 0 .../docs}/zh/2403_LTS_SP2/api_reference.md | 0 .../zh/2403_LTS_SP2/application_scenarios.md | 0 .../docs}/zh/2403_LTS_SP2/developer_guide.md | 0 .../figures/BJCA_Crypto_Module.png | Bin .../zh/2403_LTS_SP2/figures/Mindspore.png | Bin .../figures/Mindspore_original.png | Bin .../zh/2403_LTS_SP2/figures/develop_step.png | Bin .../zh/2403_LTS_SP2/figures/openLooKeng.png | Bin .../zh/2403_LTS_SP2/figures/secGear_arch.png | Bin .../2403_LTS_SP2/figures/secret_gaussdb.png | Bin .../2403_LTS_SP2/introduction_to_secgear.md | 0 .../public_sys-resources/icon-note.gif | Bin .../zh/2403_LTS_SP2/secgear_installation.md | 0 .../zh/2403_LTS_SP2/using_secgear_tools.md | 0 environment => sdk/environment | 0 {inc => sdk/inc}/common_inc/bit_operation.h | 0 .../common_inc/gp/gp_shared_memory_defs.h | 0 {inc => sdk/inc}/common_inc/secgear_list.h | 0 {inc => sdk/inc}/common_inc/switchless_defs.h | 0 {inc => sdk/inc}/enclave_inc/gp/caller.h | 0 {inc => sdk/inc}/enclave_inc/gp/gp.h | 0 {inc => sdk/inc}/enclave_inc/gp/gp_ocall.h | 0 .../gp/itrustee/bottom_memory_check.h | 0 .../inc}/enclave_inc/gp/itrustee/cc_securec.h | 0 .../gp/itrustee/dataseal_internal.h | 0 .../gp/itrustee/error_conversion.h | 0 .../enclave_inc/gp/itrustee/random_internal.h | 0 .../enclave_inc/gp/itrustee/secgear_log.h | 0 .../inc}/enclave_inc/gp/itrustee/tee_agent.h | 0 .../gp/itrustee/tee_trusted_storage.h | 0 {inc => sdk/inc}/enclave_inc/memory_check.h | 0 .../enclave_inc/penglai/bottom_memory_check.h | 0 .../inc}/enclave_inc/penglai/cc_securec.h | 0 .../enclave_inc/penglai/dataseal_internal.h | 0 .../enclave_inc/penglai/error_conversion.h | 0 .../inc}/enclave_inc/penglai/penglai.h | 0 .../inc}/enclave_inc/penglai/penglai_ocall.h | 0 .../enclave_inc/penglai/random_internal.h | 0 .../inc}/enclave_inc/penglai/secgear_log.h | 0 .../inc}/enclave_inc/secgear_dataseal.h | 0 {inc => sdk/inc}/enclave_inc/secgear_random.h | 0 .../enclave_inc/sgx/bottom_memory_check.h | 0 {inc => sdk/inc}/enclave_inc/sgx/cc_securec.h | 0 .../inc}/enclave_inc/sgx/dataseal_internal.h | 0 .../inc}/enclave_inc/sgx/error_conversion.h | 0 .../inc}/enclave_inc/sgx/random_internal.h | 0 .../inc}/enclave_inc/sgx/secgear_log.h | 0 {inc => sdk/inc}/host_inc/enclave.h | 0 {inc => sdk/inc}/host_inc/enclave_internal.h | 0 {inc => sdk/inc}/host_inc/enclave_log.h | 0 .../inc}/host_inc/gp/secgear_pthread.edl | 0 .../host_inc/gp/secgear_tkey_exchange.edl | 0 .../host_inc/gp/secgear_tprotected_fs.edl | 0 {inc => sdk/inc}/host_inc/gp/secgear_tssl.edl | 0 .../inc}/host_inc/gp/secgear_tstdc.edl | 0 .../inc}/host_inc/gp/secgear_tswitchless.edl | 0 {inc => sdk/inc}/host_inc/gp/secgear_urts.h | 0 {inc => sdk/inc}/host_inc/ocall_log.h | 0 .../inc}/host_inc/penglai/secgear_pthread.edl | 0 .../penglai/secgear_tkey_exchange.edl | 0 .../penglai/secgear_tprotected_fs.edl | 0 .../inc}/host_inc/penglai/secgear_tssl.edl | 0 .../inc}/host_inc/penglai/secgear_tstdc.edl | 0 .../host_inc/penglai/secgear_tswitchless.edl | 0 .../inc}/host_inc/penglai/secgear_urts.h | 0 {inc => sdk/inc}/host_inc/secgear_defs.h | 0 .../inc}/host_inc/secgear_shared_memory.h | 0 .../inc}/host_inc/secgear_uswitchless.h | 0 .../inc}/host_inc/sgx/secgear_pthread.edl | 0 .../host_inc/sgx/secgear_tkey_exchange.edl | 0 .../host_inc/sgx/secgear_tprotected_fs.edl | 0 .../inc}/host_inc/sgx/secgear_tssl.edl | 0 .../inc}/host_inc/sgx/secgear_tstdc.edl | 0 .../inc}/host_inc/sgx/secgear_tswitchless.edl | 0 {inc => sdk/inc}/host_inc/sgx/secgear_urts.h | 0 {inc => sdk/inc}/host_inc/sgx/sgx_enclave.h | 0 {inc => sdk/inc}/host_inc/status.h | 0 .../install_manifest.txt | 0 {src => sdk/src}/CMakeLists.txt | 0 {src => sdk/src}/enclave_src/CMakeLists.txt | 0 {src => sdk/src}/enclave_src/gp/gp.c | 0 {src => sdk/src}/enclave_src/gp/gp_ocall.c | 0 .../enclave_src/gp/itrustee/CMakeLists.txt | 0 .../gp/itrustee/bottom_memory_check.c | 0 .../gp/itrustee/error_conversion.c | 0 .../enclave_src/gp/itrustee/itrustee_random.c | 0 .../gp/itrustee/itrustee_seal_data.c | 0 .../gp/itrustee/itrustee_shared_memory.c | 0 .../gp/itrustee/itrustee_shared_memory.h | 56 +++++----- .../gp/itrustee/itrustee_tswitchless.c | 0 .../gp/itrustee/itrustee_tswitchless.h | 0 {src => sdk/src}/enclave_src/memory_check.c | 0 .../src}/enclave_src/penglai/CMakeLists.txt | 0 .../enclave_src/penglai/bottom_memory_check.c | 0 .../enclave_src/penglai/error_conversion.c | 0 .../src}/enclave_src/penglai/penglai_ocall.c | 0 .../src}/enclave_src/penglai/penglai_random.c | 0 .../enclave_src/penglai/penglai_seal_data.c | 0 {src => sdk/src}/enclave_src/secgear_random.c | 0 .../src}/enclave_src/secgear_seal_data.c | 0 .../src}/enclave_src/sgx/CMakeLists.txt | 0 .../enclave_src/sgx/bottom_memory_check.c | 0 .../src}/enclave_src/sgx/error_conversion.c | 0 {src => sdk/src}/enclave_src/sgx/sgx_random.c | 0 .../src}/enclave_src/sgx/sgx_seal_data.c | 0 {src => sdk/src}/host_src/CMakeLists.txt | 0 {src => sdk/src}/host_src/enclave.c | 0 {src => sdk/src}/host_src/enclave_internal.c | 0 {src => sdk/src}/host_src/enclave_ocall.c | 0 {src => sdk/src}/host_src/gp/CMakeLists.txt | 0 {src => sdk/src}/host_src/gp/gp_enclave.c | 0 {src => sdk/src}/host_src/gp/gp_enclave.h | 0 .../src}/host_src/gp/gp_shared_memory.c | 0 .../src}/host_src/gp/gp_shared_memory.h | 0 {src => sdk/src}/host_src/gp/gp_uswitchless.c | 0 {src => sdk/src}/host_src/gp/gp_uswitchless.h | 0 {src => sdk/src}/host_src/ocall_log.c | 0 .../src}/host_src/penglai/CMakeLists.txt | 0 .../src}/host_src/penglai/penglai_enclave.c | 0 .../src}/host_src/penglai/penglai_enclave.h | 0 .../src}/host_src/secgear_shared_memory.c | 0 {src => sdk/src}/host_src/sgx/CMakeLists.txt | 0 {src => sdk/src}/host_src/sgx/sgx_enclave.c | 0 {src => sdk/src}/host_src/sgx/sgx_enclave.h | 0 .../src}/host_src/sgx/sgx_shared_memory.c | 0 .../src}/host_src/sgx/sgx_shared_memory.h | 0 {test => sdk/test}/CMakeLists.txt | 6 +- {test => sdk/test}/llt.sh | 0 .../thirdparty}/base64url/b64/LICENSE | 0 .../thirdparty}/base64url/b64/README.md | 0 .../thirdparty}/base64url/b64/b64.h | 0 .../thirdparty}/base64url/b64/buffer.c | 0 .../thirdparty}/base64url/b64/decode.c | 0 .../thirdparty}/base64url/b64/encode.c | 0 .../thirdparty}/base64url/b64/notes.md | 20 ++-- .../thirdparty}/base64url/base64url.c | 0 .../thirdparty}/base64url/base64url.h | 0 {thirdparty => sdk/thirdparty}/cjson/cJSON.c | 0 {thirdparty => sdk/thirdparty}/cjson/cJSON.h | 0 .../kunpengsecl/verifier/teeverifier.h | 100 +++++++++--------- .../thirdparty}/libqca/ra_client_api.h | 0 {tools => sdk/tools}/codegener/CMakeLists.txt | 0 {tools => sdk/tools}/codegener/Codegener.ml | 0 {tools => sdk/tools}/codegener/Commonfunc.ml | 0 {tools => sdk/tools}/codegener/Genheader.ml | 0 {tools => sdk/tools}/codegener/Gentrust.ml | 0 {tools => sdk/tools}/codegener/Genuntrust.ml | 0 {tools => sdk/tools}/codegener/dune | 0 {tools => sdk/tools}/codegener/dune-project | 0 {tools => sdk/tools}/codegener/intel/Ast.ml | 0 .../tools}/codegener/intel/CodeGen.ml | 0 .../tools}/codegener/intel/Edger8r.ml | 0 .../tools}/codegener/intel/Lexer.mll | 0 {tools => sdk/tools}/codegener/intel/Makefile | 0 .../tools}/codegener/intel/Parser.mly | 0 .../tools}/codegener/intel/Plugin.ml | 0 .../tools}/codegener/intel/Preprocessor.ml | 0 .../tools}/codegener/intel/SimpleStack.ml | 0 {tools => sdk/tools}/codegener/intel/Util.ml | 0 {tools => sdk/tools}/codegener/intel/dune | 0 {tools => sdk/tools}/codegener/main.ml | 0 .../tools}/codegener/penglai/CodeGenPL.ml | 0 .../tools}/codegener/penglai/CommonfuncPL.ml | 0 .../tools}/codegener/penglai/GenheaderPL.ml | 0 .../tools}/codegener/penglai/GentrustPL.ml | 0 .../tools}/codegener/penglai/GenuntrustPL.ml | 0 {tools => sdk/tools}/codegener/penglai/dune | 0 {tools => sdk/tools}/sign_tool/sign_tool.sh | 0 246 files changed, 163 insertions(+), 163 deletions(-) rename CMakeLists.txt => sdk/CMakeLists.txt (100%) rename {component => sdk/component}/CMakeLists.txt (100%) rename {component => sdk/component}/local_attest/CMakeLists.txt (100%) rename {component => sdk/component}/local_attest/gp_local_attest.c (100%) rename {component => sdk/component}/local_attest/local_attest_agent.h (100%) rename {component => sdk/component}/local_attest/sg_local_attest.c (100%) rename {component => sdk/component}/local_attest/sg_local_attest.h (100%) rename {component => sdk/component}/local_attest/sgx_local_attest.c (100%) rename {component => sdk/component}/ra_tls/CMakeLists.txt (97%) rename {component => sdk/component}/ra_tls/LICENSE (100%) rename {component => sdk/component}/ra_tls/README.md (100%) rename {component => sdk/component}/ra_tls/openssl_imp.c (100%) rename {component => sdk/component}/ra_tls/ra_tls.c (100%) rename {component => sdk/component}/ra_tls/ra_tls.h (100%) rename {component => sdk/component}/ra_tls/ra_tls_imp.h (100%) rename {component => sdk/component}/remote_attest/CMakeLists.txt (100%) rename {component => sdk/component}/remote_attest/ra_report/CMakeLists.txt (100%) rename {component => sdk/component}/remote_attest/ra_report/gp_ra_report.c (100%) rename {component => sdk/component}/remote_attest/ra_report/gp_report_helper.c (100%) rename {component => sdk/component}/remote_attest/ra_report/gp_report_helper.h (100%) rename {component => sdk/component}/remote_attest/ra_report/sg_ra_report.c (100%) rename {component => sdk/component}/remote_attest/ra_report/sg_ra_report.h (100%) rename {component => sdk/component}/remote_attest/ra_report/sgx_ra_report.c (100%) rename {component => sdk/component}/remote_attest/ra_report/uni_ra_agent.h (100%) rename {component => sdk/component}/remote_attest/ra_verify/CMakeLists.txt (100%) rename {component => sdk/component}/remote_attest/ra_verify/gp_ra_report_verify.c (100%) rename {component => sdk/component}/remote_attest/ra_verify/sg_ra_report_verify.c (100%) rename {component => sdk/component}/remote_attest/ra_verify/sg_ra_report_verify.h (100%) rename {component => sdk/component}/remote_attest/ra_verify/sgx_ra_report_verify.c (100%) rename {component => sdk/component}/remote_attest/ra_verify/uni_ra_verify_agent.h (100%) rename {component => sdk/component}/remote_attest/sg_report_st.h (100%) rename {component => sdk/component}/secure_channel/CMakeLists.txt (100%) rename {component => sdk/component}/secure_channel/Readme.md (100%) rename {component => sdk/component}/secure_channel/client/CMakeLists.txt (100%) rename {component => sdk/component}/secure_channel/client/python/sec_chl_client.py (100%) rename {component => sdk/component}/secure_channel/client/python/sec_chl_wrapper.py (100%) rename {component => sdk/component}/secure_channel/client/secure_channel_client.c (100%) rename {component => sdk/component}/secure_channel/client/secure_channel_client.h (100%) rename {component => sdk/component}/secure_channel/enclave/CMakeLists.txt (100%) rename {component => sdk/component}/secure_channel/enclave/Enclave.lds (100%) rename {component => sdk/component}/secure_channel/enclave/secure_channel_enclave.c (100%) rename {component => sdk/component}/secure_channel/enclave/secure_channel_enclave.h (100%) rename {component => sdk/component}/secure_channel/host/CMakeLists.txt (100%) rename {component => sdk/component}/secure_channel/host/python/sec_chl_server.py (100%) rename {component => sdk/component}/secure_channel/host/python/sec_chl_wrapper.py (100%) rename {component => sdk/component}/secure_channel/host/secure_channel_host.c (100%) rename {component => sdk/component}/secure_channel/host/secure_channel_host.h (100%) rename {component => sdk/component}/secure_channel/secure_channel.edl (100%) rename {component => sdk/component}/secure_channel/secure_channel.h (100%) rename {component => sdk/component}/secure_channel/secure_channel_common.c (100%) rename {component => sdk/component}/secure_channel/secure_channel_common.h (100%) rename {conf => sdk/conf}/logrotate.d/secgear (100%) rename {conf => sdk/conf}/rsyslog.d/secgear.conf (100%) rename "docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" => "sdk/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" (100%) rename {docs => sdk/docs}/build_install.md (100%) rename {docs => sdk/docs}/codegener.md (100%) rename {docs => sdk/docs}/disclaimer.md (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/_toc.yaml (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/api_reference.md (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/application_scenarios.md (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/developer_guide.md (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/figures/BJCA_Crypto_Module.png (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/figures/Mindspore.png (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/figures/Mindspore_original.png (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/figures/develop_step.png (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/figures/openLooKeng.png (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/figures/secGear_arch.png (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/figures/secret_gaussdb.png (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/introduction_to_secgear.md (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/public_sys-resources/icon-note.gif (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/secgear_installation.md (100%) rename {docs => sdk/docs}/en/2403_LTS_SP2/using_secgear_tools.md (100%) rename {docs => sdk/docs}/itrustee_libc_support.md (99%) rename {docs => sdk/docs}/logo.png (100%) rename {docs => sdk/docs}/riscv_tee.md (100%) rename {docs => sdk/docs}/secGear_RISC-V_Penglai_demo.jpeg (100%) rename {docs => sdk/docs}/sign_tool.md (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/_toc.yaml (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/api_reference.md (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/application_scenarios.md (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/developer_guide.md (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/figures/BJCA_Crypto_Module.png (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/figures/Mindspore.png (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/figures/Mindspore_original.png (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/figures/develop_step.png (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/figures/openLooKeng.png (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/figures/secGear_arch.png (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/figures/secret_gaussdb.png (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/introduction_to_secgear.md (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/public_sys-resources/icon-note.gif (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/secgear_installation.md (100%) rename {docs => sdk/docs}/zh/2403_LTS_SP2/using_secgear_tools.md (100%) rename environment => sdk/environment (100%) rename {inc => sdk/inc}/common_inc/bit_operation.h (100%) rename {inc => sdk/inc}/common_inc/gp/gp_shared_memory_defs.h (100%) rename {inc => sdk/inc}/common_inc/secgear_list.h (100%) rename {inc => sdk/inc}/common_inc/switchless_defs.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/caller.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/gp.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/gp_ocall.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/itrustee/bottom_memory_check.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/itrustee/cc_securec.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/itrustee/dataseal_internal.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/itrustee/error_conversion.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/itrustee/random_internal.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/itrustee/secgear_log.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/itrustee/tee_agent.h (100%) rename {inc => sdk/inc}/enclave_inc/gp/itrustee/tee_trusted_storage.h (100%) rename {inc => sdk/inc}/enclave_inc/memory_check.h (100%) rename {inc => sdk/inc}/enclave_inc/penglai/bottom_memory_check.h (100%) rename {inc => sdk/inc}/enclave_inc/penglai/cc_securec.h (100%) rename {inc => sdk/inc}/enclave_inc/penglai/dataseal_internal.h (100%) rename {inc => sdk/inc}/enclave_inc/penglai/error_conversion.h (100%) rename {inc => sdk/inc}/enclave_inc/penglai/penglai.h (100%) rename {inc => sdk/inc}/enclave_inc/penglai/penglai_ocall.h (100%) rename {inc => sdk/inc}/enclave_inc/penglai/random_internal.h (100%) rename {inc => sdk/inc}/enclave_inc/penglai/secgear_log.h (100%) rename {inc => sdk/inc}/enclave_inc/secgear_dataseal.h (100%) rename {inc => sdk/inc}/enclave_inc/secgear_random.h (100%) rename {inc => sdk/inc}/enclave_inc/sgx/bottom_memory_check.h (100%) rename {inc => sdk/inc}/enclave_inc/sgx/cc_securec.h (100%) rename {inc => sdk/inc}/enclave_inc/sgx/dataseal_internal.h (100%) rename {inc => sdk/inc}/enclave_inc/sgx/error_conversion.h (100%) rename {inc => sdk/inc}/enclave_inc/sgx/random_internal.h (100%) rename {inc => sdk/inc}/enclave_inc/sgx/secgear_log.h (100%) rename {inc => sdk/inc}/host_inc/enclave.h (100%) rename {inc => sdk/inc}/host_inc/enclave_internal.h (100%) rename {inc => sdk/inc}/host_inc/enclave_log.h (100%) rename {inc => sdk/inc}/host_inc/gp/secgear_pthread.edl (100%) rename {inc => sdk/inc}/host_inc/gp/secgear_tkey_exchange.edl (100%) rename {inc => sdk/inc}/host_inc/gp/secgear_tprotected_fs.edl (100%) rename {inc => sdk/inc}/host_inc/gp/secgear_tssl.edl (100%) rename {inc => sdk/inc}/host_inc/gp/secgear_tstdc.edl (100%) rename {inc => sdk/inc}/host_inc/gp/secgear_tswitchless.edl (100%) rename {inc => sdk/inc}/host_inc/gp/secgear_urts.h (100%) rename {inc => sdk/inc}/host_inc/ocall_log.h (100%) rename {inc => sdk/inc}/host_inc/penglai/secgear_pthread.edl (100%) rename {inc => sdk/inc}/host_inc/penglai/secgear_tkey_exchange.edl (100%) rename {inc => sdk/inc}/host_inc/penglai/secgear_tprotected_fs.edl (100%) rename {inc => sdk/inc}/host_inc/penglai/secgear_tssl.edl (100%) rename {inc => sdk/inc}/host_inc/penglai/secgear_tstdc.edl (100%) rename {inc => sdk/inc}/host_inc/penglai/secgear_tswitchless.edl (100%) rename {inc => sdk/inc}/host_inc/penglai/secgear_urts.h (100%) rename {inc => sdk/inc}/host_inc/secgear_defs.h (100%) rename {inc => sdk/inc}/host_inc/secgear_shared_memory.h (100%) rename {inc => sdk/inc}/host_inc/secgear_uswitchless.h (100%) rename {inc => sdk/inc}/host_inc/sgx/secgear_pthread.edl (100%) rename {inc => sdk/inc}/host_inc/sgx/secgear_tkey_exchange.edl (100%) rename {inc => sdk/inc}/host_inc/sgx/secgear_tprotected_fs.edl (100%) rename {inc => sdk/inc}/host_inc/sgx/secgear_tssl.edl (100%) rename {inc => sdk/inc}/host_inc/sgx/secgear_tstdc.edl (100%) rename {inc => sdk/inc}/host_inc/sgx/secgear_tswitchless.edl (100%) rename {inc => sdk/inc}/host_inc/sgx/secgear_urts.h (100%) rename {inc => sdk/inc}/host_inc/sgx/sgx_enclave.h (100%) rename {inc => sdk/inc}/host_inc/status.h (100%) rename install_manifest.txt => sdk/install_manifest.txt (100%) rename {src => sdk/src}/CMakeLists.txt (100%) rename {src => sdk/src}/enclave_src/CMakeLists.txt (100%) rename {src => sdk/src}/enclave_src/gp/gp.c (100%) rename {src => sdk/src}/enclave_src/gp/gp_ocall.c (100%) rename {src => sdk/src}/enclave_src/gp/itrustee/CMakeLists.txt (100%) rename {src => sdk/src}/enclave_src/gp/itrustee/bottom_memory_check.c (100%) rename {src => sdk/src}/enclave_src/gp/itrustee/error_conversion.c (100%) rename {src => sdk/src}/enclave_src/gp/itrustee/itrustee_random.c (100%) rename {src => sdk/src}/enclave_src/gp/itrustee/itrustee_seal_data.c (100%) rename {src => sdk/src}/enclave_src/gp/itrustee/itrustee_shared_memory.c (100%) rename {src => sdk/src}/enclave_src/gp/itrustee/itrustee_shared_memory.h (97%) rename {src => sdk/src}/enclave_src/gp/itrustee/itrustee_tswitchless.c (100%) rename {src => sdk/src}/enclave_src/gp/itrustee/itrustee_tswitchless.h (100%) rename {src => sdk/src}/enclave_src/memory_check.c (100%) rename {src => sdk/src}/enclave_src/penglai/CMakeLists.txt (100%) rename {src => sdk/src}/enclave_src/penglai/bottom_memory_check.c (100%) rename {src => sdk/src}/enclave_src/penglai/error_conversion.c (100%) rename {src => sdk/src}/enclave_src/penglai/penglai_ocall.c (100%) rename {src => sdk/src}/enclave_src/penglai/penglai_random.c (100%) rename {src => sdk/src}/enclave_src/penglai/penglai_seal_data.c (100%) rename {src => sdk/src}/enclave_src/secgear_random.c (100%) rename {src => sdk/src}/enclave_src/secgear_seal_data.c (100%) rename {src => sdk/src}/enclave_src/sgx/CMakeLists.txt (100%) rename {src => sdk/src}/enclave_src/sgx/bottom_memory_check.c (100%) rename {src => sdk/src}/enclave_src/sgx/error_conversion.c (100%) rename {src => sdk/src}/enclave_src/sgx/sgx_random.c (100%) rename {src => sdk/src}/enclave_src/sgx/sgx_seal_data.c (100%) rename {src => sdk/src}/host_src/CMakeLists.txt (100%) rename {src => sdk/src}/host_src/enclave.c (100%) rename {src => sdk/src}/host_src/enclave_internal.c (100%) rename {src => sdk/src}/host_src/enclave_ocall.c (100%) rename {src => sdk/src}/host_src/gp/CMakeLists.txt (100%) rename {src => sdk/src}/host_src/gp/gp_enclave.c (100%) rename {src => sdk/src}/host_src/gp/gp_enclave.h (100%) rename {src => sdk/src}/host_src/gp/gp_shared_memory.c (100%) rename {src => sdk/src}/host_src/gp/gp_shared_memory.h (100%) rename {src => sdk/src}/host_src/gp/gp_uswitchless.c (100%) rename {src => sdk/src}/host_src/gp/gp_uswitchless.h (100%) rename {src => sdk/src}/host_src/ocall_log.c (100%) rename {src => sdk/src}/host_src/penglai/CMakeLists.txt (100%) rename {src => sdk/src}/host_src/penglai/penglai_enclave.c (100%) rename {src => sdk/src}/host_src/penglai/penglai_enclave.h (100%) rename {src => sdk/src}/host_src/secgear_shared_memory.c (100%) rename {src => sdk/src}/host_src/sgx/CMakeLists.txt (100%) rename {src => sdk/src}/host_src/sgx/sgx_enclave.c (100%) rename {src => sdk/src}/host_src/sgx/sgx_enclave.h (100%) rename {src => sdk/src}/host_src/sgx/sgx_shared_memory.c (100%) rename {src => sdk/src}/host_src/sgx/sgx_shared_memory.h (100%) rename {test => sdk/test}/CMakeLists.txt (97%) rename {test => sdk/test}/llt.sh (100%) rename {thirdparty => sdk/thirdparty}/base64url/b64/LICENSE (100%) rename {thirdparty => sdk/thirdparty}/base64url/b64/README.md (100%) rename {thirdparty => sdk/thirdparty}/base64url/b64/b64.h (100%) rename {thirdparty => sdk/thirdparty}/base64url/b64/buffer.c (100%) rename {thirdparty => sdk/thirdparty}/base64url/b64/decode.c (100%) rename {thirdparty => sdk/thirdparty}/base64url/b64/encode.c (100%) rename {thirdparty => sdk/thirdparty}/base64url/b64/notes.md (94%) rename {thirdparty => sdk/thirdparty}/base64url/base64url.c (100%) rename {thirdparty => sdk/thirdparty}/base64url/base64url.h (100%) rename {thirdparty => sdk/thirdparty}/cjson/cJSON.c (100%) rename {thirdparty => sdk/thirdparty}/cjson/cJSON.h (100%) rename {thirdparty => sdk/thirdparty}/kunpengsecl/verifier/teeverifier.h (96%) rename {thirdparty => sdk/thirdparty}/libqca/ra_client_api.h (100%) rename {tools => sdk/tools}/codegener/CMakeLists.txt (100%) rename {tools => sdk/tools}/codegener/Codegener.ml (100%) rename {tools => sdk/tools}/codegener/Commonfunc.ml (100%) rename {tools => sdk/tools}/codegener/Genheader.ml (100%) rename {tools => sdk/tools}/codegener/Gentrust.ml (100%) rename {tools => sdk/tools}/codegener/Genuntrust.ml (100%) rename {tools => sdk/tools}/codegener/dune (100%) rename {tools => sdk/tools}/codegener/dune-project (100%) rename {tools => sdk/tools}/codegener/intel/Ast.ml (100%) rename {tools => sdk/tools}/codegener/intel/CodeGen.ml (100%) rename {tools => sdk/tools}/codegener/intel/Edger8r.ml (100%) rename {tools => sdk/tools}/codegener/intel/Lexer.mll (100%) rename {tools => sdk/tools}/codegener/intel/Makefile (100%) rename {tools => sdk/tools}/codegener/intel/Parser.mly (100%) rename {tools => sdk/tools}/codegener/intel/Plugin.ml (100%) rename {tools => sdk/tools}/codegener/intel/Preprocessor.ml (100%) rename {tools => sdk/tools}/codegener/intel/SimpleStack.ml (100%) rename {tools => sdk/tools}/codegener/intel/Util.ml (100%) rename {tools => sdk/tools}/codegener/intel/dune (100%) rename {tools => sdk/tools}/codegener/main.ml (100%) rename {tools => sdk/tools}/codegener/penglai/CodeGenPL.ml (100%) rename {tools => sdk/tools}/codegener/penglai/CommonfuncPL.ml (100%) rename {tools => sdk/tools}/codegener/penglai/GenheaderPL.ml (100%) rename {tools => sdk/tools}/codegener/penglai/GentrustPL.ml (100%) rename {tools => sdk/tools}/codegener/penglai/GenuntrustPL.ml (100%) rename {tools => sdk/tools}/codegener/penglai/dune (100%) rename {tools => sdk/tools}/sign_tool/sign_tool.sh (100%) diff --git a/CMakeLists.txt b/sdk/CMakeLists.txt similarity index 100% rename from CMakeLists.txt rename to sdk/CMakeLists.txt diff --git a/component/CMakeLists.txt b/sdk/component/CMakeLists.txt similarity index 100% rename from component/CMakeLists.txt rename to sdk/component/CMakeLists.txt diff --git a/component/local_attest/CMakeLists.txt b/sdk/component/local_attest/CMakeLists.txt similarity index 100% rename from component/local_attest/CMakeLists.txt rename to sdk/component/local_attest/CMakeLists.txt diff --git a/component/local_attest/gp_local_attest.c b/sdk/component/local_attest/gp_local_attest.c similarity index 100% rename from component/local_attest/gp_local_attest.c rename to sdk/component/local_attest/gp_local_attest.c diff --git a/component/local_attest/local_attest_agent.h b/sdk/component/local_attest/local_attest_agent.h similarity index 100% rename from component/local_attest/local_attest_agent.h rename to sdk/component/local_attest/local_attest_agent.h diff --git a/component/local_attest/sg_local_attest.c b/sdk/component/local_attest/sg_local_attest.c similarity index 100% rename from component/local_attest/sg_local_attest.c rename to sdk/component/local_attest/sg_local_attest.c diff --git a/component/local_attest/sg_local_attest.h b/sdk/component/local_attest/sg_local_attest.h similarity index 100% rename from component/local_attest/sg_local_attest.h rename to sdk/component/local_attest/sg_local_attest.h diff --git a/component/local_attest/sgx_local_attest.c b/sdk/component/local_attest/sgx_local_attest.c similarity index 100% rename from component/local_attest/sgx_local_attest.c rename to sdk/component/local_attest/sgx_local_attest.c diff --git a/component/ra_tls/CMakeLists.txt b/sdk/component/ra_tls/CMakeLists.txt similarity index 97% rename from component/ra_tls/CMakeLists.txt rename to sdk/component/ra_tls/CMakeLists.txt index c46a3ee..7644a69 100644 --- a/component/ra_tls/CMakeLists.txt +++ b/sdk/component/ra_tls/CMakeLists.txt @@ -1,43 +1,43 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -cmake_minimum_required(VERSION 3.10 FATAL_ERROR) -project(ra_tls VERSION 0.1) - -set(LIB_NAME ra_tls) -set(LIB_SRC ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls.c) -set(LD_SO cjson curl) -set(HEADER_FILES ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls.h ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls_imp.h) -if (NOT TLS_LIB) -set(TLS_LIB OPENSSL) -endif() -if (CMAKE_BUILD_TYPE MATCHES Debug) -add_definitions(-DDEBUG) -endif() -if (TLS_LIB MATCHES OPENSSL) - add_definitions(-DUSE_OPENSSL) - set(LD_SO ${LD_SO} crypto ssl) - set(LIB_SRC ${LIB_SRC} ${CMAKE_CURRENT_SOURCE_DIR}/openssl_imp.c) -else() - message(FATAL_ERROR "TLS_LIB should defined") -endif() - -FILE(GLOB_RECURSE BASE64_SRC CONFIGURE_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/../../thirdparty/base64url/*.c") -include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../thirdparty/base64url) - -set(LIB_SRC ${LIB_SRC} ${BASE64_SRC}) -add_library(${LIB_NAME} SHARED ${LIB_SRC}) -target_link_libraries(${LIB_NAME} PUBLIC ${LD_SO}) - -set_target_properties(${LIB_NAME} PROPERTIES PUBLIC_HEADER "${HEADER_FILES}") -install(TARGETS ${LIB_NAME} - LIBRARY DESTINATION ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64 - PUBLIC_HEADER DESTINATION ${LOCAL_ROOT_PATH_INSTALL}/usr/include/secGear +# Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +cmake_minimum_required(VERSION 3.10 FATAL_ERROR) +project(ra_tls VERSION 0.1) + +set(LIB_NAME ra_tls) +set(LIB_SRC ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls.c) +set(LD_SO cjson curl) +set(HEADER_FILES ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls.h ${CMAKE_CURRENT_SOURCE_DIR}/ra_tls_imp.h) +if (NOT TLS_LIB) +set(TLS_LIB OPENSSL) +endif() +if (CMAKE_BUILD_TYPE MATCHES Debug) +add_definitions(-DDEBUG) +endif() +if (TLS_LIB MATCHES OPENSSL) + add_definitions(-DUSE_OPENSSL) + set(LD_SO ${LD_SO} crypto ssl) + set(LIB_SRC ${LIB_SRC} ${CMAKE_CURRENT_SOURCE_DIR}/openssl_imp.c) +else() + message(FATAL_ERROR "TLS_LIB should defined") +endif() + +FILE(GLOB_RECURSE BASE64_SRC CONFIGURE_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/../../thirdparty/base64url/*.c") +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../thirdparty/base64url) + +set(LIB_SRC ${LIB_SRC} ${BASE64_SRC}) +add_library(${LIB_NAME} SHARED ${LIB_SRC}) +target_link_libraries(${LIB_NAME} PUBLIC ${LD_SO}) + +set_target_properties(${LIB_NAME} PROPERTIES PUBLIC_HEADER "${HEADER_FILES}") +install(TARGETS ${LIB_NAME} + LIBRARY DESTINATION ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64 + PUBLIC_HEADER DESTINATION ${LOCAL_ROOT_PATH_INSTALL}/usr/include/secGear PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) \ No newline at end of file diff --git a/component/ra_tls/LICENSE b/sdk/component/ra_tls/LICENSE similarity index 100% rename from component/ra_tls/LICENSE rename to sdk/component/ra_tls/LICENSE diff --git a/component/ra_tls/README.md b/sdk/component/ra_tls/README.md similarity index 100% rename from component/ra_tls/README.md rename to sdk/component/ra_tls/README.md diff --git a/component/ra_tls/openssl_imp.c b/sdk/component/ra_tls/openssl_imp.c similarity index 100% rename from component/ra_tls/openssl_imp.c rename to sdk/component/ra_tls/openssl_imp.c diff --git a/component/ra_tls/ra_tls.c b/sdk/component/ra_tls/ra_tls.c similarity index 100% rename from component/ra_tls/ra_tls.c rename to sdk/component/ra_tls/ra_tls.c diff --git a/component/ra_tls/ra_tls.h b/sdk/component/ra_tls/ra_tls.h similarity index 100% rename from component/ra_tls/ra_tls.h rename to sdk/component/ra_tls/ra_tls.h diff --git a/component/ra_tls/ra_tls_imp.h b/sdk/component/ra_tls/ra_tls_imp.h similarity index 100% rename from component/ra_tls/ra_tls_imp.h rename to sdk/component/ra_tls/ra_tls_imp.h diff --git a/component/remote_attest/CMakeLists.txt b/sdk/component/remote_attest/CMakeLists.txt similarity index 100% rename from component/remote_attest/CMakeLists.txt rename to sdk/component/remote_attest/CMakeLists.txt diff --git a/component/remote_attest/ra_report/CMakeLists.txt b/sdk/component/remote_attest/ra_report/CMakeLists.txt similarity index 100% rename from component/remote_attest/ra_report/CMakeLists.txt rename to sdk/component/remote_attest/ra_report/CMakeLists.txt diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/sdk/component/remote_attest/ra_report/gp_ra_report.c similarity index 100% rename from component/remote_attest/ra_report/gp_ra_report.c rename to sdk/component/remote_attest/ra_report/gp_ra_report.c diff --git a/component/remote_attest/ra_report/gp_report_helper.c b/sdk/component/remote_attest/ra_report/gp_report_helper.c similarity index 100% rename from component/remote_attest/ra_report/gp_report_helper.c rename to sdk/component/remote_attest/ra_report/gp_report_helper.c diff --git a/component/remote_attest/ra_report/gp_report_helper.h b/sdk/component/remote_attest/ra_report/gp_report_helper.h similarity index 100% rename from component/remote_attest/ra_report/gp_report_helper.h rename to sdk/component/remote_attest/ra_report/gp_report_helper.h diff --git a/component/remote_attest/ra_report/sg_ra_report.c b/sdk/component/remote_attest/ra_report/sg_ra_report.c similarity index 100% rename from component/remote_attest/ra_report/sg_ra_report.c rename to sdk/component/remote_attest/ra_report/sg_ra_report.c diff --git a/component/remote_attest/ra_report/sg_ra_report.h b/sdk/component/remote_attest/ra_report/sg_ra_report.h similarity index 100% rename from component/remote_attest/ra_report/sg_ra_report.h rename to sdk/component/remote_attest/ra_report/sg_ra_report.h diff --git a/component/remote_attest/ra_report/sgx_ra_report.c b/sdk/component/remote_attest/ra_report/sgx_ra_report.c similarity index 100% rename from component/remote_attest/ra_report/sgx_ra_report.c rename to sdk/component/remote_attest/ra_report/sgx_ra_report.c diff --git a/component/remote_attest/ra_report/uni_ra_agent.h b/sdk/component/remote_attest/ra_report/uni_ra_agent.h similarity index 100% rename from component/remote_attest/ra_report/uni_ra_agent.h rename to sdk/component/remote_attest/ra_report/uni_ra_agent.h diff --git a/component/remote_attest/ra_verify/CMakeLists.txt b/sdk/component/remote_attest/ra_verify/CMakeLists.txt similarity index 100% rename from component/remote_attest/ra_verify/CMakeLists.txt rename to sdk/component/remote_attest/ra_verify/CMakeLists.txt diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.c b/sdk/component/remote_attest/ra_verify/gp_ra_report_verify.c similarity index 100% rename from component/remote_attest/ra_verify/gp_ra_report_verify.c rename to sdk/component/remote_attest/ra_verify/gp_ra_report_verify.c diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.c b/sdk/component/remote_attest/ra_verify/sg_ra_report_verify.c similarity index 100% rename from component/remote_attest/ra_verify/sg_ra_report_verify.c rename to sdk/component/remote_attest/ra_verify/sg_ra_report_verify.c diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.h b/sdk/component/remote_attest/ra_verify/sg_ra_report_verify.h similarity index 100% rename from component/remote_attest/ra_verify/sg_ra_report_verify.h rename to sdk/component/remote_attest/ra_verify/sg_ra_report_verify.h diff --git a/component/remote_attest/ra_verify/sgx_ra_report_verify.c b/sdk/component/remote_attest/ra_verify/sgx_ra_report_verify.c similarity index 100% rename from component/remote_attest/ra_verify/sgx_ra_report_verify.c rename to sdk/component/remote_attest/ra_verify/sgx_ra_report_verify.c diff --git a/component/remote_attest/ra_verify/uni_ra_verify_agent.h b/sdk/component/remote_attest/ra_verify/uni_ra_verify_agent.h similarity index 100% rename from component/remote_attest/ra_verify/uni_ra_verify_agent.h rename to sdk/component/remote_attest/ra_verify/uni_ra_verify_agent.h diff --git a/component/remote_attest/sg_report_st.h b/sdk/component/remote_attest/sg_report_st.h similarity index 100% rename from component/remote_attest/sg_report_st.h rename to sdk/component/remote_attest/sg_report_st.h diff --git a/component/secure_channel/CMakeLists.txt b/sdk/component/secure_channel/CMakeLists.txt similarity index 100% rename from component/secure_channel/CMakeLists.txt rename to sdk/component/secure_channel/CMakeLists.txt diff --git a/component/secure_channel/Readme.md b/sdk/component/secure_channel/Readme.md similarity index 100% rename from component/secure_channel/Readme.md rename to sdk/component/secure_channel/Readme.md diff --git a/component/secure_channel/client/CMakeLists.txt b/sdk/component/secure_channel/client/CMakeLists.txt similarity index 100% rename from component/secure_channel/client/CMakeLists.txt rename to sdk/component/secure_channel/client/CMakeLists.txt diff --git a/component/secure_channel/client/python/sec_chl_client.py b/sdk/component/secure_channel/client/python/sec_chl_client.py similarity index 100% rename from component/secure_channel/client/python/sec_chl_client.py rename to sdk/component/secure_channel/client/python/sec_chl_client.py diff --git a/component/secure_channel/client/python/sec_chl_wrapper.py b/sdk/component/secure_channel/client/python/sec_chl_wrapper.py similarity index 100% rename from component/secure_channel/client/python/sec_chl_wrapper.py rename to sdk/component/secure_channel/client/python/sec_chl_wrapper.py diff --git a/component/secure_channel/client/secure_channel_client.c b/sdk/component/secure_channel/client/secure_channel_client.c similarity index 100% rename from component/secure_channel/client/secure_channel_client.c rename to sdk/component/secure_channel/client/secure_channel_client.c diff --git a/component/secure_channel/client/secure_channel_client.h b/sdk/component/secure_channel/client/secure_channel_client.h similarity index 100% rename from component/secure_channel/client/secure_channel_client.h rename to sdk/component/secure_channel/client/secure_channel_client.h diff --git a/component/secure_channel/enclave/CMakeLists.txt b/sdk/component/secure_channel/enclave/CMakeLists.txt similarity index 100% rename from component/secure_channel/enclave/CMakeLists.txt rename to sdk/component/secure_channel/enclave/CMakeLists.txt diff --git a/component/secure_channel/enclave/Enclave.lds b/sdk/component/secure_channel/enclave/Enclave.lds similarity index 100% rename from component/secure_channel/enclave/Enclave.lds rename to sdk/component/secure_channel/enclave/Enclave.lds diff --git a/component/secure_channel/enclave/secure_channel_enclave.c b/sdk/component/secure_channel/enclave/secure_channel_enclave.c similarity index 100% rename from component/secure_channel/enclave/secure_channel_enclave.c rename to sdk/component/secure_channel/enclave/secure_channel_enclave.c diff --git a/component/secure_channel/enclave/secure_channel_enclave.h b/sdk/component/secure_channel/enclave/secure_channel_enclave.h similarity index 100% rename from component/secure_channel/enclave/secure_channel_enclave.h rename to sdk/component/secure_channel/enclave/secure_channel_enclave.h diff --git a/component/secure_channel/host/CMakeLists.txt b/sdk/component/secure_channel/host/CMakeLists.txt similarity index 100% rename from component/secure_channel/host/CMakeLists.txt rename to sdk/component/secure_channel/host/CMakeLists.txt diff --git a/component/secure_channel/host/python/sec_chl_server.py b/sdk/component/secure_channel/host/python/sec_chl_server.py similarity index 100% rename from component/secure_channel/host/python/sec_chl_server.py rename to sdk/component/secure_channel/host/python/sec_chl_server.py diff --git a/component/secure_channel/host/python/sec_chl_wrapper.py b/sdk/component/secure_channel/host/python/sec_chl_wrapper.py similarity index 100% rename from component/secure_channel/host/python/sec_chl_wrapper.py rename to sdk/component/secure_channel/host/python/sec_chl_wrapper.py diff --git a/component/secure_channel/host/secure_channel_host.c b/sdk/component/secure_channel/host/secure_channel_host.c similarity index 100% rename from component/secure_channel/host/secure_channel_host.c rename to sdk/component/secure_channel/host/secure_channel_host.c diff --git a/component/secure_channel/host/secure_channel_host.h b/sdk/component/secure_channel/host/secure_channel_host.h similarity index 100% rename from component/secure_channel/host/secure_channel_host.h rename to sdk/component/secure_channel/host/secure_channel_host.h diff --git a/component/secure_channel/secure_channel.edl b/sdk/component/secure_channel/secure_channel.edl similarity index 100% rename from component/secure_channel/secure_channel.edl rename to sdk/component/secure_channel/secure_channel.edl diff --git a/component/secure_channel/secure_channel.h b/sdk/component/secure_channel/secure_channel.h similarity index 100% rename from component/secure_channel/secure_channel.h rename to sdk/component/secure_channel/secure_channel.h diff --git a/component/secure_channel/secure_channel_common.c b/sdk/component/secure_channel/secure_channel_common.c similarity index 100% rename from component/secure_channel/secure_channel_common.c rename to sdk/component/secure_channel/secure_channel_common.c diff --git a/component/secure_channel/secure_channel_common.h b/sdk/component/secure_channel/secure_channel_common.h similarity index 100% rename from component/secure_channel/secure_channel_common.h rename to sdk/component/secure_channel/secure_channel_common.h diff --git a/conf/logrotate.d/secgear b/sdk/conf/logrotate.d/secgear similarity index 100% rename from conf/logrotate.d/secgear rename to sdk/conf/logrotate.d/secgear diff --git a/conf/rsyslog.d/secgear.conf b/sdk/conf/rsyslog.d/secgear.conf similarity index 100% rename from conf/rsyslog.d/secgear.conf rename to sdk/conf/rsyslog.d/secgear.conf diff --git "a/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/sdk/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" similarity index 100% rename from "docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" rename to "sdk/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" diff --git a/docs/build_install.md b/sdk/docs/build_install.md similarity index 100% rename from docs/build_install.md rename to sdk/docs/build_install.md diff --git a/docs/codegener.md b/sdk/docs/codegener.md similarity index 100% rename from docs/codegener.md rename to sdk/docs/codegener.md diff --git a/docs/disclaimer.md b/sdk/docs/disclaimer.md similarity index 100% rename from docs/disclaimer.md rename to sdk/docs/disclaimer.md diff --git a/docs/en/2403_LTS_SP2/_toc.yaml b/sdk/docs/en/2403_LTS_SP2/_toc.yaml similarity index 100% rename from docs/en/2403_LTS_SP2/_toc.yaml rename to sdk/docs/en/2403_LTS_SP2/_toc.yaml diff --git a/docs/en/2403_LTS_SP2/api_reference.md b/sdk/docs/en/2403_LTS_SP2/api_reference.md similarity index 100% rename from docs/en/2403_LTS_SP2/api_reference.md rename to sdk/docs/en/2403_LTS_SP2/api_reference.md diff --git a/docs/en/2403_LTS_SP2/application_scenarios.md b/sdk/docs/en/2403_LTS_SP2/application_scenarios.md similarity index 100% rename from docs/en/2403_LTS_SP2/application_scenarios.md rename to sdk/docs/en/2403_LTS_SP2/application_scenarios.md diff --git a/docs/en/2403_LTS_SP2/developer_guide.md b/sdk/docs/en/2403_LTS_SP2/developer_guide.md similarity index 100% rename from docs/en/2403_LTS_SP2/developer_guide.md rename to sdk/docs/en/2403_LTS_SP2/developer_guide.md diff --git a/docs/en/2403_LTS_SP2/figures/BJCA_Crypto_Module.png b/sdk/docs/en/2403_LTS_SP2/figures/BJCA_Crypto_Module.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/BJCA_Crypto_Module.png rename to sdk/docs/en/2403_LTS_SP2/figures/BJCA_Crypto_Module.png diff --git a/docs/en/2403_LTS_SP2/figures/Mindspore.png b/sdk/docs/en/2403_LTS_SP2/figures/Mindspore.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/Mindspore.png rename to sdk/docs/en/2403_LTS_SP2/figures/Mindspore.png diff --git a/docs/en/2403_LTS_SP2/figures/Mindspore_original.png b/sdk/docs/en/2403_LTS_SP2/figures/Mindspore_original.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/Mindspore_original.png rename to sdk/docs/en/2403_LTS_SP2/figures/Mindspore_original.png diff --git a/docs/en/2403_LTS_SP2/figures/develop_step.png b/sdk/docs/en/2403_LTS_SP2/figures/develop_step.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/develop_step.png rename to sdk/docs/en/2403_LTS_SP2/figures/develop_step.png diff --git a/docs/en/2403_LTS_SP2/figures/openLooKeng.png b/sdk/docs/en/2403_LTS_SP2/figures/openLooKeng.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/openLooKeng.png rename to sdk/docs/en/2403_LTS_SP2/figures/openLooKeng.png diff --git a/docs/en/2403_LTS_SP2/figures/secGear_arch.png b/sdk/docs/en/2403_LTS_SP2/figures/secGear_arch.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/secGear_arch.png rename to sdk/docs/en/2403_LTS_SP2/figures/secGear_arch.png diff --git a/docs/en/2403_LTS_SP2/figures/secret_gaussdb.png b/sdk/docs/en/2403_LTS_SP2/figures/secret_gaussdb.png similarity index 100% rename from docs/en/2403_LTS_SP2/figures/secret_gaussdb.png rename to sdk/docs/en/2403_LTS_SP2/figures/secret_gaussdb.png diff --git a/docs/en/2403_LTS_SP2/introduction_to_secgear.md b/sdk/docs/en/2403_LTS_SP2/introduction_to_secgear.md similarity index 100% rename from docs/en/2403_LTS_SP2/introduction_to_secgear.md rename to sdk/docs/en/2403_LTS_SP2/introduction_to_secgear.md diff --git a/docs/en/2403_LTS_SP2/public_sys-resources/icon-note.gif b/sdk/docs/en/2403_LTS_SP2/public_sys-resources/icon-note.gif similarity index 100% rename from docs/en/2403_LTS_SP2/public_sys-resources/icon-note.gif rename to sdk/docs/en/2403_LTS_SP2/public_sys-resources/icon-note.gif diff --git a/docs/en/2403_LTS_SP2/secgear_installation.md b/sdk/docs/en/2403_LTS_SP2/secgear_installation.md similarity index 100% rename from docs/en/2403_LTS_SP2/secgear_installation.md rename to sdk/docs/en/2403_LTS_SP2/secgear_installation.md diff --git a/docs/en/2403_LTS_SP2/using_secgear_tools.md b/sdk/docs/en/2403_LTS_SP2/using_secgear_tools.md similarity index 100% rename from docs/en/2403_LTS_SP2/using_secgear_tools.md rename to sdk/docs/en/2403_LTS_SP2/using_secgear_tools.md diff --git a/docs/itrustee_libc_support.md b/sdk/docs/itrustee_libc_support.md similarity index 99% rename from docs/itrustee_libc_support.md rename to sdk/docs/itrustee_libc_support.md index bcfce46..4b395d3 100644 --- a/docs/itrustee_libc_support.md +++ b/sdk/docs/itrustee_libc_support.md @@ -1,31 +1,31 @@ -# iTrustee TEE support for libc - ------- - -| Header | Supported | Comments | -| ----------- | --------- | ------------------------------------------------------------ | -| alloca.h | Yes | - | -| arpa/inet.h | Partial | Unsupported functions: inet_neta(), inet_net_ntop(), inet_net_pton(), inet_nsap_addr(), inet_nsap_ntoa() | -| assert.h | Yes | - | -| ctype.h | Partial | Unsupported functions: isctype() | -| dlfcn.h | Partial | Unsupported functions: dlmopen(), dlvsym(), dladdr1() | -| errno.h | Yes | - | -| fcntl.h | Yes | - | -| inttypes.h | Partial | supported functions: imaxabs(), imaxdiv(), strtoimax(), strtoumax(), wcstoimax(), wcstoumax() | -| locale.h | Yes | - | -| malloc.h | Partial | supported functions: malloc(), calloc(), realloc(), free(), valloc(), memalign(), malloc_usable_size() | -| netdb.h | Partial | Unsupported functions: gethostent_r(), getnetent_r(), getnetbyaddr_r(), getnetbyname_r(), getservent_r(), getprotoent_r(), getprotobyname_r(), getprotobynumber_r(), setnetgrent endnetgrent(), getnetgrent innetgr(), getnetgrent_r(), rcmd(), rcmd_af(), rexec(), rexec_af(), ruserok(), ruserok_af(), iruserok(), iruserok_af(), rresvport(), rresvport_af(), getaddrinfo_a(), gai_suspend gai_error(), gai_cancel() | -| poll.h | Partial | Unsupported functions: ppoll() | -| pthread.h | Partial | Unsupported functions: pthread_attr_getstackaddr(), pthread_attr_setstackaddr(), pthread_attr_setaffinity_np(), pthread_attr_getaffinity_np(), pthread_getname_np(), pthread_yield(), pthread_mutex_consistent_np(), pthread_mutexattr_getrobust_np(), pthread_mutexattr_setrobust_np(), pthread_rwlockattr_getkind_np(), pthread_rwlockattr_setkind_np() | -| sched.h | Yes | - | -| semaphore.h | Yes | - | -| setjmp.h | Yes | - | -| signal.h | Partial | Unsupported functions: sysv_signal(), ssignal(), gsignal(), sigblock(), sigsetmask(), siggetmask(), sigreturn(), sigstack() | -| stdio.h | Partial | Unsupported functions: renameat2(), tmpnam_r(), fcloseall(), obstack_printf(), obstack_vprintf(), uflow(), overflow() | -| stdlib.h | Partial | Unsupported functions: strtof16(), strtof32(), strtof64(), strtof128(), strtof32x(), strtof64x(), strtof128x(), strtoq(), strtouq(), strfromd(), strfromf(), strfroml(), strfromf16(), strfromf32(), strfromf64(), strfromf128(), strfromf32x(), strfromf64x(), strfromf128x(), strtol_l(), strtoul_l(), strtoll_l(), strtoull_l(), strtof16_l(), strtof32_l(), strtof64_l(), strtof128_l(), strtof32x_l(), strtof64x_l(), strtof128x_l(), random_r(), srandom_r(), initstate_r(), setstate_r(), drand48_r(), erand48_r(), lrand48_r(), nrand48_r(), mrand48_r(), jrand48_r(), srand48_r(), seed48_r(), lcong48_r(), reallocarray(), on_exit(), canonicalize_file_name(), qsort_r(), qecvt(), qfcvt(), qgcvt(), ecvt_r(), fcvt_r(), fcvt_r(), qfcvt_r(), rpmatch(), getpt(),ttyslot() | -| string.h | Partial | Unsupported functions: rawmemchr(), strfry(), memfrob() | -| strings.h | Yes | - | -| time.h | Partial | Unsupported functions: strptime_l(), timelocal(), dysize(), timespec_get(), getdate_r() | -| unistd.h | Partial | Unsupported functions: lseek(), lseek64(), pread64(), pwrite64(), getwd(), group_member(), ttyslot(), setlogin(), revoke(), profil(), truncate64(), ftruncate64(), lockf(), lockf64(), cuserid(), pthread_atfork() | -| wchar.h | Partial | Unsupported functions: wcschrnul(), wmempcpy(), wcstof16(), wcstof32(), wcstof64(), wcstof128(), wcstof32x(), wcstof64x(), wcstof128x(), wcstoq(), wcstouq(), wcstol_l(), wcstoul_l(), wcstod_l(), wcstof_l(), wcstold_l(), wcstof16_l(), wcstof32_l(), wcstof64_l(), wcstof128_l(), wcstof32x_l(), wcstof64x_l(), wcstof128x_l() | +# iTrustee TEE support for libc + +------ + +| Header | Supported | Comments | +| ----------- | --------- | ------------------------------------------------------------ | +| alloca.h | Yes | - | +| arpa/inet.h | Partial | Unsupported functions: inet_neta(), inet_net_ntop(), inet_net_pton(), inet_nsap_addr(), inet_nsap_ntoa() | +| assert.h | Yes | - | +| ctype.h | Partial | Unsupported functions: isctype() | +| dlfcn.h | Partial | Unsupported functions: dlmopen(), dlvsym(), dladdr1() | +| errno.h | Yes | - | +| fcntl.h | Yes | - | +| inttypes.h | Partial | supported functions: imaxabs(), imaxdiv(), strtoimax(), strtoumax(), wcstoimax(), wcstoumax() | +| locale.h | Yes | - | +| malloc.h | Partial | supported functions: malloc(), calloc(), realloc(), free(), valloc(), memalign(), malloc_usable_size() | +| netdb.h | Partial | Unsupported functions: gethostent_r(), getnetent_r(), getnetbyaddr_r(), getnetbyname_r(), getservent_r(), getprotoent_r(), getprotobyname_r(), getprotobynumber_r(), setnetgrent endnetgrent(), getnetgrent innetgr(), getnetgrent_r(), rcmd(), rcmd_af(), rexec(), rexec_af(), ruserok(), ruserok_af(), iruserok(), iruserok_af(), rresvport(), rresvport_af(), getaddrinfo_a(), gai_suspend gai_error(), gai_cancel() | +| poll.h | Partial | Unsupported functions: ppoll() | +| pthread.h | Partial | Unsupported functions: pthread_attr_getstackaddr(), pthread_attr_setstackaddr(), pthread_attr_setaffinity_np(), pthread_attr_getaffinity_np(), pthread_getname_np(), pthread_yield(), pthread_mutex_consistent_np(), pthread_mutexattr_getrobust_np(), pthread_mutexattr_setrobust_np(), pthread_rwlockattr_getkind_np(), pthread_rwlockattr_setkind_np() | +| sched.h | Yes | - | +| semaphore.h | Yes | - | +| setjmp.h | Yes | - | +| signal.h | Partial | Unsupported functions: sysv_signal(), ssignal(), gsignal(), sigblock(), sigsetmask(), siggetmask(), sigreturn(), sigstack() | +| stdio.h | Partial | Unsupported functions: renameat2(), tmpnam_r(), fcloseall(), obstack_printf(), obstack_vprintf(), uflow(), overflow() | +| stdlib.h | Partial | Unsupported functions: strtof16(), strtof32(), strtof64(), strtof128(), strtof32x(), strtof64x(), strtof128x(), strtoq(), strtouq(), strfromd(), strfromf(), strfroml(), strfromf16(), strfromf32(), strfromf64(), strfromf128(), strfromf32x(), strfromf64x(), strfromf128x(), strtol_l(), strtoul_l(), strtoll_l(), strtoull_l(), strtof16_l(), strtof32_l(), strtof64_l(), strtof128_l(), strtof32x_l(), strtof64x_l(), strtof128x_l(), random_r(), srandom_r(), initstate_r(), setstate_r(), drand48_r(), erand48_r(), lrand48_r(), nrand48_r(), mrand48_r(), jrand48_r(), srand48_r(), seed48_r(), lcong48_r(), reallocarray(), on_exit(), canonicalize_file_name(), qsort_r(), qecvt(), qfcvt(), qgcvt(), ecvt_r(), fcvt_r(), fcvt_r(), qfcvt_r(), rpmatch(), getpt(),ttyslot() | +| string.h | Partial | Unsupported functions: rawmemchr(), strfry(), memfrob() | +| strings.h | Yes | - | +| time.h | Partial | Unsupported functions: strptime_l(), timelocal(), dysize(), timespec_get(), getdate_r() | +| unistd.h | Partial | Unsupported functions: lseek(), lseek64(), pread64(), pwrite64(), getwd(), group_member(), ttyslot(), setlogin(), revoke(), profil(), truncate64(), ftruncate64(), lockf(), lockf64(), cuserid(), pthread_atfork() | +| wchar.h | Partial | Unsupported functions: wcschrnul(), wmempcpy(), wcstof16(), wcstof32(), wcstof64(), wcstof128(), wcstof32x(), wcstof64x(), wcstof128x(), wcstoq(), wcstouq(), wcstol_l(), wcstoul_l(), wcstod_l(), wcstof_l(), wcstold_l(), wcstof16_l(), wcstof32_l(), wcstof64_l(), wcstof128_l(), wcstof32x_l(), wcstof64x_l(), wcstof128x_l() | | wctype.h | Yes | - | \ No newline at end of file diff --git a/docs/logo.png b/sdk/docs/logo.png similarity index 100% rename from docs/logo.png rename to sdk/docs/logo.png diff --git a/docs/riscv_tee.md b/sdk/docs/riscv_tee.md similarity index 100% rename from docs/riscv_tee.md rename to sdk/docs/riscv_tee.md diff --git a/docs/secGear_RISC-V_Penglai_demo.jpeg b/sdk/docs/secGear_RISC-V_Penglai_demo.jpeg similarity index 100% rename from docs/secGear_RISC-V_Penglai_demo.jpeg rename to sdk/docs/secGear_RISC-V_Penglai_demo.jpeg diff --git a/docs/sign_tool.md b/sdk/docs/sign_tool.md similarity index 100% rename from docs/sign_tool.md rename to sdk/docs/sign_tool.md diff --git a/docs/zh/2403_LTS_SP2/_toc.yaml b/sdk/docs/zh/2403_LTS_SP2/_toc.yaml similarity index 100% rename from docs/zh/2403_LTS_SP2/_toc.yaml rename to sdk/docs/zh/2403_LTS_SP2/_toc.yaml diff --git a/docs/zh/2403_LTS_SP2/api_reference.md b/sdk/docs/zh/2403_LTS_SP2/api_reference.md similarity index 100% rename from docs/zh/2403_LTS_SP2/api_reference.md rename to sdk/docs/zh/2403_LTS_SP2/api_reference.md diff --git a/docs/zh/2403_LTS_SP2/application_scenarios.md b/sdk/docs/zh/2403_LTS_SP2/application_scenarios.md similarity index 100% rename from docs/zh/2403_LTS_SP2/application_scenarios.md rename to sdk/docs/zh/2403_LTS_SP2/application_scenarios.md diff --git a/docs/zh/2403_LTS_SP2/developer_guide.md b/sdk/docs/zh/2403_LTS_SP2/developer_guide.md similarity index 100% rename from docs/zh/2403_LTS_SP2/developer_guide.md rename to sdk/docs/zh/2403_LTS_SP2/developer_guide.md diff --git a/docs/zh/2403_LTS_SP2/figures/BJCA_Crypto_Module.png b/sdk/docs/zh/2403_LTS_SP2/figures/BJCA_Crypto_Module.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/BJCA_Crypto_Module.png rename to sdk/docs/zh/2403_LTS_SP2/figures/BJCA_Crypto_Module.png diff --git a/docs/zh/2403_LTS_SP2/figures/Mindspore.png b/sdk/docs/zh/2403_LTS_SP2/figures/Mindspore.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/Mindspore.png rename to sdk/docs/zh/2403_LTS_SP2/figures/Mindspore.png diff --git a/docs/zh/2403_LTS_SP2/figures/Mindspore_original.png b/sdk/docs/zh/2403_LTS_SP2/figures/Mindspore_original.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/Mindspore_original.png rename to sdk/docs/zh/2403_LTS_SP2/figures/Mindspore_original.png diff --git a/docs/zh/2403_LTS_SP2/figures/develop_step.png b/sdk/docs/zh/2403_LTS_SP2/figures/develop_step.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/develop_step.png rename to sdk/docs/zh/2403_LTS_SP2/figures/develop_step.png diff --git a/docs/zh/2403_LTS_SP2/figures/openLooKeng.png b/sdk/docs/zh/2403_LTS_SP2/figures/openLooKeng.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/openLooKeng.png rename to sdk/docs/zh/2403_LTS_SP2/figures/openLooKeng.png diff --git a/docs/zh/2403_LTS_SP2/figures/secGear_arch.png b/sdk/docs/zh/2403_LTS_SP2/figures/secGear_arch.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/secGear_arch.png rename to sdk/docs/zh/2403_LTS_SP2/figures/secGear_arch.png diff --git a/docs/zh/2403_LTS_SP2/figures/secret_gaussdb.png b/sdk/docs/zh/2403_LTS_SP2/figures/secret_gaussdb.png similarity index 100% rename from docs/zh/2403_LTS_SP2/figures/secret_gaussdb.png rename to sdk/docs/zh/2403_LTS_SP2/figures/secret_gaussdb.png diff --git a/docs/zh/2403_LTS_SP2/introduction_to_secgear.md b/sdk/docs/zh/2403_LTS_SP2/introduction_to_secgear.md similarity index 100% rename from docs/zh/2403_LTS_SP2/introduction_to_secgear.md rename to sdk/docs/zh/2403_LTS_SP2/introduction_to_secgear.md diff --git a/docs/zh/2403_LTS_SP2/public_sys-resources/icon-note.gif b/sdk/docs/zh/2403_LTS_SP2/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/2403_LTS_SP2/public_sys-resources/icon-note.gif rename to sdk/docs/zh/2403_LTS_SP2/public_sys-resources/icon-note.gif diff --git a/docs/zh/2403_LTS_SP2/secgear_installation.md b/sdk/docs/zh/2403_LTS_SP2/secgear_installation.md similarity index 100% rename from docs/zh/2403_LTS_SP2/secgear_installation.md rename to sdk/docs/zh/2403_LTS_SP2/secgear_installation.md diff --git a/docs/zh/2403_LTS_SP2/using_secgear_tools.md b/sdk/docs/zh/2403_LTS_SP2/using_secgear_tools.md similarity index 100% rename from docs/zh/2403_LTS_SP2/using_secgear_tools.md rename to sdk/docs/zh/2403_LTS_SP2/using_secgear_tools.md diff --git a/environment b/sdk/environment similarity index 100% rename from environment rename to sdk/environment diff --git a/inc/common_inc/bit_operation.h b/sdk/inc/common_inc/bit_operation.h similarity index 100% rename from inc/common_inc/bit_operation.h rename to sdk/inc/common_inc/bit_operation.h diff --git a/inc/common_inc/gp/gp_shared_memory_defs.h b/sdk/inc/common_inc/gp/gp_shared_memory_defs.h similarity index 100% rename from inc/common_inc/gp/gp_shared_memory_defs.h rename to sdk/inc/common_inc/gp/gp_shared_memory_defs.h diff --git a/inc/common_inc/secgear_list.h b/sdk/inc/common_inc/secgear_list.h similarity index 100% rename from inc/common_inc/secgear_list.h rename to sdk/inc/common_inc/secgear_list.h diff --git a/inc/common_inc/switchless_defs.h b/sdk/inc/common_inc/switchless_defs.h similarity index 100% rename from inc/common_inc/switchless_defs.h rename to sdk/inc/common_inc/switchless_defs.h diff --git a/inc/enclave_inc/gp/caller.h b/sdk/inc/enclave_inc/gp/caller.h similarity index 100% rename from inc/enclave_inc/gp/caller.h rename to sdk/inc/enclave_inc/gp/caller.h diff --git a/inc/enclave_inc/gp/gp.h b/sdk/inc/enclave_inc/gp/gp.h similarity index 100% rename from inc/enclave_inc/gp/gp.h rename to sdk/inc/enclave_inc/gp/gp.h diff --git a/inc/enclave_inc/gp/gp_ocall.h b/sdk/inc/enclave_inc/gp/gp_ocall.h similarity index 100% rename from inc/enclave_inc/gp/gp_ocall.h rename to sdk/inc/enclave_inc/gp/gp_ocall.h diff --git a/inc/enclave_inc/gp/itrustee/bottom_memory_check.h b/sdk/inc/enclave_inc/gp/itrustee/bottom_memory_check.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/bottom_memory_check.h rename to sdk/inc/enclave_inc/gp/itrustee/bottom_memory_check.h diff --git a/inc/enclave_inc/gp/itrustee/cc_securec.h b/sdk/inc/enclave_inc/gp/itrustee/cc_securec.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/cc_securec.h rename to sdk/inc/enclave_inc/gp/itrustee/cc_securec.h diff --git a/inc/enclave_inc/gp/itrustee/dataseal_internal.h b/sdk/inc/enclave_inc/gp/itrustee/dataseal_internal.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/dataseal_internal.h rename to sdk/inc/enclave_inc/gp/itrustee/dataseal_internal.h diff --git a/inc/enclave_inc/gp/itrustee/error_conversion.h b/sdk/inc/enclave_inc/gp/itrustee/error_conversion.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/error_conversion.h rename to sdk/inc/enclave_inc/gp/itrustee/error_conversion.h diff --git a/inc/enclave_inc/gp/itrustee/random_internal.h b/sdk/inc/enclave_inc/gp/itrustee/random_internal.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/random_internal.h rename to sdk/inc/enclave_inc/gp/itrustee/random_internal.h diff --git a/inc/enclave_inc/gp/itrustee/secgear_log.h b/sdk/inc/enclave_inc/gp/itrustee/secgear_log.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/secgear_log.h rename to sdk/inc/enclave_inc/gp/itrustee/secgear_log.h diff --git a/inc/enclave_inc/gp/itrustee/tee_agent.h b/sdk/inc/enclave_inc/gp/itrustee/tee_agent.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/tee_agent.h rename to sdk/inc/enclave_inc/gp/itrustee/tee_agent.h diff --git a/inc/enclave_inc/gp/itrustee/tee_trusted_storage.h b/sdk/inc/enclave_inc/gp/itrustee/tee_trusted_storage.h similarity index 100% rename from inc/enclave_inc/gp/itrustee/tee_trusted_storage.h rename to sdk/inc/enclave_inc/gp/itrustee/tee_trusted_storage.h diff --git a/inc/enclave_inc/memory_check.h b/sdk/inc/enclave_inc/memory_check.h similarity index 100% rename from inc/enclave_inc/memory_check.h rename to sdk/inc/enclave_inc/memory_check.h diff --git a/inc/enclave_inc/penglai/bottom_memory_check.h b/sdk/inc/enclave_inc/penglai/bottom_memory_check.h similarity index 100% rename from inc/enclave_inc/penglai/bottom_memory_check.h rename to sdk/inc/enclave_inc/penglai/bottom_memory_check.h diff --git a/inc/enclave_inc/penglai/cc_securec.h b/sdk/inc/enclave_inc/penglai/cc_securec.h similarity index 100% rename from inc/enclave_inc/penglai/cc_securec.h rename to sdk/inc/enclave_inc/penglai/cc_securec.h diff --git a/inc/enclave_inc/penglai/dataseal_internal.h b/sdk/inc/enclave_inc/penglai/dataseal_internal.h similarity index 100% rename from inc/enclave_inc/penglai/dataseal_internal.h rename to sdk/inc/enclave_inc/penglai/dataseal_internal.h diff --git a/inc/enclave_inc/penglai/error_conversion.h b/sdk/inc/enclave_inc/penglai/error_conversion.h similarity index 100% rename from inc/enclave_inc/penglai/error_conversion.h rename to sdk/inc/enclave_inc/penglai/error_conversion.h diff --git a/inc/enclave_inc/penglai/penglai.h b/sdk/inc/enclave_inc/penglai/penglai.h similarity index 100% rename from inc/enclave_inc/penglai/penglai.h rename to sdk/inc/enclave_inc/penglai/penglai.h diff --git a/inc/enclave_inc/penglai/penglai_ocall.h b/sdk/inc/enclave_inc/penglai/penglai_ocall.h similarity index 100% rename from inc/enclave_inc/penglai/penglai_ocall.h rename to sdk/inc/enclave_inc/penglai/penglai_ocall.h diff --git a/inc/enclave_inc/penglai/random_internal.h b/sdk/inc/enclave_inc/penglai/random_internal.h similarity index 100% rename from inc/enclave_inc/penglai/random_internal.h rename to sdk/inc/enclave_inc/penglai/random_internal.h diff --git a/inc/enclave_inc/penglai/secgear_log.h b/sdk/inc/enclave_inc/penglai/secgear_log.h similarity index 100% rename from inc/enclave_inc/penglai/secgear_log.h rename to sdk/inc/enclave_inc/penglai/secgear_log.h diff --git a/inc/enclave_inc/secgear_dataseal.h b/sdk/inc/enclave_inc/secgear_dataseal.h similarity index 100% rename from inc/enclave_inc/secgear_dataseal.h rename to sdk/inc/enclave_inc/secgear_dataseal.h diff --git a/inc/enclave_inc/secgear_random.h b/sdk/inc/enclave_inc/secgear_random.h similarity index 100% rename from inc/enclave_inc/secgear_random.h rename to sdk/inc/enclave_inc/secgear_random.h diff --git a/inc/enclave_inc/sgx/bottom_memory_check.h b/sdk/inc/enclave_inc/sgx/bottom_memory_check.h similarity index 100% rename from inc/enclave_inc/sgx/bottom_memory_check.h rename to sdk/inc/enclave_inc/sgx/bottom_memory_check.h diff --git a/inc/enclave_inc/sgx/cc_securec.h b/sdk/inc/enclave_inc/sgx/cc_securec.h similarity index 100% rename from inc/enclave_inc/sgx/cc_securec.h rename to sdk/inc/enclave_inc/sgx/cc_securec.h diff --git a/inc/enclave_inc/sgx/dataseal_internal.h b/sdk/inc/enclave_inc/sgx/dataseal_internal.h similarity index 100% rename from inc/enclave_inc/sgx/dataseal_internal.h rename to sdk/inc/enclave_inc/sgx/dataseal_internal.h diff --git a/inc/enclave_inc/sgx/error_conversion.h b/sdk/inc/enclave_inc/sgx/error_conversion.h similarity index 100% rename from inc/enclave_inc/sgx/error_conversion.h rename to sdk/inc/enclave_inc/sgx/error_conversion.h diff --git a/inc/enclave_inc/sgx/random_internal.h b/sdk/inc/enclave_inc/sgx/random_internal.h similarity index 100% rename from inc/enclave_inc/sgx/random_internal.h rename to sdk/inc/enclave_inc/sgx/random_internal.h diff --git a/inc/enclave_inc/sgx/secgear_log.h b/sdk/inc/enclave_inc/sgx/secgear_log.h similarity index 100% rename from inc/enclave_inc/sgx/secgear_log.h rename to sdk/inc/enclave_inc/sgx/secgear_log.h diff --git a/inc/host_inc/enclave.h b/sdk/inc/host_inc/enclave.h similarity index 100% rename from inc/host_inc/enclave.h rename to sdk/inc/host_inc/enclave.h diff --git a/inc/host_inc/enclave_internal.h b/sdk/inc/host_inc/enclave_internal.h similarity index 100% rename from inc/host_inc/enclave_internal.h rename to sdk/inc/host_inc/enclave_internal.h diff --git a/inc/host_inc/enclave_log.h b/sdk/inc/host_inc/enclave_log.h similarity index 100% rename from inc/host_inc/enclave_log.h rename to sdk/inc/host_inc/enclave_log.h diff --git a/inc/host_inc/gp/secgear_pthread.edl b/sdk/inc/host_inc/gp/secgear_pthread.edl similarity index 100% rename from inc/host_inc/gp/secgear_pthread.edl rename to sdk/inc/host_inc/gp/secgear_pthread.edl diff --git a/inc/host_inc/gp/secgear_tkey_exchange.edl b/sdk/inc/host_inc/gp/secgear_tkey_exchange.edl similarity index 100% rename from inc/host_inc/gp/secgear_tkey_exchange.edl rename to sdk/inc/host_inc/gp/secgear_tkey_exchange.edl diff --git a/inc/host_inc/gp/secgear_tprotected_fs.edl b/sdk/inc/host_inc/gp/secgear_tprotected_fs.edl similarity index 100% rename from inc/host_inc/gp/secgear_tprotected_fs.edl rename to sdk/inc/host_inc/gp/secgear_tprotected_fs.edl diff --git a/inc/host_inc/gp/secgear_tssl.edl b/sdk/inc/host_inc/gp/secgear_tssl.edl similarity index 100% rename from inc/host_inc/gp/secgear_tssl.edl rename to sdk/inc/host_inc/gp/secgear_tssl.edl diff --git a/inc/host_inc/gp/secgear_tstdc.edl b/sdk/inc/host_inc/gp/secgear_tstdc.edl similarity index 100% rename from inc/host_inc/gp/secgear_tstdc.edl rename to sdk/inc/host_inc/gp/secgear_tstdc.edl diff --git a/inc/host_inc/gp/secgear_tswitchless.edl b/sdk/inc/host_inc/gp/secgear_tswitchless.edl similarity index 100% rename from inc/host_inc/gp/secgear_tswitchless.edl rename to sdk/inc/host_inc/gp/secgear_tswitchless.edl diff --git a/inc/host_inc/gp/secgear_urts.h b/sdk/inc/host_inc/gp/secgear_urts.h similarity index 100% rename from inc/host_inc/gp/secgear_urts.h rename to sdk/inc/host_inc/gp/secgear_urts.h diff --git a/inc/host_inc/ocall_log.h b/sdk/inc/host_inc/ocall_log.h similarity index 100% rename from inc/host_inc/ocall_log.h rename to sdk/inc/host_inc/ocall_log.h diff --git a/inc/host_inc/penglai/secgear_pthread.edl b/sdk/inc/host_inc/penglai/secgear_pthread.edl similarity index 100% rename from inc/host_inc/penglai/secgear_pthread.edl rename to sdk/inc/host_inc/penglai/secgear_pthread.edl diff --git a/inc/host_inc/penglai/secgear_tkey_exchange.edl b/sdk/inc/host_inc/penglai/secgear_tkey_exchange.edl similarity index 100% rename from inc/host_inc/penglai/secgear_tkey_exchange.edl rename to sdk/inc/host_inc/penglai/secgear_tkey_exchange.edl diff --git a/inc/host_inc/penglai/secgear_tprotected_fs.edl b/sdk/inc/host_inc/penglai/secgear_tprotected_fs.edl similarity index 100% rename from inc/host_inc/penglai/secgear_tprotected_fs.edl rename to sdk/inc/host_inc/penglai/secgear_tprotected_fs.edl diff --git a/inc/host_inc/penglai/secgear_tssl.edl b/sdk/inc/host_inc/penglai/secgear_tssl.edl similarity index 100% rename from inc/host_inc/penglai/secgear_tssl.edl rename to sdk/inc/host_inc/penglai/secgear_tssl.edl diff --git a/inc/host_inc/penglai/secgear_tstdc.edl b/sdk/inc/host_inc/penglai/secgear_tstdc.edl similarity index 100% rename from inc/host_inc/penglai/secgear_tstdc.edl rename to sdk/inc/host_inc/penglai/secgear_tstdc.edl diff --git a/inc/host_inc/penglai/secgear_tswitchless.edl b/sdk/inc/host_inc/penglai/secgear_tswitchless.edl similarity index 100% rename from inc/host_inc/penglai/secgear_tswitchless.edl rename to sdk/inc/host_inc/penglai/secgear_tswitchless.edl diff --git a/inc/host_inc/penglai/secgear_urts.h b/sdk/inc/host_inc/penglai/secgear_urts.h similarity index 100% rename from inc/host_inc/penglai/secgear_urts.h rename to sdk/inc/host_inc/penglai/secgear_urts.h diff --git a/inc/host_inc/secgear_defs.h b/sdk/inc/host_inc/secgear_defs.h similarity index 100% rename from inc/host_inc/secgear_defs.h rename to sdk/inc/host_inc/secgear_defs.h diff --git a/inc/host_inc/secgear_shared_memory.h b/sdk/inc/host_inc/secgear_shared_memory.h similarity index 100% rename from inc/host_inc/secgear_shared_memory.h rename to sdk/inc/host_inc/secgear_shared_memory.h diff --git a/inc/host_inc/secgear_uswitchless.h b/sdk/inc/host_inc/secgear_uswitchless.h similarity index 100% rename from inc/host_inc/secgear_uswitchless.h rename to sdk/inc/host_inc/secgear_uswitchless.h diff --git a/inc/host_inc/sgx/secgear_pthread.edl b/sdk/inc/host_inc/sgx/secgear_pthread.edl similarity index 100% rename from inc/host_inc/sgx/secgear_pthread.edl rename to sdk/inc/host_inc/sgx/secgear_pthread.edl diff --git a/inc/host_inc/sgx/secgear_tkey_exchange.edl b/sdk/inc/host_inc/sgx/secgear_tkey_exchange.edl similarity index 100% rename from inc/host_inc/sgx/secgear_tkey_exchange.edl rename to sdk/inc/host_inc/sgx/secgear_tkey_exchange.edl diff --git a/inc/host_inc/sgx/secgear_tprotected_fs.edl b/sdk/inc/host_inc/sgx/secgear_tprotected_fs.edl similarity index 100% rename from inc/host_inc/sgx/secgear_tprotected_fs.edl rename to sdk/inc/host_inc/sgx/secgear_tprotected_fs.edl diff --git a/inc/host_inc/sgx/secgear_tssl.edl b/sdk/inc/host_inc/sgx/secgear_tssl.edl similarity index 100% rename from inc/host_inc/sgx/secgear_tssl.edl rename to sdk/inc/host_inc/sgx/secgear_tssl.edl diff --git a/inc/host_inc/sgx/secgear_tstdc.edl b/sdk/inc/host_inc/sgx/secgear_tstdc.edl similarity index 100% rename from inc/host_inc/sgx/secgear_tstdc.edl rename to sdk/inc/host_inc/sgx/secgear_tstdc.edl diff --git a/inc/host_inc/sgx/secgear_tswitchless.edl b/sdk/inc/host_inc/sgx/secgear_tswitchless.edl similarity index 100% rename from inc/host_inc/sgx/secgear_tswitchless.edl rename to sdk/inc/host_inc/sgx/secgear_tswitchless.edl diff --git a/inc/host_inc/sgx/secgear_urts.h b/sdk/inc/host_inc/sgx/secgear_urts.h similarity index 100% rename from inc/host_inc/sgx/secgear_urts.h rename to sdk/inc/host_inc/sgx/secgear_urts.h diff --git a/inc/host_inc/sgx/sgx_enclave.h b/sdk/inc/host_inc/sgx/sgx_enclave.h similarity index 100% rename from inc/host_inc/sgx/sgx_enclave.h rename to sdk/inc/host_inc/sgx/sgx_enclave.h diff --git a/inc/host_inc/status.h b/sdk/inc/host_inc/status.h similarity index 100% rename from inc/host_inc/status.h rename to sdk/inc/host_inc/status.h diff --git a/install_manifest.txt b/sdk/install_manifest.txt similarity index 100% rename from install_manifest.txt rename to sdk/install_manifest.txt diff --git a/src/CMakeLists.txt b/sdk/src/CMakeLists.txt similarity index 100% rename from src/CMakeLists.txt rename to sdk/src/CMakeLists.txt diff --git a/src/enclave_src/CMakeLists.txt b/sdk/src/enclave_src/CMakeLists.txt similarity index 100% rename from src/enclave_src/CMakeLists.txt rename to sdk/src/enclave_src/CMakeLists.txt diff --git a/src/enclave_src/gp/gp.c b/sdk/src/enclave_src/gp/gp.c similarity index 100% rename from src/enclave_src/gp/gp.c rename to sdk/src/enclave_src/gp/gp.c diff --git a/src/enclave_src/gp/gp_ocall.c b/sdk/src/enclave_src/gp/gp_ocall.c similarity index 100% rename from src/enclave_src/gp/gp_ocall.c rename to sdk/src/enclave_src/gp/gp_ocall.c diff --git a/src/enclave_src/gp/itrustee/CMakeLists.txt b/sdk/src/enclave_src/gp/itrustee/CMakeLists.txt similarity index 100% rename from src/enclave_src/gp/itrustee/CMakeLists.txt rename to sdk/src/enclave_src/gp/itrustee/CMakeLists.txt diff --git a/src/enclave_src/gp/itrustee/bottom_memory_check.c b/sdk/src/enclave_src/gp/itrustee/bottom_memory_check.c similarity index 100% rename from src/enclave_src/gp/itrustee/bottom_memory_check.c rename to sdk/src/enclave_src/gp/itrustee/bottom_memory_check.c diff --git a/src/enclave_src/gp/itrustee/error_conversion.c b/sdk/src/enclave_src/gp/itrustee/error_conversion.c similarity index 100% rename from src/enclave_src/gp/itrustee/error_conversion.c rename to sdk/src/enclave_src/gp/itrustee/error_conversion.c diff --git a/src/enclave_src/gp/itrustee/itrustee_random.c b/sdk/src/enclave_src/gp/itrustee/itrustee_random.c similarity index 100% rename from src/enclave_src/gp/itrustee/itrustee_random.c rename to sdk/src/enclave_src/gp/itrustee/itrustee_random.c diff --git a/src/enclave_src/gp/itrustee/itrustee_seal_data.c b/sdk/src/enclave_src/gp/itrustee/itrustee_seal_data.c similarity index 100% rename from src/enclave_src/gp/itrustee/itrustee_seal_data.c rename to sdk/src/enclave_src/gp/itrustee/itrustee_seal_data.c diff --git a/src/enclave_src/gp/itrustee/itrustee_shared_memory.c b/sdk/src/enclave_src/gp/itrustee/itrustee_shared_memory.c similarity index 100% rename from src/enclave_src/gp/itrustee/itrustee_shared_memory.c rename to sdk/src/enclave_src/gp/itrustee/itrustee_shared_memory.c diff --git a/src/enclave_src/gp/itrustee/itrustee_shared_memory.h b/sdk/src/enclave_src/gp/itrustee/itrustee_shared_memory.h similarity index 97% rename from src/enclave_src/gp/itrustee/itrustee_shared_memory.h rename to sdk/src/enclave_src/gp/itrustee/itrustee_shared_memory.h index 35ae829..806320e 100644 --- a/src/enclave_src/gp/itrustee/itrustee_shared_memory.h +++ b/sdk/src/enclave_src/gp/itrustee/itrustee_shared_memory.h @@ -1,28 +1,28 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - -#ifndef __ITRUSTEE_SHARED_MEMORY_H__ -#define __ITRUSTEE_SHARED_MEMORY_H__ - -#include "status.h" - -#ifdef __cplusplus -extern "C" { -#endif - -cc_enclave_result_t register_shared_memory_by_session(uint8_t *in_buf, uint8_t *registered_buf, void **sessionContext); -void open_session_unregister_shared_memory(void *sessionContext); - -#ifdef __cplusplus -} -#endif -#endif +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#ifndef __ITRUSTEE_SHARED_MEMORY_H__ +#define __ITRUSTEE_SHARED_MEMORY_H__ + +#include "status.h" + +#ifdef __cplusplus +extern "C" { +#endif + +cc_enclave_result_t register_shared_memory_by_session(uint8_t *in_buf, uint8_t *registered_buf, void **sessionContext); +void open_session_unregister_shared_memory(void *sessionContext); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/enclave_src/gp/itrustee/itrustee_tswitchless.c b/sdk/src/enclave_src/gp/itrustee/itrustee_tswitchless.c similarity index 100% rename from src/enclave_src/gp/itrustee/itrustee_tswitchless.c rename to sdk/src/enclave_src/gp/itrustee/itrustee_tswitchless.c diff --git a/src/enclave_src/gp/itrustee/itrustee_tswitchless.h b/sdk/src/enclave_src/gp/itrustee/itrustee_tswitchless.h similarity index 100% rename from src/enclave_src/gp/itrustee/itrustee_tswitchless.h rename to sdk/src/enclave_src/gp/itrustee/itrustee_tswitchless.h diff --git a/src/enclave_src/memory_check.c b/sdk/src/enclave_src/memory_check.c similarity index 100% rename from src/enclave_src/memory_check.c rename to sdk/src/enclave_src/memory_check.c diff --git a/src/enclave_src/penglai/CMakeLists.txt b/sdk/src/enclave_src/penglai/CMakeLists.txt similarity index 100% rename from src/enclave_src/penglai/CMakeLists.txt rename to sdk/src/enclave_src/penglai/CMakeLists.txt diff --git a/src/enclave_src/penglai/bottom_memory_check.c b/sdk/src/enclave_src/penglai/bottom_memory_check.c similarity index 100% rename from src/enclave_src/penglai/bottom_memory_check.c rename to sdk/src/enclave_src/penglai/bottom_memory_check.c diff --git a/src/enclave_src/penglai/error_conversion.c b/sdk/src/enclave_src/penglai/error_conversion.c similarity index 100% rename from src/enclave_src/penglai/error_conversion.c rename to sdk/src/enclave_src/penglai/error_conversion.c diff --git a/src/enclave_src/penglai/penglai_ocall.c b/sdk/src/enclave_src/penglai/penglai_ocall.c similarity index 100% rename from src/enclave_src/penglai/penglai_ocall.c rename to sdk/src/enclave_src/penglai/penglai_ocall.c diff --git a/src/enclave_src/penglai/penglai_random.c b/sdk/src/enclave_src/penglai/penglai_random.c similarity index 100% rename from src/enclave_src/penglai/penglai_random.c rename to sdk/src/enclave_src/penglai/penglai_random.c diff --git a/src/enclave_src/penglai/penglai_seal_data.c b/sdk/src/enclave_src/penglai/penglai_seal_data.c similarity index 100% rename from src/enclave_src/penglai/penglai_seal_data.c rename to sdk/src/enclave_src/penglai/penglai_seal_data.c diff --git a/src/enclave_src/secgear_random.c b/sdk/src/enclave_src/secgear_random.c similarity index 100% rename from src/enclave_src/secgear_random.c rename to sdk/src/enclave_src/secgear_random.c diff --git a/src/enclave_src/secgear_seal_data.c b/sdk/src/enclave_src/secgear_seal_data.c similarity index 100% rename from src/enclave_src/secgear_seal_data.c rename to sdk/src/enclave_src/secgear_seal_data.c diff --git a/src/enclave_src/sgx/CMakeLists.txt b/sdk/src/enclave_src/sgx/CMakeLists.txt similarity index 100% rename from src/enclave_src/sgx/CMakeLists.txt rename to sdk/src/enclave_src/sgx/CMakeLists.txt diff --git a/src/enclave_src/sgx/bottom_memory_check.c b/sdk/src/enclave_src/sgx/bottom_memory_check.c similarity index 100% rename from src/enclave_src/sgx/bottom_memory_check.c rename to sdk/src/enclave_src/sgx/bottom_memory_check.c diff --git a/src/enclave_src/sgx/error_conversion.c b/sdk/src/enclave_src/sgx/error_conversion.c similarity index 100% rename from src/enclave_src/sgx/error_conversion.c rename to sdk/src/enclave_src/sgx/error_conversion.c diff --git a/src/enclave_src/sgx/sgx_random.c b/sdk/src/enclave_src/sgx/sgx_random.c similarity index 100% rename from src/enclave_src/sgx/sgx_random.c rename to sdk/src/enclave_src/sgx/sgx_random.c diff --git a/src/enclave_src/sgx/sgx_seal_data.c b/sdk/src/enclave_src/sgx/sgx_seal_data.c similarity index 100% rename from src/enclave_src/sgx/sgx_seal_data.c rename to sdk/src/enclave_src/sgx/sgx_seal_data.c diff --git a/src/host_src/CMakeLists.txt b/sdk/src/host_src/CMakeLists.txt similarity index 100% rename from src/host_src/CMakeLists.txt rename to sdk/src/host_src/CMakeLists.txt diff --git a/src/host_src/enclave.c b/sdk/src/host_src/enclave.c similarity index 100% rename from src/host_src/enclave.c rename to sdk/src/host_src/enclave.c diff --git a/src/host_src/enclave_internal.c b/sdk/src/host_src/enclave_internal.c similarity index 100% rename from src/host_src/enclave_internal.c rename to sdk/src/host_src/enclave_internal.c diff --git a/src/host_src/enclave_ocall.c b/sdk/src/host_src/enclave_ocall.c similarity index 100% rename from src/host_src/enclave_ocall.c rename to sdk/src/host_src/enclave_ocall.c diff --git a/src/host_src/gp/CMakeLists.txt b/sdk/src/host_src/gp/CMakeLists.txt similarity index 100% rename from src/host_src/gp/CMakeLists.txt rename to sdk/src/host_src/gp/CMakeLists.txt diff --git a/src/host_src/gp/gp_enclave.c b/sdk/src/host_src/gp/gp_enclave.c similarity index 100% rename from src/host_src/gp/gp_enclave.c rename to sdk/src/host_src/gp/gp_enclave.c diff --git a/src/host_src/gp/gp_enclave.h b/sdk/src/host_src/gp/gp_enclave.h similarity index 100% rename from src/host_src/gp/gp_enclave.h rename to sdk/src/host_src/gp/gp_enclave.h diff --git a/src/host_src/gp/gp_shared_memory.c b/sdk/src/host_src/gp/gp_shared_memory.c similarity index 100% rename from src/host_src/gp/gp_shared_memory.c rename to sdk/src/host_src/gp/gp_shared_memory.c diff --git a/src/host_src/gp/gp_shared_memory.h b/sdk/src/host_src/gp/gp_shared_memory.h similarity index 100% rename from src/host_src/gp/gp_shared_memory.h rename to sdk/src/host_src/gp/gp_shared_memory.h diff --git a/src/host_src/gp/gp_uswitchless.c b/sdk/src/host_src/gp/gp_uswitchless.c similarity index 100% rename from src/host_src/gp/gp_uswitchless.c rename to sdk/src/host_src/gp/gp_uswitchless.c diff --git a/src/host_src/gp/gp_uswitchless.h b/sdk/src/host_src/gp/gp_uswitchless.h similarity index 100% rename from src/host_src/gp/gp_uswitchless.h rename to sdk/src/host_src/gp/gp_uswitchless.h diff --git a/src/host_src/ocall_log.c b/sdk/src/host_src/ocall_log.c similarity index 100% rename from src/host_src/ocall_log.c rename to sdk/src/host_src/ocall_log.c diff --git a/src/host_src/penglai/CMakeLists.txt b/sdk/src/host_src/penglai/CMakeLists.txt similarity index 100% rename from src/host_src/penglai/CMakeLists.txt rename to sdk/src/host_src/penglai/CMakeLists.txt diff --git a/src/host_src/penglai/penglai_enclave.c b/sdk/src/host_src/penglai/penglai_enclave.c similarity index 100% rename from src/host_src/penglai/penglai_enclave.c rename to sdk/src/host_src/penglai/penglai_enclave.c diff --git a/src/host_src/penglai/penglai_enclave.h b/sdk/src/host_src/penglai/penglai_enclave.h similarity index 100% rename from src/host_src/penglai/penglai_enclave.h rename to sdk/src/host_src/penglai/penglai_enclave.h diff --git a/src/host_src/secgear_shared_memory.c b/sdk/src/host_src/secgear_shared_memory.c similarity index 100% rename from src/host_src/secgear_shared_memory.c rename to sdk/src/host_src/secgear_shared_memory.c diff --git a/src/host_src/sgx/CMakeLists.txt b/sdk/src/host_src/sgx/CMakeLists.txt similarity index 100% rename from src/host_src/sgx/CMakeLists.txt rename to sdk/src/host_src/sgx/CMakeLists.txt diff --git a/src/host_src/sgx/sgx_enclave.c b/sdk/src/host_src/sgx/sgx_enclave.c similarity index 100% rename from src/host_src/sgx/sgx_enclave.c rename to sdk/src/host_src/sgx/sgx_enclave.c diff --git a/src/host_src/sgx/sgx_enclave.h b/sdk/src/host_src/sgx/sgx_enclave.h similarity index 100% rename from src/host_src/sgx/sgx_enclave.h rename to sdk/src/host_src/sgx/sgx_enclave.h diff --git a/src/host_src/sgx/sgx_shared_memory.c b/sdk/src/host_src/sgx/sgx_shared_memory.c similarity index 100% rename from src/host_src/sgx/sgx_shared_memory.c rename to sdk/src/host_src/sgx/sgx_shared_memory.c diff --git a/src/host_src/sgx/sgx_shared_memory.h b/sdk/src/host_src/sgx/sgx_shared_memory.h similarity index 100% rename from src/host_src/sgx/sgx_shared_memory.h rename to sdk/src/host_src/sgx/sgx_shared_memory.h diff --git a/test/CMakeLists.txt b/sdk/test/CMakeLists.txt similarity index 97% rename from test/CMakeLists.txt rename to sdk/test/CMakeLists.txt index e3f5731..98894ea 100644 --- a/test/CMakeLists.txt +++ b/sdk/test/CMakeLists.txt @@ -1,3 +1,3 @@ -project(secGear) - -set(CMAKE_C_FLAGS "-fPIC -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -Wall -Werror") +project(secGear) + +set(CMAKE_C_FLAGS "-fPIC -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -Wall -Werror") diff --git a/test/llt.sh b/sdk/test/llt.sh similarity index 100% rename from test/llt.sh rename to sdk/test/llt.sh diff --git a/thirdparty/base64url/b64/LICENSE b/sdk/thirdparty/base64url/b64/LICENSE similarity index 100% rename from thirdparty/base64url/b64/LICENSE rename to sdk/thirdparty/base64url/b64/LICENSE diff --git a/thirdparty/base64url/b64/README.md b/sdk/thirdparty/base64url/b64/README.md similarity index 100% rename from thirdparty/base64url/b64/README.md rename to sdk/thirdparty/base64url/b64/README.md diff --git a/thirdparty/base64url/b64/b64.h b/sdk/thirdparty/base64url/b64/b64.h similarity index 100% rename from thirdparty/base64url/b64/b64.h rename to sdk/thirdparty/base64url/b64/b64.h diff --git a/thirdparty/base64url/b64/buffer.c b/sdk/thirdparty/base64url/b64/buffer.c similarity index 100% rename from thirdparty/base64url/b64/buffer.c rename to sdk/thirdparty/base64url/b64/buffer.c diff --git a/thirdparty/base64url/b64/decode.c b/sdk/thirdparty/base64url/b64/decode.c similarity index 100% rename from thirdparty/base64url/b64/decode.c rename to sdk/thirdparty/base64url/b64/decode.c diff --git a/thirdparty/base64url/b64/encode.c b/sdk/thirdparty/base64url/b64/encode.c similarity index 100% rename from thirdparty/base64url/b64/encode.c rename to sdk/thirdparty/base64url/b64/encode.c diff --git a/thirdparty/base64url/b64/notes.md b/sdk/thirdparty/base64url/b64/notes.md similarity index 94% rename from thirdparty/base64url/b64/notes.md rename to sdk/thirdparty/base64url/b64/notes.md index 63d23ba..245275c 100644 --- a/thirdparty/base64url/b64/notes.md +++ b/sdk/thirdparty/base64url/b64/notes.md @@ -1,10 +1,10 @@ -## b64.c - -### Download - -This library can be downloaded from address https://github.com/jwerle/b64.c. - -### Version - -The version of this library is **tag 0.1.0**. - +## b64.c + +### Download + +This library can be downloaded from address https://github.com/jwerle/b64.c. + +### Version + +The version of this library is **tag 0.1.0**. + diff --git a/thirdparty/base64url/base64url.c b/sdk/thirdparty/base64url/base64url.c similarity index 100% rename from thirdparty/base64url/base64url.c rename to sdk/thirdparty/base64url/base64url.c diff --git a/thirdparty/base64url/base64url.h b/sdk/thirdparty/base64url/base64url.h similarity index 100% rename from thirdparty/base64url/base64url.h rename to sdk/thirdparty/base64url/base64url.h diff --git a/thirdparty/cjson/cJSON.c b/sdk/thirdparty/cjson/cJSON.c similarity index 100% rename from thirdparty/cjson/cJSON.c rename to sdk/thirdparty/cjson/cJSON.c diff --git a/thirdparty/cjson/cJSON.h b/sdk/thirdparty/cjson/cJSON.h similarity index 100% rename from thirdparty/cjson/cJSON.h rename to sdk/thirdparty/cjson/cJSON.h diff --git a/thirdparty/kunpengsecl/verifier/teeverifier.h b/sdk/thirdparty/kunpengsecl/verifier/teeverifier.h similarity index 96% rename from thirdparty/kunpengsecl/verifier/teeverifier.h rename to sdk/thirdparty/kunpengsecl/verifier/teeverifier.h index 4a311f6..27949d5 100644 --- a/thirdparty/kunpengsecl/verifier/teeverifier.h +++ b/sdk/thirdparty/kunpengsecl/verifier/teeverifier.h @@ -1,50 +1,50 @@ -/* -kunpengsecl licensed under the Mulan PSL v2. -You can use this software according to the terms and conditions of -the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at: - http://license.coscl.org.cn/MulanPSL2 -THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, -EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, -MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. -See the Mulan PSL v2 for more details. -*/ - -#ifndef __VERIFIER_LIB__ -#define __VERIFIER_LIB__ - -#include -#include -#include -#include -#include -#include -#include - -#define UUID_SIZE 16 -#define HASH_SIZE 32 -//Attester will send the report by this type -typedef struct{ - uint32_t size; - uint8_t *buf; -} buffer_data; - -typedef struct -{ - uint8_t uuid[UUID_SIZE]; - uint8_t valueinfo[2][HASH_SIZE]; // valueinfo[0]=img measurement and valueinfo[1]=mem measurement -} base_value; - -enum error_status_code { - TVS_ALL_SUCCESSED = 0, - TVS_VERIFIED_NONCE_FAILED = -1, - TVS_VERIFIED_SIGNATURE_FAILED = -2, - TVS_VERIFIED_HASH_FAILED = -3, -}; - -int tee_verify_report(buffer_data *data_buf,buffer_data *nonce,int type, char *filename); -int tee_validate_report(buffer_data *buf_data, buffer_data *nonce); -int tee_verify_report2(buffer_data *buf_data, int type,base_value *baseval); -bool tee_verify_akcert(buffer_data *akcert, int type, const char *refval); -bool tee_get_akcert_data(buffer_data *akcert, buffer_data *akpub, buffer_data *drkcrt); - -#endif +/* +kunpengsecl licensed under the Mulan PSL v2. +You can use this software according to the terms and conditions of +the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at: + http://license.coscl.org.cn/MulanPSL2 +THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +See the Mulan PSL v2 for more details. +*/ + +#ifndef __VERIFIER_LIB__ +#define __VERIFIER_LIB__ + +#include +#include +#include +#include +#include +#include +#include + +#define UUID_SIZE 16 +#define HASH_SIZE 32 +//Attester will send the report by this type +typedef struct{ + uint32_t size; + uint8_t *buf; +} buffer_data; + +typedef struct +{ + uint8_t uuid[UUID_SIZE]; + uint8_t valueinfo[2][HASH_SIZE]; // valueinfo[0]=img measurement and valueinfo[1]=mem measurement +} base_value; + +enum error_status_code { + TVS_ALL_SUCCESSED = 0, + TVS_VERIFIED_NONCE_FAILED = -1, + TVS_VERIFIED_SIGNATURE_FAILED = -2, + TVS_VERIFIED_HASH_FAILED = -3, +}; + +int tee_verify_report(buffer_data *data_buf,buffer_data *nonce,int type, char *filename); +int tee_validate_report(buffer_data *buf_data, buffer_data *nonce); +int tee_verify_report2(buffer_data *buf_data, int type,base_value *baseval); +bool tee_verify_akcert(buffer_data *akcert, int type, const char *refval); +bool tee_get_akcert_data(buffer_data *akcert, buffer_data *akpub, buffer_data *drkcrt); + +#endif diff --git a/thirdparty/libqca/ra_client_api.h b/sdk/thirdparty/libqca/ra_client_api.h similarity index 100% rename from thirdparty/libqca/ra_client_api.h rename to sdk/thirdparty/libqca/ra_client_api.h diff --git a/tools/codegener/CMakeLists.txt b/sdk/tools/codegener/CMakeLists.txt similarity index 100% rename from tools/codegener/CMakeLists.txt rename to sdk/tools/codegener/CMakeLists.txt diff --git a/tools/codegener/Codegener.ml b/sdk/tools/codegener/Codegener.ml similarity index 100% rename from tools/codegener/Codegener.ml rename to sdk/tools/codegener/Codegener.ml diff --git a/tools/codegener/Commonfunc.ml b/sdk/tools/codegener/Commonfunc.ml similarity index 100% rename from tools/codegener/Commonfunc.ml rename to sdk/tools/codegener/Commonfunc.ml diff --git a/tools/codegener/Genheader.ml b/sdk/tools/codegener/Genheader.ml similarity index 100% rename from tools/codegener/Genheader.ml rename to sdk/tools/codegener/Genheader.ml diff --git a/tools/codegener/Gentrust.ml b/sdk/tools/codegener/Gentrust.ml similarity index 100% rename from tools/codegener/Gentrust.ml rename to sdk/tools/codegener/Gentrust.ml diff --git a/tools/codegener/Genuntrust.ml b/sdk/tools/codegener/Genuntrust.ml similarity index 100% rename from tools/codegener/Genuntrust.ml rename to sdk/tools/codegener/Genuntrust.ml diff --git a/tools/codegener/dune b/sdk/tools/codegener/dune similarity index 100% rename from tools/codegener/dune rename to sdk/tools/codegener/dune diff --git a/tools/codegener/dune-project b/sdk/tools/codegener/dune-project similarity index 100% rename from tools/codegener/dune-project rename to sdk/tools/codegener/dune-project diff --git a/tools/codegener/intel/Ast.ml b/sdk/tools/codegener/intel/Ast.ml similarity index 100% rename from tools/codegener/intel/Ast.ml rename to sdk/tools/codegener/intel/Ast.ml diff --git a/tools/codegener/intel/CodeGen.ml b/sdk/tools/codegener/intel/CodeGen.ml similarity index 100% rename from tools/codegener/intel/CodeGen.ml rename to sdk/tools/codegener/intel/CodeGen.ml diff --git a/tools/codegener/intel/Edger8r.ml b/sdk/tools/codegener/intel/Edger8r.ml similarity index 100% rename from tools/codegener/intel/Edger8r.ml rename to sdk/tools/codegener/intel/Edger8r.ml diff --git a/tools/codegener/intel/Lexer.mll b/sdk/tools/codegener/intel/Lexer.mll similarity index 100% rename from tools/codegener/intel/Lexer.mll rename to sdk/tools/codegener/intel/Lexer.mll diff --git a/tools/codegener/intel/Makefile b/sdk/tools/codegener/intel/Makefile similarity index 100% rename from tools/codegener/intel/Makefile rename to sdk/tools/codegener/intel/Makefile diff --git a/tools/codegener/intel/Parser.mly b/sdk/tools/codegener/intel/Parser.mly similarity index 100% rename from tools/codegener/intel/Parser.mly rename to sdk/tools/codegener/intel/Parser.mly diff --git a/tools/codegener/intel/Plugin.ml b/sdk/tools/codegener/intel/Plugin.ml similarity index 100% rename from tools/codegener/intel/Plugin.ml rename to sdk/tools/codegener/intel/Plugin.ml diff --git a/tools/codegener/intel/Preprocessor.ml b/sdk/tools/codegener/intel/Preprocessor.ml similarity index 100% rename from tools/codegener/intel/Preprocessor.ml rename to sdk/tools/codegener/intel/Preprocessor.ml diff --git a/tools/codegener/intel/SimpleStack.ml b/sdk/tools/codegener/intel/SimpleStack.ml similarity index 100% rename from tools/codegener/intel/SimpleStack.ml rename to sdk/tools/codegener/intel/SimpleStack.ml diff --git a/tools/codegener/intel/Util.ml b/sdk/tools/codegener/intel/Util.ml similarity index 100% rename from tools/codegener/intel/Util.ml rename to sdk/tools/codegener/intel/Util.ml diff --git a/tools/codegener/intel/dune b/sdk/tools/codegener/intel/dune similarity index 100% rename from tools/codegener/intel/dune rename to sdk/tools/codegener/intel/dune diff --git a/tools/codegener/main.ml b/sdk/tools/codegener/main.ml similarity index 100% rename from tools/codegener/main.ml rename to sdk/tools/codegener/main.ml diff --git a/tools/codegener/penglai/CodeGenPL.ml b/sdk/tools/codegener/penglai/CodeGenPL.ml similarity index 100% rename from tools/codegener/penglai/CodeGenPL.ml rename to sdk/tools/codegener/penglai/CodeGenPL.ml diff --git a/tools/codegener/penglai/CommonfuncPL.ml b/sdk/tools/codegener/penglai/CommonfuncPL.ml similarity index 100% rename from tools/codegener/penglai/CommonfuncPL.ml rename to sdk/tools/codegener/penglai/CommonfuncPL.ml diff --git a/tools/codegener/penglai/GenheaderPL.ml b/sdk/tools/codegener/penglai/GenheaderPL.ml similarity index 100% rename from tools/codegener/penglai/GenheaderPL.ml rename to sdk/tools/codegener/penglai/GenheaderPL.ml diff --git a/tools/codegener/penglai/GentrustPL.ml b/sdk/tools/codegener/penglai/GentrustPL.ml similarity index 100% rename from tools/codegener/penglai/GentrustPL.ml rename to sdk/tools/codegener/penglai/GentrustPL.ml diff --git a/tools/codegener/penglai/GenuntrustPL.ml b/sdk/tools/codegener/penglai/GenuntrustPL.ml similarity index 100% rename from tools/codegener/penglai/GenuntrustPL.ml rename to sdk/tools/codegener/penglai/GenuntrustPL.ml diff --git a/tools/codegener/penglai/dune b/sdk/tools/codegener/penglai/dune similarity index 100% rename from tools/codegener/penglai/dune rename to sdk/tools/codegener/penglai/dune diff --git a/tools/sign_tool/sign_tool.sh b/sdk/tools/sign_tool/sign_tool.sh similarity index 100% rename from tools/sign_tool/sign_tool.sh rename to sdk/tools/sign_tool/sign_tool.sh -- Gitee From b4cbaebce65c905e3af96152662e5319e1c439a3 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Sun, 27 Jul 2025 22:19:27 +0800 Subject: [PATCH 02/19] adapt documents accordingly --- README.en.md | 2 +- README.md | 15 ++++++++++----- sdk/CMakeLists.txt | 2 +- sdk/docs/build_install.md | 38 +++++++++++++++++++++++--------------- 4 files changed, 35 insertions(+), 22 deletions(-) diff --git a/README.en.md b/README.en.md index be072d5..2e610bf 100644 --- a/README.en.md +++ b/README.en.md @@ -13,7 +13,7 @@ in ARM Trustzone. Build and Install ---------------- -- [reference build & install](./docs/build_install.md) +- [reference build & install](./sdk/docs/build_install.md) Develop Application and Compile ------------------------------ diff --git a/README.md b/README.md index 3386060..2a7b7f8 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ secGear是开源的机密计算项目,致力于提供简单、易用的机密 ----------- | 目录 | 用途 | |-----------|-----------| -| [src](./src/) | 统一SDK:屏蔽Intel SGX、鲲鹏Trustzone以及RISC-V蓬莱TEE等SDK差异,提供统一API,实现不同架构共源码,提供代码生成工具,使用户聚焦业务,提升开发效率。开发可参考[HelloWorld开发流程](./docs/HelloWorld开发流程和特性使用指南.md)。| -| [component](./component) | 安全组件:提供通用安全组件货架,支持传统lib库集成方式快速集成,构建机密计算解决方案。| +| [sdk/src](./sdk/src/) | 统一SDK:屏蔽Intel SGX、鲲鹏Trustzone以及RISC-V蓬莱TEE等SDK差异,提供统一API,实现不同架构共源码,提供代码生成工具,使用户聚焦业务,提升开发效率。开发可参考[HelloWorld开发流程](./docs/HelloWorld开发流程和特性使用指南.md)。| +| [sdk/component](./sdk/component) | 安全组件:提供通用安全组件货架,支持传统lib库集成方式快速集成,构建机密计算解决方案。| | [service](./service) | 提供通用安全服务,如[远程证明统一框架](https://gitee.com/openeuler/secGear/blob/master/service/attestation/README.md) ,支持快速集成、部署远程证明服务。| @@ -34,7 +34,7 @@ sudo yum install -y cmake ocaml-dune linux-sgx-driver sgxsdk libsgx-launch libsg git clone https://gitee.com/openeuler/secGear.git // build secGear and examples -cd secGear +cd secGear/sdk source /opt/intel/sgxsdk/environment && source environment mkdir debug && cd debug && cmake .. && make && sudo make install @@ -49,14 +49,14 @@ mkdir debug && cd debug && cmake .. && make && sudo make install #### Build and Run ``` -// install build require +// install dependencies sudo yum install -y cmake ocaml-dune itrustee_sdk-devel openssl-devel // clone secGear repository git clone https://gitee.com/openeuler/secGear.git // build secGear and examples -cd secGear +cd secGear/sdk source environment mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install @@ -64,6 +64,11 @@ mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install /vendor/bin/secgear_helloworld ``` +使用sdk进行开发,请参考[Guide](./README.en.md) + +编译&部署远程证明服务框架及组件,请参考[attestation/README](./service/attestation/README.md) +``` + 如何贡献 ---------------- diff --git a/sdk/CMakeLists.txt b/sdk/CMakeLists.txt index a14c482..55a190a 100644 --- a/sdk/CMakeLists.txt +++ b/sdk/CMakeLists.txt @@ -112,7 +112,7 @@ if(NOT IS_DIRECTORY ${LOCAL_ROOT_PATH}/bin) execute_process(COMMAND mkdir ${LOCAL_ROOT_PATH}/bin) endif() -#add_subdirectory(examples) +#add_subdirectory(${LOCAL_ROOT_PATH}/../examples) add_subdirectory(test) install(FILES ${LOCAL_ROOT_PATH}/conf/logrotate.d/secgear diff --git a/sdk/docs/build_install.md b/sdk/docs/build_install.md index 491ac7c..46557ae 100644 --- a/sdk/docs/build_install.md +++ b/sdk/docs/build_install.md @@ -4,21 +4,24 @@ Ensure your system have installed sgx driver, sgx sdk and sgx psw. You can install by [released version](https://01.org/intel-software-guard-extensions/downloads) or [linux-sgx](https://github.com/intel/linux-sgx) source code. 1. Clone the secGear repository: -``` +```bash git clone https://gitee.com/openeuler/secGear.git ``` -2. Build secGear and examples -``` -cd secGear +2. Build SDK and examples + +```bash +cd secGear/sdk source /opt/intel/sgxsdk/environment && source environment mkdir debug && cd debug && cmake ..&& make && sudo make install ``` + 3. Run Helloworld -``` +```bash ./examples/helloworld/host/secgear_helloworld ``` + 4. For more complex examples, see `examples` directory. ## Quick start with ARM TrustZone(Kunpeng itrustee) @@ -27,21 +30,29 @@ Ensure your system have installed ocaml-dune, if installed ignore this step. Otherwise install refer to [ocaml-dune](https://github.com/ocaml/dune) 1. Clone the secGear repository: -``` + +```bash git clone https://gitee.com/openeuler/secGear.git ``` -2. Build secGear and examples -``` -cd secGear + +2. Build SDK and examples + +```bash +cd secGear/sdk source environment mkdir debug && cd debug && cmake -DENCLAVE=GP ..&& make && sudo make install ``` -3. Run Helloworld -``` + +3. Run Helloworld with root + +```bash /vendor/bin/secgear_helloworld ``` + 4. For more complex examples, see `examples` directory. +5. **TO build remote attestation service and components, refer to [attestation/README](../../service/attestation/README.md). + ## Build with RSIC-V Penglai refer to [riscv_tee.md](./riscv_tee.md) @@ -49,7 +60,7 @@ refer to [riscv_tee.md](./riscv_tee.md) The build cmd `cmake ..` used default sdk installed path and default enclave ssl installed path(optional, only need when your application uses libssl). If you install them by customize, you need input your customize path by cmake such as: -``` +```bash // the following two cmd is same cmake .. cmake -DSDK_PATH=/opt/intel/sgxsdk -DSSL_PATH=/opt/intel/sgxssl .. @@ -57,6 +68,3 @@ cmake -DSDK_PATH=/opt/intel/sgxsdk -DSSL_PATH=/opt/intel/sgxssl .. // input your customize path cmake -DSDK_PATH="sdk installed path" -DSSL_PATH="enclave ssl installed path" .. ``` - - - -- Gitee From fe817f9588dde19afcb895f38428ea9559b5c078 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Sun, 27 Jul 2025 22:20:27 +0800 Subject: [PATCH 03/19] fix logo path --- README.en.md | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.en.md b/README.en.md index 2e610bf..4e770b2 100644 --- a/README.en.md +++ b/README.en.md @@ -1,4 +1,4 @@ -secGear +secGear secGear ============================ diff --git a/README.md b/README.md index 2a7b7f8..14d744c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -secGear +secGear secGear ============================ -- Gitee From 29de3944fe4b8426b14869e39d8b62444161956c Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Sun, 27 Jul 2025 22:31:17 +0800 Subject: [PATCH 04/19] formating doc --- README.en.md | 574 +++++++++++++++++++++++++++------------------------ 1 file changed, 302 insertions(+), 272 deletions(-) diff --git a/README.en.md b/README.en.md index 4e770b2..b234d58 100644 --- a/README.en.md +++ b/README.en.md @@ -15,20 +15,22 @@ Build and Install - [reference build & install](./sdk/docs/build_install.md) -Develop Application and Compile +Develope Application and Compile ------------------------------ Assuming the development directory is .../secGear/examples/test/ - + ### 1 Write edl interface description - - enclave { - include "secgear_urts.h" - from "secgear_tstdc.edl" import *; - trusted { - public int get_string([out, size=32]char *buf); - }; - }; + +```edl + enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + trusted { + public int get_string([out, size=32]char *buf); + }; + }; +``` include "secgear_urts.h", from "secgear_tstdc.edl" import *, to shield the difference between SGX and iTrustee when calling the C library. So as long as the C library functions are used, for the consistency of the source code, the two @@ -43,26 +45,28 @@ Then save as test.edl ### 2 Write the top-level CMakeLists.txt - cmake_minimum_required(VERSION 3.10 FATAL_ERROR) - project(TEST C) - set(CMAKE_C_STANDARD 99) - set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) - set(EDL_FILE test.edl) - set(LOCAL_ROOT_PATH "$ENV{CC_SDK}") +```cmake + cmake_minimum_required(VERSION 3.10 FATAL_ERROR) + project(TEST C) + set(CMAKE_C_STANDARD 99) + set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + set(EDL_FILE test.edl) + set(LOCAL_ROOT_PATH "$ENV{CC_SDK}") set(SECGEAR_INSTALL_PATH /usr/lib64/) - set(CODEGEN codegen) - if(CC_GP) - set(CODETYPE trustzone) - execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID) - string(REPLACE "\n" "" UUID ${UUID}) - add_definitions(-DPATH="/data/${UUID}.sec") - endif() - if(CC_SGX) - set(CODETYPE sgx) - add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") - endif() - add_subdirectory(${CURRENT_ROOT_PATH}/enclave) - add_subdirectory(${CURRENT_ROOT_PATH}/host) + set(CODEGEN codegen) + if(CC_GP) + set(CODETYPE trustzone) + execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID) + string(REPLACE "\n" "" UUID ${UUID}) + add_definitions(-DPATH="/data/${UUID}.sec") + endif() + if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") + endif() + add_subdirectory(${CURRENT_ROOT_PATH}/enclave) + add_subdirectory(${CURRENT_ROOT_PATH}/host) +``` Set the CODETYPE EDL_FILE and CODETYPE attributes, which are used when automatically generating code at later phase. On ARM platform, the enclave image needs be named with a unique UUID, so it is dynamically uniquely generated using @@ -70,47 +74,49 @@ the uuidgen command. The defined DPATH macro is used when loading the enclave im ### 3 Write the non-secure side code and CMakeLists.txt - + #### 3.1 Create a new host directory and write main.c - #include - #include "enclave.h" - #include "test_u.h" - - #define BUF_LEN 32 - - int main() - { - int retval = 0; - char *path = PATH; - char buf[BUF_LEN]; - cc_enclave_t *context = NULL; - cc_enclave_result_t res; - - res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); - ... - - res = get_string(context, &retval, buf); - if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { - printf("Ecall enclave error\n"); - } else { - printf("%s\n", buf); - } - - if (context != NULL) { - res = cc_enclave_destroy(context); - ... - } - return res; - } - +```c + #include + #include "enclave.h" + #include "test_u.h" + + #define BUF_LEN 32 + + int main() + { + int retval = 0; + char *path = PATH; + char buf[BUF_LEN]; + cc_enclave_t *context = NULL; + cc_enclave_result_t res; + + res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); + ... + + res = get_string(context, &retval, buf); + if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { + printf("Ecall enclave error\n"); + } else { + printf("%s\n", buf); + } + + if (context != NULL) { + res = cc_enclave_destroy(context); + ... + } + return res; + } +``` + include "enclave.h", to import the secGear header file, include "test_u.h" to import the automatically generated code header file. Next, call cc_enclave_create(...) to create the enclave context, and then call the wrapper of the interface described in the edl file to enter the enclave to execute confidential code. Finally, call cc_enclave_destroy(...) to destroy the enclave context. - + Note that comparing to arguments defined in edl file, the interface called here has two more arguments, context and retval. -This is because the function, generated by the automatic code generation tool according to edl, is a wrapper of the real +This is because the function, generated by the automatic code generation tool according to edl, is a wrapper of the real enclave function, and its declaration is in the test_u.h header file. Where the context parameter is the cc_enclave_t * context created before calling the function, and retval is the return value of the function defined in edl, and the res argument is the return value of the wrapped function. The prefix of test_u.h is consistent with the prefix of @@ -124,134 +130,147 @@ compilation phase, which simplifies the development and compilation steps. #### 3.2 Write the CMakeLists.txt file of the host. - #set auto code prefix - set(PREFIX test) - #set host exec name - set(OUTPUT secgear_test) - #set host src code - set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c) +```cmake + #set auto code prefix + set(PREFIX test) + #set host exec name + set(OUTPUT secgear_test) + #set host src code + set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c) Set some variables, which are described in comments. - #set auto code - if(CC_GP) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) - endif() - - if(CC_SGX) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) - endif() + #set auto code + if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) + endif() + + if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) + endif() +``` Use the code generation tool to generate auxiliary code based on the edl. Variables such as CODEGEN and CODETYPE are defined at the top of CMakeList.txt. --search-path is used to search for other edl files imported in test.edl. When SGX is used, the edl imported in test.edl indirectly depends on the edl of the SGX SDK. Therefore, the search path of the SGX SDK is also specified here. - set(CMAKE_C_FLAGS "-fstack-protector-all -W -Wall -Werror -Wextra -Werror=array-bounds -D_FORTIFY_SOURCE=2 -O2 -ftrapv -fPIE") - set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack") +```cmake + set(CMAKE_C_FLAGS "-fstack-protector-all -W -Wall -Werror -Wextra -Werror=array-bounds -D_FORTIFY_SOURCE=2 -O2 -ftrapv -fPIE") + set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack") Set compile and link options - - if(CC_GP) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${SECGEAR_INSTALL_PATH}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) - endif() - endif() + + if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) + endif() + endif() +``` In the case of iTrustee, set the search paths of the header file and compile the final non-secure binary. - if(CC_SGX) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${SECGEAR_INSTALL_PATH}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) - endif() - endif() +```cmake + if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) + endif() + endif() +``` In the case of SGX, set the search paths of the header file and compile the final non-secure binary. - if(CC_SIM) +```cmake + if(CC_SIM) target_link_libraries(${OUTPUT} secgearsim) else() target_link_libraries(${OUTPUT} secgear) endif() set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) - if(CC_GP) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION /vendor/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) - endif() - if(CC_SGX) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION ${CMAKE_BINARY_DIR}/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) - endif() - -Based on -DCC_SIM=ON or none transferred from cmake, linking secgear or secgearsim. Specify the installation -path of the final binary. The non-secure side image of iTrustee must be installed on the specified whitelist. + if(CC_GP) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) + endif() + if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) + endif() +``` + +Based on -DCC_SIM=ON or none transferred from cmake, linking secgear or secgearsim. Specify the installation +path of the final binary. The non-secure side image of iTrustee must be installed on the specified whitelist. The whitelist configuration will be introduced below. ### 4 Write security side code, CMakeLists.txt and some configuration files - + #### 4.1 Create a new enclave directory and write hello.c - #include - #include - #include "test_t.h" +```c + #include + #include + #include "test_t.h" - #define TA_HELLO_WORLD "secGear hello world!" - #define BUF_MAX 32 - int get_string(char *buf) - { - strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); - return 0; - } + #define TA_HELLO_WORLD "secGear hello world!" + #define BUF_MAX 32 + int get_string(char *buf) + { + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; + } +``` Import the test_t.h generated by the automatic code generation tool, and then write the function according to the interface description in test.edl. - + #### 4.2 Write CMakeLists.txt - #set auto code prefix - set(PREFIX test) - #set sign key - set(PEM Enclave_private.pem) +```cmake + #set auto code prefix + set(PREFIX test) + #set sign key + set(PEM Enclave_private.pem) Set the private key file name used to sign the enclave binary - #set sign tool - set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) - #set enclave src code - set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/hello.c) - #set log level - set(PRINT_LEVEL 3) - add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + #set sign tool + set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + #set enclave src code + set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/hello.c) + #set log level + set(PRINT_LEVEL 3) + add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) +``` Set sign tool and the security side log printing level - if(CC_GP) +```cmake + if(CC_GP) #set signed output set(OUTPUT ${UUID}.sec) @@ -264,85 +283,91 @@ Set sign tool and the security side log printing level add_custom_command(OUTPUT ${AUTO_FILES} DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) - endif() + endif() +``` WHITE_LIS_X sets the whitelist of iTrustee, only the host binaries in these paths can call this secure image, and up to 8 list paths can be configured. WHITE_LIST_OWNER set user, this user will be applied to all whitelist paths. Finally, set the name of the security image after the final signing, and generate auxiliary code. - if(CC_SGX) - set(OUTPUT enclave.signed.so) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) - endif() +```cmake + if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) + endif() +``` In the case of SGX, set the name of the security image after the final signing, and generate auxiliary code. +```cmake + set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") - set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ - -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ - -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ - -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") +``` - set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") - Set the security side, no matter whether it is SGX or iTrustee will use some compilation and link options, for example, because the security side is different from the non-secure side, the default library of host OS cannot be used, -so -nostdinc -nodefaultlibs -nostdlib -nodefaultlibs compile link options is introduced. - - if(CC_GP) - configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt") +so ```-nostdinc -nodefaultlibs -nostdlib -nodefaultlibs``` link options are introduced. - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") +```cmake + if(CC_GP) + configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt") - set(ITRUSTEE_TEEDIR ${SDK_PATH}/) - set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${SECGEAR_INSTALL_PATH}) - endif() + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories( ${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${LOCAL_ROOT_PATH}/inc/enclave_inc - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp - ${ITRUSTEE_TEEDIR}/include/TA - ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext - ${ITRUSTEE_LIBC}/arch/aarch64 - ${ITRUSTEE_LIBC}/ - ${ITRUSTEE_LIBC}/arch/arm/bits - ${ITRUSTEE_LIBC}/arch/generic - ${ITRUSTEE_LIBC}/arch/arm - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE ${SECGEAR_INSTALL_PATH}) - endif() + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE ${SECGEAR_INSTALL_PATH}) + endif() - foreach(WHITE_LIST ${WHITELIST}) - add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") - endforeach(WHITE_LIST) - add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") - target_link_libraries(${PREFIX} -lsecgear_tee) + target_link_libraries(${PREFIX} -lsecgear_tee) - add_custom_command(TARGET ${PREFIX} - POST_BUILD - COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini - -o ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT}) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini + -o ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT}) - install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT} - DESTINATION /data - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT} + DESTINATION /data + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - endif() + endif() +``` In the case of iTrustee, generate the configuration file manifest.txt, and details of the configuration file will be explained later, specify some compilation options related to iTrustee, set the search paths of the header file and the link file, and build the enclave binary. @@ -351,51 +376,53 @@ Regarding the use of iTrustee ocall, there are some other notes, which will be i whitelist macro. Next, you need to link to the secgear_tee library, in which there are interfaces for generating random numbers, seal, unseal, etc. The last step is to sign and install. - if(CC_SGX) - set(SGX_DIR ${SDK_PATH}) - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") - set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) - - if(CC_SIM) - set(Trts_Library_Name sgx_trts_sim) - set(Service_Library_Name sgx_tservice_sim) - else() - set(Trts_Library_Name sgx_trts) - set(Service_Library_Name sgx_tservice) - endif() - - set(Crypto_Library_Name sgx_tcrypto) - - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ - -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${LINK_LIBRARY_PATH}) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories(${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${SGX_DIR}/include/tlibc - ${SGX_DIR}/include/libcxx - ${SGX_DIR}/include - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE - ${LINK_LIBRARY_PATH}) - endif() - - target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive - -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group) - add_custom_command(TARGET ${PREFIX} - POST_BUILD - COMMAND openssl genrsa -3 -out ${PEM} 3072 - COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) - endif() +```cmake + if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${LINK_LIBRARY_PATH}) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH}) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) + endif() +``` In the case of SGX, specify some compilation and link options related to SGX. When linking libraries, SGX and iTrustee are quite different. This is because iTrustee is a secure OS with more capabilities, such as musl libc and openssl. @@ -406,21 +433,23 @@ correctly, some libraries must be linked between specified options, such as sgx_ For more detailed information, please refer to the Makefile of SGX examples. Finally, sign the enclave with the configuration file, which will be introduced later. Note that secGear does not currently support remote authentication. - - set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) - + +```cmake + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +``` + Set some safe compilation options. - + #### 4.3 Enclave image configuration file - + Write SGX enclave related configuration files The configuration content in the Enclave.config.xml and Enclave.lds files is the same as the official SGX configuration file. For details, please refer to the official development document. Write iTrustee related configuration files -The gpd.ta.appID in the manifest.txt.in file is the uuid configuration item, which is dynamically generated, +The gpd.ta.appID in the manifest.txt.in file is the uuid configuration item, which is dynamically generated, and the other configuration items can refer to the iTrustee development document. - + ### 5 build and install test [reference build & install](./docs/build_install.md) @@ -438,20 +467,22 @@ Security side development, due to restrictions on the different security capabil impossible to directly develop the log function like the non-secure side, Therefore, we provide the PrintInfo interface to record the security side log to the Syslog system. The related configuration files secgear and secgear.conf have been installed in the system directory during the build and install secGear phase. - + Note that when using on iTrustee, you need to import the secgear_log.h header file, but SGX does not need it. Because SGX implements the log function through ocall, the relevant code is in the auxiliary code. And when the configuration file is installed, you need to run "systemctl restart rsyslog" to make the log effective. Finally, in order to enable iTrustee logs to be dumped to the place specified in the configuration file, you also need to run /vendor/bin/tlogcat -f. The tlogcat tool is a part of the iTrustee sdk. - -The meaning of log level (set(PRINT_LEVEL 3)). +The meaning of log level (set(PRINT_LEVEL 3)). + +```c PRINT_ERROR 0 PRINT_WARNING 1 PRINT_STRACE 2 PRINT_DEBUG 3 +``` At present, there are some differences in the usage of the log function. After the iTrustee ocall function is stabilized, the usage will be unified. @@ -461,10 +492,10 @@ Use ocall The secGear ocall function can be used normally on the SGX platform. There are currently restrictions with iTrustee: - only the specified a3d88d2a-ae2a-4ea5-a37d-35fc5f607e9e uuid can be used, - and two programs that enable ocall cannot be run at the same time, - and config cannot be enabled. ta.instanceKeepAlive. - +**Only the specified a3d88d2a-ae2a-4ea5-a37d-35fc5f607e9e uuid can be used.** +**Only one programs enables ocall or error will be triggered.** +**Config option ```ta.instanceKeepAlive``` shall not be enabled.** + Moreover, if the underlying iTrustee does not enable ocall, the SDK will only report an error registration ocall failure, and the ecall function can be used normally. @@ -478,7 +509,7 @@ supported on the iTrustee platform. Remote authentication capability is currently not supported. ------------------------------------------------------------ -secGear does not currently support plc, switchless and other about SGX features. +secGear does not currently support plc, switchless and other about SGX features -------------------------------------------------------------------------------- Learning More About codegener @@ -498,5 +529,4 @@ secGear introduces the signing tool to sign the enclave. Milestone --------- -secGear - +secGear -- Gitee From ccc4214fba62f04b2cd56372f62d5f2f44e38aff Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Sun, 27 Jul 2025 22:52:28 +0800 Subject: [PATCH 05/19] format code blocks --- README.en.md | 557 +++++++++++++++++++++++++++------------------------ 1 file changed, 292 insertions(+), 265 deletions(-) diff --git a/README.en.md b/README.en.md index b234d58..59a27e1 100644 --- a/README.en.md +++ b/README.en.md @@ -23,13 +23,13 @@ Assuming the development directory is .../secGear/examples/test/ ### 1 Write edl interface description ```edl - enclave { - include "secgear_urts.h" - from "secgear_tstdc.edl" import *; - trusted { - public int get_string([out, size=32]char *buf); - }; +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + trusted { + public int get_string([out, size=32]char *buf); }; +}; ``` include "secgear_urts.h", from "secgear_tstdc.edl" import *, to shield the difference between SGX and iTrustee when @@ -46,26 +46,29 @@ Then save as test.edl ### 2 Write the top-level CMakeLists.txt ```cmake - cmake_minimum_required(VERSION 3.10 FATAL_ERROR) - project(TEST C) - set(CMAKE_C_STANDARD 99) - set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) - set(EDL_FILE test.edl) - set(LOCAL_ROOT_PATH "$ENV{CC_SDK}") - set(SECGEAR_INSTALL_PATH /usr/lib64/) - set(CODEGEN codegen) - if(CC_GP) - set(CODETYPE trustzone) - execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID) - string(REPLACE "\n" "" UUID ${UUID}) - add_definitions(-DPATH="/data/${UUID}.sec") - endif() - if(CC_SGX) - set(CODETYPE sgx) - add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") - endif() - add_subdirectory(${CURRENT_ROOT_PATH}/enclave) - add_subdirectory(${CURRENT_ROOT_PATH}/host) +cmake_minimum_required(VERSION 3.10 FATAL_ERROR) +project(TEST C) +set(CMAKE_C_STANDARD 99) +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) +set(EDL_FILE test.edl) +set(LOCAL_ROOT_PATH "$ENV{CC_SDK}") +set(SECGEAR_INSTALL_PATH /usr/lib64/) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID) + string(REPLACE "\n" "" UUID ${UUID}) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) ``` Set the CODETYPE EDL_FILE and CODETYPE attributes, which are used when automatically generating code at later phase. @@ -78,36 +81,36 @@ the uuidgen command. The defined DPATH macro is used when loading the enclave im #### 3.1 Create a new host directory and write main.c ```c - #include - #include "enclave.h" - #include "test_u.h" - - #define BUF_LEN 32 - - int main() - { - int retval = 0; - char *path = PATH; - char buf[BUF_LEN]; - cc_enclave_t *context = NULL; - cc_enclave_result_t res; - - res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); - ... - - res = get_string(context, &retval, buf); - if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { - printf("Ecall enclave error\n"); - } else { - printf("%s\n", buf); - } - - if (context != NULL) { - res = cc_enclave_destroy(context); - ... - } - return res; +#include +#include "enclave.h" +#include "test_u.h" + +#define BUF_LEN 32 + +int main() +{ + int retval = 0; + char *path = PATH; + char buf[BUF_LEN]; + cc_enclave_t *context = NULL; + cc_enclave_result_t res; + + res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); +... + + res = get_string(context, &retval, buf); + if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { + printf("Ecall enclave error\n"); + } else { + printf("%s\n", buf); + } + + if (context != NULL) { + res = cc_enclave_destroy(context); + ... } + return res; +} ``` include "enclave.h", to import the secGear header file, include "test_u.h" to import the automatically generated code @@ -131,29 +134,29 @@ compilation phase, which simplifies the development and compilation steps. #### 3.2 Write the CMakeLists.txt file of the host. ```cmake - #set auto code prefix - set(PREFIX test) - #set host exec name - set(OUTPUT secgear_test) - #set host src code - set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c) +#set auto code prefix +set(PREFIX test) +#set host exec name +set(OUTPUT secgear_test) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c) Set some variables, which are described in comments. - #set auto code - if(CC_GP) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) - endif() +endif() - if(CC_SGX) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) - add_custom_command(OUTPUT ${AUTO_FILES} +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) - endif() +endif() ``` Use the code generation tool to generate auxiliary code based on the edl. Variables such as CODEGEN and CODETYPE are @@ -162,65 +165,77 @@ When SGX is used, the edl imported in test.edl indirectly depends on the edl of path of the SGX SDK is also specified here. ```cmake - set(CMAKE_C_FLAGS "-fstack-protector-all -W -Wall -Werror -Wextra -Werror=array-bounds -D_FORTIFY_SOURCE=2 -O2 -ftrapv -fPIE") - set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack") - -Set compile and link options - - if(CC_GP) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${SECGEAR_INSTALL_PATH}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) - endif() +set(CMAKE_C_FLAGS "-fstack-protector-all -W -Wall -Werror -Wextra -Werror=array-bounds -D_FORTIFY_SOURCE=2 -O2 -ftrapv -fPIE") + +set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack") +``` + +Set compile and link options. + +```cmake +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() + + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) endif() +endif() ``` In the case of iTrustee, set the search paths of the header file and compile the final non-secure binary. ```cmake - if(CC_SGX) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${SECGEAR_INSTALL_PATH}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) - endif() +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() + + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR}) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) endif() +endif() ``` In the case of SGX, set the search paths of the header file and compile the final non-secure binary. ```cmake - if(CC_SIM) - target_link_libraries(${OUTPUT} secgearsim) - else() - target_link_libraries(${OUTPUT} secgear) - endif() - set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) - if(CC_GP) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION /vendor/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) - endif() - if(CC_SGX) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION ${CMAKE_BINARY_DIR}/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) - endif() +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim) +else() + target_link_libraries(${OUTPUT} secgear) +endif() + +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) +endif() ``` Based on -DCC_SIM=ON or none transferred from cmake, linking secgear or secgearsim. Specify the installation @@ -232,17 +247,18 @@ The whitelist configuration will be introduced below. #### 4.1 Create a new enclave directory and write hello.c ```c - #include - #include - #include "test_t.h" - - #define TA_HELLO_WORLD "secGear hello world!" - #define BUF_MAX 32 - int get_string(char *buf) - { - strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); - return 0; - } +#include +#include +#include "test_t.h" + +#define TA_HELLO_WORLD "secGear hello world!" +#define BUF_MAX 32 + +int get_string(char *buf) +{ + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; +} ``` Import the test_t.h generated by the automatic code generation tool, and then write the function according to the @@ -251,39 +267,44 @@ interface description in test.edl. #### 4.2 Write CMakeLists.txt ```cmake - #set auto code prefix - set(PREFIX test) - #set sign key - set(PEM Enclave_private.pem) - -Set the private key file name used to sign the enclave binary - - #set sign tool - set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) - #set enclave src code - set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/hello.c) - #set log level - set(PRINT_LEVEL 3) - add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) +#set auto code prefix +set(PREFIX test) +#set sign key +set(PEM Enclave_private.pem) +``` + +Set the private key file name used to sign the enclave binary. + +```cmake +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/hello.c) +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) ``` Set sign tool and the security side log printing level ```cmake - if(CC_GP) - #set signed output - set(OUTPUT ${UUID}.sec) - - set(WHITE_LIST_0 /vendor/bin/helloworld) - set(WHITE_LIST_1 /vendor/bin/secgear_test) - set(WHITE_LIST_OWNER root) - set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) - - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) - endif() +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_1 /vendor/bin/secgear_test) + set(WHITE_LIST_OWNER root) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h + ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() ``` WHITE_LIS_X sets the whitelist of iTrustee, only the host binaries in these paths can call this secure image, @@ -291,23 +312,25 @@ and up to 8 list paths can be configured. WHITE_LIST_OWNER set user, this user w Finally, set the name of the security image after the final signing, and generate auxiliary code. ```cmake - if(CC_SGX) - set(OUTPUT enclave.signed.so) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) - endif() +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) +endif() ``` In the case of SGX, set the name of the security image after the final signing, and generate auxiliary code. ```cmake - set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ - -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ - -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ - -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums \ + -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") - set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") ``` Set the security side, no matter whether it is SGX or iTrustee will use some compilation and link options, for @@ -315,58 +338,58 @@ example, because the security side is different from the non-secure side, the de so ```-nostdinc -nodefaultlibs -nostdlib -nodefaultlibs``` link options are introduced. ```cmake - if(CC_GP) - configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt") - - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") - - set(ITRUSTEE_TEEDIR ${SDK_PATH}/) - set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${SECGEAR_INSTALL_PATH}) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories( ${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${LOCAL_ROOT_PATH}/inc/enclave_inc - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp - ${ITRUSTEE_TEEDIR}/include/TA - ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext - ${ITRUSTEE_LIBC}/arch/aarch64 - ${ITRUSTEE_LIBC}/ - ${ITRUSTEE_LIBC}/arch/arm/bits - ${ITRUSTEE_LIBC}/arch/generic - ${ITRUSTEE_LIBC}/arch/arm - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE ${SECGEAR_INSTALL_PATH}) - endif() - - foreach(WHITE_LIST ${WHITELIST}) - add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") - endforeach(WHITE_LIST) - add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") - - target_link_libraries(${PREFIX} -lsecgear_tee) - - add_custom_command(TARGET ${PREFIX} - POST_BUILD - COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini - -o ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT}) - - install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT} - DESTINATION /data - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) +if(CC_GP) + configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt") + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE ${SECGEAR_INSTALL_PATH}) endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini + -o ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT}) + + install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT} + DESTINATION /data + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() ``` In the case of iTrustee, generate the configuration file manifest.txt, and details of the configuration file will @@ -377,51 +400,55 @@ whitelist macro. Next, you need to link to the secgear_tee library, in which the random numbers, seal, unseal, etc. The last step is to sign and install. ```cmake - if(CC_SGX) - set(SGX_DIR ${SDK_PATH}) - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") - set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) - - if(CC_SIM) - set(Trts_Library_Name sgx_trts_sim) - set(Service_Library_Name sgx_tservice_sim) - else() - set(Trts_Library_Name sgx_trts) - set(Service_Library_Name sgx_tservice) - endif() - - set(Crypto_Library_Name sgx_tcrypto) - - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ - -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${LINK_LIBRARY_PATH}) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories(${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${SGX_DIR}/include/tlibc - ${SGX_DIR}/include/libcxx - ${SGX_DIR}/include - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE - ${LINK_LIBRARY_PATH}) - endif() - - target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive - -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group) - add_custom_command(TARGET ${PREFIX} +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${LINK_LIBRARY_PATH}) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH}) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive \ + ${Trts_Library_Name} -Wl,--no-whole-archive \ + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx \ + -l${Crypto_Library_Name} -l${Service_Library_Name} \ + -Wl,--end-group) + + add_custom_command(TARGET ${PREFIX} POST_BUILD COMMAND openssl genrsa -3 -out ${PEM} 3072 COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) - endif() +endif() ``` In the case of SGX, specify some compilation and link options related to SGX. When linking libraries, SGX and iTrustee @@ -435,7 +462,7 @@ For more detailed information, please refer to the Makefile of SGX examples. Fin configuration file, which will be introduced later. Note that secGear does not currently support remote authentication. ```cmake - set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) ``` Set some safe compilation options. @@ -478,10 +505,10 @@ need to run /vendor/bin/tlogcat -f. The tlogcat tool is a part of the iTrustee s The meaning of log level (set(PRINT_LEVEL 3)). ```c - PRINT_ERROR 0 - PRINT_WARNING 1 - PRINT_STRACE 2 - PRINT_DEBUG 3 +PRINT_ERROR 0 +PRINT_WARNING 1 +PRINT_STRACE 2 +PRINT_DEBUG 3 ``` At present, there are some differences in the usage of the log function. After the iTrustee ocall function is stabilized, -- Gitee From 4937778bbf04772e3f1b2b1005013fbb772cbd84 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Sun, 27 Jul 2025 23:05:19 +0800 Subject: [PATCH 06/19] update urls --- README.en.md | 12 +++++----- ...77\347\224\250\346\214\207\345\215\227.md" | 24 +++++++++---------- sdk/docs/en/2403_LTS_SP2/developer_guide.md | 8 +++---- sdk/docs/zh/2403_LTS_SP2/developer_guide.md | 8 +++---- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/README.en.md b/README.en.md index 59a27e1..a7318e5 100644 --- a/README.en.md +++ b/README.en.md @@ -106,8 +106,8 @@ int main() } if (context != NULL) { - res = cc_enclave_destroy(context); - ... + res = cc_enclave_destroy(context); + ... } return res; } @@ -479,7 +479,7 @@ and the other configuration items can refer to the iTrustee development document ### 5 build and install test -[reference build & install](./docs/build_install.md) +[reference build & install](./sdk/docs/build_install.md) Log --- @@ -545,15 +545,15 @@ Learning More About codegener secGear introduces EDL (Enclave Description Language) and intermediate code generation tool codegener. EDL is compatible with Intel SGX's definition. -- [Learn how to use codegener](./docs/codegener.md) +- [Learn how to use codegener](./sdk/docs/codegener.md) Learning More About sign_tool ----------------------------- secGear introduces the signing tool to sign the enclave. -- [Learn how to use signing tool](./docs/sign_tool.md) +- [Learn how to use signing tool](./sdk/docs/sign_tool.md) Milestone --------- -secGear +Join openEuler/sig-confidential-computing to get more detailed information. diff --git "a/sdk/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/sdk/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" index 0335a72..04bb7b7 100644 --- "a/sdk/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" +++ "b/sdk/docs/HelloWorld\345\274\200\345\217\221\346\265\201\347\250\213\345\222\214\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -8,14 +8,14 @@ HelloWorld开发流程 - 安全侧的代码的编写 - 调用sign_tool.sh对安全侧编译出的so做签名 -以[HelloWorld](../examples/helloworld)样例源码为例详细介绍开发步骤。 +以[HelloWorld](../../examples/helloworld)样例源码为例详细介绍开发步骤。 ### 1 编写edl接口文件 edl文件定义了非安全侧与安全侧交互的接口声明,类似于传统的头文件接口声明,由codegen辅助代码生成工具根据edl文件编译生成非安全侧与安全侧交互代码,从而帮助用户降低开发成本,聚焦业务逻辑。目前ocall仅在sgx平台支持,itrustee尚不支持。 如下定义了ecall函数get_string。 -[参考 HelloWorld edl文件](../examples/helloworld/helloworld.edl) +[参考 HelloWorld edl文件](../../examples/helloworld/helloworld.edl) ``` enclave { @@ -39,7 +39,7 @@ edl文件定义了非安全侧与安全侧交互的接口声明,类似于传 - 调用ecall函数 - 调用cc_enclave_destroy销毁enclave -[参考 HelloWorld main.c文件](../examples/helloworld/host/main.c) +[参考 HelloWorld main.c文件](../../examples/helloworld/host/main.c) ``` // 创建enclave res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, context); @@ -54,7 +54,7 @@ edl文件定义了非安全侧与安全侧交互的接口声明,类似于传 ``` ### 3 调用codegen工具 -[参考 HelloWorld host/CMakeLists.txt文件](../examples/helloworld/host/CMakeLists.txt) +[参考 HelloWorld host/CMakeLists.txt文件](../../examples/helloworld/host/CMakeLists.txt) Helloworld样例的编译工程已经集成codegen的调用,如下。 @@ -72,20 +72,20 @@ Helloworld样例的编译工程已经集成codegen的调用,如下。 开发者在安全侧需要完成: - edl文件中定义的ecall函数的实现,edl文件相当于头文件 -[参考 HelloWorld hello.c文件](../examples/helloworld/enclave/hello.c) +[参考 HelloWorld hello.c文件](../../examples/helloworld/enclave/hello.c) test_t.h:该头文件为自动生成代码工具codegen通过edl文件生成的头文件,该头文件命名为edl文件名加"_t"。 ### 5 调用签名工具 -[参考 HelloWorld enclave/CMakeLists.txt文件](../examples/helloworld/enclave/CMakeLists.txt) +[参考 HelloWorld enclave/CMakeLists.txt文件](../../examples/helloworld/enclave/CMakeLists.txt) 使用SIGN_TOOL对编译出的.so文件进行签名。 ### 6 配置开发者证书 -仅适用鲲鹏平台,以[examples/helloworld](../examples/helloworld)样例介绍 +仅适用鲲鹏平台,以[examples/helloworld](../../examples/helloworld)样例介绍 - 修改uuid - 修改[examples/helloworld/CMakeLists.txt](../examples/helloworld/CMakeLists.txt)中uuid + 修改[examples/helloworld/CMakeLists.txt](../../examples/helloworld/CMakeLists.txt)中uuid ``` if(CC_GP) @@ -96,7 +96,7 @@ if(CC_GP) ``` - 配置证书路径 -修改[examples/helloworld/enclave/config_cloud.ini](../examples/helloworld/enclave/config_cloud.ini)配置证书路径 +修改[examples/helloworld/enclave/config_cloud.ini](../../examples/helloworld/enclave/config_cloud.ini)配置证书路径 ``` ;private key for signing TA @@ -109,7 +109,7 @@ configPath = /home/TA_cert/secgear-app1/config # config开发者证书的路径 ``` - 修改manifest.txt -参照申请证书是的configs.xml字段,修改[manifest.txt](../examples/helloworld/enclave/manifest.txt)中字段 +参照申请证书是的configs.xml字段,修改[manifest.txt](../../examples/helloworld/enclave/manifest.txt)中字段 如果configs.xml中存在,manifest.txt中没有,需要自行添加。 ``` @@ -123,7 +123,7 @@ gpd.ta.stackSize: 40960 ``` - 开启签名 -在[examples/helloworld/enclave/CMakeLists.txt](../examples/helloworld/enclave/CMakeLists.txt)中找到如下注释的行,打开注释 +在[examples/helloworld/enclave/CMakeLists.txt](../../examples/helloworld/enclave/CMakeLists.txt)中找到如下注释的行,打开注释 ``` add_custom_command(TARGET ${PREFIX} @@ -187,7 +187,7 @@ typedef struct { | num_cores | 用于设置安全侧线程绑核
规格:
最大值为当前环境CPU核数 | ### 4 switchless开发流程 -[参考 switchless README.md文件](../examples/switchless/README.md) +[参考 switchless README.md文件](../../examples/switchless/README.md) ### 5 switchless性能优化 #### 5.1 CPU绑核 diff --git a/sdk/docs/en/2403_LTS_SP2/developer_guide.md b/sdk/docs/en/2403_LTS_SP2/developer_guide.md index 74fea4d..b68c0a8 100644 --- a/sdk/docs/en/2403_LTS_SP2/developer_guide.md +++ b/sdk/docs/en/2403_LTS_SP2/developer_guide.md @@ -68,8 +68,8 @@ The following figure shows the development procedure. // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples -cd secGear +// build sdk and examples +cd secGear/sdk source environment mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install @@ -83,8 +83,8 @@ mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples -cd secGear +// build sdk and examples +cd secGear/sdk source /opt/intel/sgxsdk/environment && source environment mkdir debug && cd debug && cmake .. && make && sudo make install diff --git a/sdk/docs/zh/2403_LTS_SP2/developer_guide.md b/sdk/docs/zh/2403_LTS_SP2/developer_guide.md index b788f9d..f82693e 100644 --- a/sdk/docs/zh/2403_LTS_SP2/developer_guide.md +++ b/sdk/docs/zh/2403_LTS_SP2/developer_guide.md @@ -68,8 +68,8 @@ cd examples/helloworld // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples -cd secGear +// build sdk and examples +cd secGear/sdk source environment mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install @@ -83,8 +83,8 @@ mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples -cd secGear +// build sdk and examples +cd secGear/sdk source /opt/intel/sgxsdk/environment && source environment mkdir debug && cd debug && cmake .. && make && sudo make install -- Gitee From ff5803947b97e4836dda30a57d66377fb54ed826 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Sun, 27 Jul 2025 23:11:15 +0800 Subject: [PATCH 07/19] update urls in examples --- examples/switchless/README.md | 2 +- examples/switchless_performance/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/switchless/README.md b/examples/switchless/README.md index 4d266d6..e2478be 100644 --- a/examples/switchless/README.md +++ b/examples/switchless/README.md @@ -1,4 +1,4 @@ -secGear +secGear switchless ============================ diff --git a/examples/switchless_performance/README.md b/examples/switchless_performance/README.md index 7f37f4d..19c9a3f 100644 --- a/examples/switchless_performance/README.md +++ b/examples/switchless_performance/README.md @@ -1,4 +1,4 @@ -secGear +secGear switchless ============================ -- Gitee From e169e2731297285aa0f333a12cc72ba49cee5559 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Sun, 27 Jul 2025 23:14:10 +0800 Subject: [PATCH 08/19] rename guide/docs to follow the same naming pattern --- examples/npu_attestation/{HowTo.en.md => README.en.md} | 0 examples/npu_attestation/{HowTo.md => README.md} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename examples/npu_attestation/{HowTo.en.md => README.en.md} (100%) rename examples/npu_attestation/{HowTo.md => README.md} (100%) diff --git a/examples/npu_attestation/HowTo.en.md b/examples/npu_attestation/README.en.md similarity index 100% rename from examples/npu_attestation/HowTo.en.md rename to examples/npu_attestation/README.en.md diff --git a/examples/npu_attestation/HowTo.md b/examples/npu_attestation/README.md similarity index 100% rename from examples/npu_attestation/HowTo.md rename to examples/npu_attestation/README.md -- Gitee From 2a75432e410dbc350ea5c038183b0881b7c9025d Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Tue, 29 Jul 2025 11:42:56 +0800 Subject: [PATCH 09/19] fix ra_tls example code error --- examples/ra_tls/server.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/examples/ra_tls/server.c b/examples/ra_tls/server.c index a85c79c..1d7ac08 100644 --- a/examples/ra_tls/server.c +++ b/examples/ra_tls/server.c @@ -117,9 +117,8 @@ err: } -int main(int argc, char *argv[]) +int main() { - int res = 0; ra_tls_buf cert = RA_TLS_BUF_INIT; ra_tls_buf prv_key = RA_TLS_BUF_INIT; int client_socket = -1; @@ -196,7 +195,7 @@ int main(int argc, char *argv[]) break; } read_buf[read_len] = '\0'; - printf("read data[%d]: %s\n", read_len, read_buf); + printf("read data[%lu]: %s\n", read_len, read_buf); printf("write back\n"); write_len = SSL_write(ssl, read_buf, read_len); if (write_len <= 0) { -- Gitee From 5127288f72e770850105407af8130139ecb3ea03 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Tue, 29 Jul 2025 11:46:45 +0800 Subject: [PATCH 10/19] fix example compiler complains --- examples/ra_tls/client.c | 8 ++++---- examples/ra_tls/server.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/ra_tls/client.c b/examples/ra_tls/client.c index 177b09a..bf670d7 100644 --- a/examples/ra_tls/client.c +++ b/examples/ra_tls/client.c @@ -109,7 +109,7 @@ err: #endif #define BUF_LEN_MAX 256 -int main(int argc, char *argv[]) +int main(void) { int res = 0; int ret = -1; @@ -119,9 +119,9 @@ int main(int argc, char *argv[]) int port = 10001; int server_sokcet = -1; uint8_t send_buf[BUF_LEN_MAX] = {"Hello Server\n"}; - size_t send_buf_len = strlen(send_buf); + size_t send_buf_len = strlen((const char *)send_buf); uint8_t recv_buf[BUF_LEN_MAX] = {0}; - size_t recv_buf_len = strlen(recv_buf); + size_t recv_buf_len = strlen((const char *)recv_buf); #ifdef CLIENT_WITH_CERT ra_tls_buf cert = RA_TLS_BUF_INIT; ra_tls_buf prv_key = RA_TLS_BUF_INIT; @@ -188,7 +188,7 @@ int main(int argc, char *argv[]) goto end; } recv_buf_len = res; - printf("read from peer[len = %d]: %s\n", recv_buf_len, recv_buf); + printf("read from peer[len = %lu]: %s\n", recv_buf_len, recv_buf); #endif end: SSL_shutdown(ssl); diff --git a/examples/ra_tls/server.c b/examples/ra_tls/server.c index 1d7ac08..5a6485c 100644 --- a/examples/ra_tls/server.c +++ b/examples/ra_tls/server.c @@ -117,7 +117,7 @@ err: } -int main() +int main(void) { ra_tls_buf cert = RA_TLS_BUF_INIT; ra_tls_buf prv_key = RA_TLS_BUF_INIT; -- Gitee From 94856bc1eab987de6d5dfb1b609adef774e8fc48 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Tue, 29 Jul 2025 11:51:25 +0800 Subject: [PATCH 11/19] fix example including in sdk --- sdk/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/CMakeLists.txt b/sdk/CMakeLists.txt index 55a190a..e3067e7 100644 --- a/sdk/CMakeLists.txt +++ b/sdk/CMakeLists.txt @@ -112,7 +112,7 @@ if(NOT IS_DIRECTORY ${LOCAL_ROOT_PATH}/bin) execute_process(COMMAND mkdir ${LOCAL_ROOT_PATH}/bin) endif() -#add_subdirectory(${LOCAL_ROOT_PATH}/../examples) +# add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/../examples ${CMAKE_CURRENT_SOURCE_DIR}/examples) add_subdirectory(test) install(FILES ${LOCAL_ROOT_PATH}/conf/logrotate.d/secgear -- Gitee From 919d278516abb8b19b2ddd0350ac57186e8b887b Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Tue, 29 Jul 2025 11:53:32 +0800 Subject: [PATCH 12/19] Revert "fix example including in sdk" This reverts commit 94856bc1eab987de6d5dfb1b609adef774e8fc48. --- sdk/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/CMakeLists.txt b/sdk/CMakeLists.txt index e3067e7..55a190a 100644 --- a/sdk/CMakeLists.txt +++ b/sdk/CMakeLists.txt @@ -112,7 +112,7 @@ if(NOT IS_DIRECTORY ${LOCAL_ROOT_PATH}/bin) execute_process(COMMAND mkdir ${LOCAL_ROOT_PATH}/bin) endif() -# add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/../examples ${CMAKE_CURRENT_SOURCE_DIR}/examples) +#add_subdirectory(${LOCAL_ROOT_PATH}/../examples) add_subdirectory(test) install(FILES ${LOCAL_ROOT_PATH}/conf/logrotate.d/secgear -- Gitee From 75889b01e5f211ad7c89661b22eb53992ce38f3a Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Tue, 29 Jul 2025 11:55:39 +0800 Subject: [PATCH 13/19] fix example including in sdk --- sdk/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/CMakeLists.txt b/sdk/CMakeLists.txt index 55a190a..b2e1116 100644 --- a/sdk/CMakeLists.txt +++ b/sdk/CMakeLists.txt @@ -112,7 +112,7 @@ if(NOT IS_DIRECTORY ${LOCAL_ROOT_PATH}/bin) execute_process(COMMAND mkdir ${LOCAL_ROOT_PATH}/bin) endif() -#add_subdirectory(${LOCAL_ROOT_PATH}/../examples) +# add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/../examples ${CMAKE_CURRENT_BINARY_DIR}/examples) add_subdirectory(test) install(FILES ${LOCAL_ROOT_PATH}/conf/logrotate.d/secgear -- Gitee From 58b22159c11a6e245ef7b5cb05a705463cbb31a2 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Tue, 29 Jul 2025 17:03:38 +0800 Subject: [PATCH 14/19] 1. remove examples building from sdk 2. fix cmake scripts and docs --- README.md | 42 ++++++++++++++++-- sdk/CMakeLists.txt | 8 ++-- .../secure_channel/client/CMakeLists.txt | 2 +- .../secure_channel/host/CMakeLists.txt | 2 +- sdk/docs/build_install.md | 43 ++++++++++++++++++- 5 files changed, 86 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 14d744c..4187129 100644 --- a/README.md +++ b/README.md @@ -33,10 +33,27 @@ sudo yum install -y cmake ocaml-dune linux-sgx-driver sgxsdk libsgx-launch libsg // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples +// build secGear core sdk cd secGear/sdk -source /opt/intel/sgxsdk/environment && source environment -mkdir debug && cd debug && cmake .. && make && sudo make install +source environment +mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install + +// build secGear core sdk, tools(codegen) and component +/* + * note: secGear component/secure_channnel requires service/attestation/attestation-agent, + * which should be built first. + */ +cd secGear/sdk +source environment +mkdir debug && cd debug +cmake -DENCLAVE=GP -DCODEGEN=ON -DCOMPONENT=ON .. +make && sudo make install + +// build an example after installing secGear, e.g. helloworld +cd examples/helloworld +mkdir debug && cd debug +cmake -DENCLAVE=GP .. +make && sudo make install // run helloworld ./examples/helloworld/host/secgear_helloworld @@ -55,11 +72,28 @@ sudo yum install -y cmake ocaml-dune itrustee_sdk-devel openssl-devel // clone secGear repository git clone https://gitee.com/openeuler/secGear.git -// build secGear and examples +// build secGear core sdk cd secGear/sdk source environment mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install +// build secGear core sdk, tools(codegen) and component +/* + * note: secGear component/secure_channnel requires service/attestation/attestation-agent, + * which should be built first. + */ +cd secGear/sdk +source environment +mkdir debug && cd debug +cmake -DENCLAVE=GP -DCODEGEN=ON -DCOMPONENT=ON .. +make && sudo make install + +// build an example after installing secGear, e.g. helloworld +cd examples/helloworld +mkdir debug && cd debug +cmake -DENCLAVE=GP .. +make && sudo make install + // run helloworld /vendor/bin/secgear_helloworld ``` diff --git a/sdk/CMakeLists.txt b/sdk/CMakeLists.txt index b2e1116..f4b24d0 100644 --- a/sdk/CMakeLists.txt +++ b/sdk/CMakeLists.txt @@ -97,13 +97,14 @@ if(${ENCLAVE} STREQUAL "PL") set(CC_PL ON) endif() -option(CODEGEN "default off" ON) +add_subdirectory(src) + +option(CODEGEN "default off" OFF) if(CODEGEN) add_subdirectory(tools/codegener) endif() -add_subdirectory(src) -option(COMPONENT "default off" ON) +option(COMPONENT "default off" OFF) if(COMPONENT) add_subdirectory(component) endif() @@ -112,7 +113,6 @@ if(NOT IS_DIRECTORY ${LOCAL_ROOT_PATH}/bin) execute_process(COMMAND mkdir ${LOCAL_ROOT_PATH}/bin) endif() -# add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/../examples ${CMAKE_CURRENT_BINARY_DIR}/examples) add_subdirectory(test) install(FILES ${LOCAL_ROOT_PATH}/conf/logrotate.d/secgear diff --git a/sdk/component/secure_channel/client/CMakeLists.txt b/sdk/component/secure_channel/client/CMakeLists.txt index 98a80ef..b36c15f 100644 --- a/sdk/component/secure_channel/client/CMakeLists.txt +++ b/sdk/component/secure_channel/client/CMakeLists.txt @@ -31,7 +31,7 @@ include_directories( ${LOCAL_ROOT_PATH}/component/remote_attest/ra_verify ${LOCAL_ROOT_PATH}/thirdparty/cjson ${LOCAL_ROOT_PATH}/thirdparty/base64url - ${LOCAL_ROOT_PATH}/service/attestation/attestation-agent/c_header + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/c_header ) add_library(c${PREFIX} SHARED ${SOURCE_FILE} ${CJSON_SRC} ${BASE64_SRC}) diff --git a/sdk/component/secure_channel/host/CMakeLists.txt b/sdk/component/secure_channel/host/CMakeLists.txt index 4b092b6..abede9c 100644 --- a/sdk/component/secure_channel/host/CMakeLists.txt +++ b/sdk/component/secure_channel/host/CMakeLists.txt @@ -51,7 +51,7 @@ if(CC_GP) ${LOCAL_ROOT_PATH}/inc/host_inc/gp ${LOCAL_ROOT_PATH}/component/remote_attest ${LOCAL_ROOT_PATH}/component/remote_attest/ra_report - ${LOCAL_ROOT_PATH}/service/attestation/attestation-agent/c_header + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/c_header ${LOCAL_ROOT_PATH}/thirdparty/base64url) add_library(u${PREFIX} SHARED ${SOURCE_FILE} ${AUTO_FILES}) diff --git a/sdk/docs/build_install.md b/sdk/docs/build_install.md index 46557ae..66614d6 100644 --- a/sdk/docs/build_install.md +++ b/sdk/docs/build_install.md @@ -14,6 +14,29 @@ git clone https://gitee.com/openeuler/secGear.git cd secGear/sdk source /opt/intel/sgxsdk/environment && source environment mkdir debug && cd debug && cmake ..&& make && sudo make install + +// build secGear core sdk +cd secGear/sdk +source /opt/intel/sgxsdk/environment && source environment +mkdir debug && cd debug && cmake .. && make && sudo make install + +// build secGear core sdk, tools(codegen) and component +/* + * note: secGear component/secure_channnel requires service/attestation/attestation-agent, + * which should be built first. + */ +cd secGear/sdk +source /opt/intel/sgxsdk/environment && source environment +mkdir debug && cd debug +cmake -DCODEGEN=ON -DCOMPONENT=ON .. +make && sudo make install + +// build an example after installing secGear, e.g. helloworld +cd examples/helloworld +mkdir debug && cd debug +source /opt/intel/sgxsdk/environment && source ../../../sdk/environment +cmake .. +make && sudo make install ``` 3. Run Helloworld @@ -38,9 +61,27 @@ git clone https://gitee.com/openeuler/secGear.git 2. Build SDK and examples ```bash +// build secGear core sdk +cd secGear/sdk +source environment +mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install + +// build secGear core sdk, tools(codegen) and component +/* + * note: secGear component/secure_channnel requires service/attestation/attestation-agent, + * which should be built first. + */ cd secGear/sdk source environment -mkdir debug && cd debug && cmake -DENCLAVE=GP ..&& make && sudo make install +mkdir debug && cd debug +cmake -DENCLAVE=GP -DCODEGEN=ON -DCOMPONENT=ON .. +make && sudo make install + +// build an example after installing secGear, e.g. helloworld +cd examples/helloworld +mkdir debug && cd debug +cmake -DENCLAVE=GP .. +make && sudo make install ``` 3. Run Helloworld with root -- Gitee From 22fa31e3156bb84b30b956c84b8e0674de194f51 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Tue, 29 Jul 2025 17:06:21 +0800 Subject: [PATCH 15/19] adjust building order --- sdk/CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/CMakeLists.txt b/sdk/CMakeLists.txt index f4b24d0..ab223f2 100644 --- a/sdk/CMakeLists.txt +++ b/sdk/CMakeLists.txt @@ -97,13 +97,13 @@ if(${ENCLAVE} STREQUAL "PL") set(CC_PL ON) endif() -add_subdirectory(src) - option(CODEGEN "default off" OFF) if(CODEGEN) add_subdirectory(tools/codegener) endif() +add_subdirectory(src) + option(COMPONENT "default off" OFF) if(COMPONENT) add_subdirectory(component) -- Gitee From 2f5d60a96b302cb4a507b8c236f3e2957dea7d83 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Tue, 29 Jul 2025 17:10:43 +0800 Subject: [PATCH 16/19] update sdk cmake help info --- sdk/CMakeLists.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sdk/CMakeLists.txt b/sdk/CMakeLists.txt index ab223f2..0024a03 100644 --- a/sdk/CMakeLists.txt +++ b/sdk/CMakeLists.txt @@ -20,13 +20,16 @@ set(LOCAL_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) message("=============cmake help info=======================") message("Example default cmd: cmake ..") message("same with default: cmake -DENCLAVE=SGX -DSDK_PATH=/opt/intel/sgxsdk -DSSL_PATH=/opt/intel/sgxssl ..") -message("cmake [-DCMAKE_BUILD_TYPE=val] [-DENCLAVE=val] [-DCC_SIM=ON] [-DSDK_PATH=path] [-DSSL_PATH=path] ..") +message("cmake [-DCMAKE_BUILD_TYPE=val] [-DENCLAVE=val] [-DCC_SIM=ON] [-DSDK_PATH=path] [-DSSL_PATH=path]") +message("[-DCODEGEN=val] [-DCOMPONENT=val] ..") message("CMAKE_BUILD_TYPE:[optional] pass Debug if you need file line info in log, default log without file line") message("ENCLAVE:[optional] valid val: SGX --default, GP --trustzone, PL --Penglai") message("CC_SIM:[optional] only support by SGX") message("SDK_PATH:[optional] default SGX:/opt/intel/sgxsdk, GP:/opt/itrustee_sdk, PL:/root/dev/sdk; pass SDK_PATH if you installed sdk in custom path") message("SSL_PATH:[optional] pass security ssl installed path when your application use ssl") +message("CODEGEN:[optional] default OFF, set to ON to build tools/codegener") +message("COMPONENT:[optional] default OFF, set to ON to build component/*, including secure_channel") message("=============cmake help info=======================") if (NOT DEFINED ENCLAVE) set(ENCLAVE "SGX") -- Gitee From 63fec142fb9f97fcaeeaf0f708a054428762f468 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Tue, 29 Jul 2025 17:14:55 +0800 Subject: [PATCH 17/19] remove examples/cmakelists.txt as building examples from sdk is not recommended --- examples/CMakeLists.txt | 41 ----------------------------------------- 1 file changed, 41 deletions(-) delete mode 100644 examples/CMakeLists.txt diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt deleted file mode 100644 index 9d66eab..0000000 --- a/examples/CMakeLists.txt +++ /dev/null @@ -1,41 +0,0 @@ -add_custom_target(copy ALL - COMMAND mkdir -p ${CMAKE_BINARY_DIR}/inc/secGear - COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/*.h ${CMAKE_BINARY_DIR}/inc/secGear/ - COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/*.h ${CMAKE_BINARY_DIR}/inc/secGear/) - -if(CC_GP) - add_custom_command(TARGET copy - POST_BUILD - COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/gp/*.edl ${CMAKE_BINARY_DIR}/inc/secGear/ - COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/gp/*.h ${CMAKE_BINARY_DIR}/inc/secGear/ - COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/*.h ${CMAKE_BINARY_DIR}/inc/secGear/ - COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee/*.h ${CMAKE_BINARY_DIR}/inc/secGear/) - add_subdirectory(seal_data) - add_subdirectory(helloworld) - add_subdirectory(switchless) - #add_subdirectory(lrt) -endif() - -if(CC_SGX) - add_custom_command(TARGET copy - POST_BUILD - COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/sgx/*.h ${CMAKE_BINARY_DIR}/inc/secGear/ - COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/sgx/*.edl ${CMAKE_BINARY_DIR}/inc/secGear/ - COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/sgx/*.h ${CMAKE_BINARY_DIR}/inc/secGear/) - add_subdirectory(seal_data) - add_subdirectory(helloworld) - add_subdirectory(switchless) - #add_subdirectory(lrt) -endif() - -if(CC_PL) - add_custom_command(TARGET copy - POST_BUILD - COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/penglai/*.h ${CMAKE_BINARY_DIR}/inc/secGear/ - COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/penglai/*.edl ${CMAKE_BINARY_DIR}/inc/secGear/ - COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai/*.h ${CMAKE_BINARY_DIR}/inc/secGear/) - # add_subdirectory(seal_data) - add_subdirectory(helloworld) - #add_subdirectory(lrt) -endif() -add_subdirectory(ra_tls) -- Gitee From c788da9185be47e125cd744214e40136cb021815 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Tue, 29 Jul 2025 17:22:00 +0800 Subject: [PATCH 18/19] change sdk default building options --- README.md | 24 ++++++----------------- examples/CMakeLists.txt | 41 +++++++++++++++++++++++++++++++++++++++ sdk/CMakeLists.txt | 8 ++++---- sdk/docs/build_install.md | 20 ++++--------------- 4 files changed, 55 insertions(+), 38 deletions(-) create mode 100644 examples/CMakeLists.txt diff --git a/README.md b/README.md index 4187129..246fd08 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,8 @@ Quick start - 操作系统:openEuler 21.03、openEuler 20.03 LTS SP2或更高版本 #### Build and Run -``` + +```bash // install build require sudo yum install -y cmake ocaml-dune linux-sgx-driver sgxsdk libsgx-launch libsgx-urts intel-sgx-ssl-devel @@ -34,20 +35,13 @@ sudo yum install -y cmake ocaml-dune linux-sgx-driver sgxsdk libsgx-launch libsg git clone https://gitee.com/openeuler/secGear.git // build secGear core sdk -cd secGear/sdk -source environment -mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install - -// build secGear core sdk, tools(codegen) and component /* * note: secGear component/secure_channnel requires service/attestation/attestation-agent, * which should be built first. */ cd secGear/sdk source environment -mkdir debug && cd debug -cmake -DENCLAVE=GP -DCODEGEN=ON -DCOMPONENT=ON .. -make && sudo make install +mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install // build an example after installing secGear, e.g. helloworld cd examples/helloworld @@ -65,7 +59,8 @@ make && sudo make install - 操作系统:openEuler 21.03、openEuler 20.03 LTS SP2或更高版本 #### Build and Run -``` + +```bash // install dependencies sudo yum install -y cmake ocaml-dune itrustee_sdk-devel openssl-devel @@ -73,20 +68,13 @@ sudo yum install -y cmake ocaml-dune itrustee_sdk-devel openssl-devel git clone https://gitee.com/openeuler/secGear.git // build secGear core sdk -cd secGear/sdk -source environment -mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install - -// build secGear core sdk, tools(codegen) and component /* * note: secGear component/secure_channnel requires service/attestation/attestation-agent, * which should be built first. */ cd secGear/sdk source environment -mkdir debug && cd debug -cmake -DENCLAVE=GP -DCODEGEN=ON -DCOMPONENT=ON .. -make && sudo make install +mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install // build an example after installing secGear, e.g. helloworld cd examples/helloworld diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt new file mode 100644 index 0000000..9d66eab --- /dev/null +++ b/examples/CMakeLists.txt @@ -0,0 +1,41 @@ +add_custom_target(copy ALL + COMMAND mkdir -p ${CMAKE_BINARY_DIR}/inc/secGear + COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/*.h ${CMAKE_BINARY_DIR}/inc/secGear/ + COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/*.h ${CMAKE_BINARY_DIR}/inc/secGear/) + +if(CC_GP) + add_custom_command(TARGET copy + POST_BUILD + COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/gp/*.edl ${CMAKE_BINARY_DIR}/inc/secGear/ + COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/gp/*.h ${CMAKE_BINARY_DIR}/inc/secGear/ + COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/*.h ${CMAKE_BINARY_DIR}/inc/secGear/ + COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee/*.h ${CMAKE_BINARY_DIR}/inc/secGear/) + add_subdirectory(seal_data) + add_subdirectory(helloworld) + add_subdirectory(switchless) + #add_subdirectory(lrt) +endif() + +if(CC_SGX) + add_custom_command(TARGET copy + POST_BUILD + COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/sgx/*.h ${CMAKE_BINARY_DIR}/inc/secGear/ + COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/sgx/*.edl ${CMAKE_BINARY_DIR}/inc/secGear/ + COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/sgx/*.h ${CMAKE_BINARY_DIR}/inc/secGear/) + add_subdirectory(seal_data) + add_subdirectory(helloworld) + add_subdirectory(switchless) + #add_subdirectory(lrt) +endif() + +if(CC_PL) + add_custom_command(TARGET copy + POST_BUILD + COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/penglai/*.h ${CMAKE_BINARY_DIR}/inc/secGear/ + COMMAND cp ${LOCAL_ROOT_PATH}/inc/host_inc/penglai/*.edl ${CMAKE_BINARY_DIR}/inc/secGear/ + COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai/*.h ${CMAKE_BINARY_DIR}/inc/secGear/) + # add_subdirectory(seal_data) + add_subdirectory(helloworld) + #add_subdirectory(lrt) +endif() +add_subdirectory(ra_tls) diff --git a/sdk/CMakeLists.txt b/sdk/CMakeLists.txt index 0024a03..7e16c21 100644 --- a/sdk/CMakeLists.txt +++ b/sdk/CMakeLists.txt @@ -28,8 +28,8 @@ message("CC_SIM:[optional] only support by SGX") message("SDK_PATH:[optional] default SGX:/opt/intel/sgxsdk, GP:/opt/itrustee_sdk, PL:/root/dev/sdk; pass SDK_PATH if you installed sdk in custom path") message("SSL_PATH:[optional] pass security ssl installed path when your application use ssl") -message("CODEGEN:[optional] default OFF, set to ON to build tools/codegener") -message("COMPONENT:[optional] default OFF, set to ON to build component/*, including secure_channel") +message("CODEGEN:[optional] default ON, set to OFF to skip building tools/codegener, not recommended") +message("COMPONENT:[optional] default ON, set to OFF to skip building component/*, including secure_channel") message("=============cmake help info=======================") if (NOT DEFINED ENCLAVE) set(ENCLAVE "SGX") @@ -100,14 +100,14 @@ if(${ENCLAVE} STREQUAL "PL") set(CC_PL ON) endif() -option(CODEGEN "default off" OFF) +option(CODEGEN "default on" ON) if(CODEGEN) add_subdirectory(tools/codegener) endif() add_subdirectory(src) -option(COMPONENT "default off" OFF) +option(COMPONENT "default on" ON) if(COMPONENT) add_subdirectory(component) endif() diff --git a/sdk/docs/build_install.md b/sdk/docs/build_install.md index 66614d6..39b7a34 100644 --- a/sdk/docs/build_install.md +++ b/sdk/docs/build_install.md @@ -16,20 +16,15 @@ source /opt/intel/sgxsdk/environment && source environment mkdir debug && cd debug && cmake ..&& make && sudo make install // build secGear core sdk -cd secGear/sdk -source /opt/intel/sgxsdk/environment && source environment -mkdir debug && cd debug && cmake .. && make && sudo make install - -// build secGear core sdk, tools(codegen) and component /* * note: secGear component/secure_channnel requires service/attestation/attestation-agent, * which should be built first. */ cd secGear/sdk source /opt/intel/sgxsdk/environment && source environment -mkdir debug && cd debug -cmake -DCODEGEN=ON -DCOMPONENT=ON .. -make && sudo make install +mkdir debug && cd debug && cmake .. && make && sudo make install + + // build an example after installing secGear, e.g. helloworld cd examples/helloworld @@ -62,20 +57,13 @@ git clone https://gitee.com/openeuler/secGear.git ```bash // build secGear core sdk -cd secGear/sdk -source environment -mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install - -// build secGear core sdk, tools(codegen) and component /* * note: secGear component/secure_channnel requires service/attestation/attestation-agent, * which should be built first. */ cd secGear/sdk source environment -mkdir debug && cd debug -cmake -DENCLAVE=GP -DCODEGEN=ON -DCOMPONENT=ON .. -make && sudo make install +mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install // build an example after installing secGear, e.g. helloworld cd examples/helloworld -- Gitee From dc6d7b5fb3577a936b34716110bfd4d20ee2b051 Mon Sep 17 00:00:00 2001 From: MaxMadMax Date: Wed, 30 Jul 2025 17:03:57 +0800 Subject: [PATCH 19/19] fix libattestation linking --- sdk/component/secure_channel/client/CMakeLists.txt | 3 ++- sdk/component/secure_channel/host/CMakeLists.txt | 10 +++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/sdk/component/secure_channel/client/CMakeLists.txt b/sdk/component/secure_channel/client/CMakeLists.txt index b36c15f..2a4180d 100644 --- a/sdk/component/secure_channel/client/CMakeLists.txt +++ b/sdk/component/secure_channel/client/CMakeLists.txt @@ -38,7 +38,8 @@ add_library(c${PREFIX} SHARED ${SOURCE_FILE} ${CJSON_SRC} ${BASE64_SRC}) if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") target_link_directories(c${PREFIX} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} - ${LOCAL_ROOT_PATH}/service/attestation/attestation-agent/target/debug/ + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/target/release + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/target/debug ) endif() diff --git a/sdk/component/secure_channel/host/CMakeLists.txt b/sdk/component/secure_channel/host/CMakeLists.txt index abede9c..671e1af 100644 --- a/sdk/component/secure_channel/host/CMakeLists.txt +++ b/sdk/component/secure_channel/host/CMakeLists.txt @@ -58,7 +58,9 @@ if(CC_GP) if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") target_link_directories(u${PREFIX} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} - ${LOCAL_ROOT_PATH}/service/attestation/attestation-agent/target/debug/) + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/target/release + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/target/debug + ) endif() target_link_libraries(u${PREFIX} secgear_ra attestation_agent) endif() @@ -88,7 +90,7 @@ if(CC_SGX) ${SGX_SDK_PATH}/include ${LOCAL_ROOT_PATH}/component/remote_attest ${LOCAL_ROOT_PATH}/component/remote_attest/ra_report - ${LOCAL_ROOT_PATH}/service/attestation/attestation-agent/c_header + ${LOCAL_ROOT_PATH}/../service/attestation/attestation-agent/c_header ${LOCAL_ROOT_PATH}/thirdparty/base64url) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${host_C_Flags}") add_library(u${PREFIX} SHARED ${SOURCE_FILE} ${AUTO_FILES}) @@ -97,7 +99,9 @@ if(CC_SGX) target_link_directories(u${PREFIX} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} ${CMAKE_BINARY_DIR}/lib/ - ${CMAKE_SOURCE_DIR}/service/attestation/attestation-agent/target/debug/) + ${CMAKE_SOURCE_DIR}/../service/attestation/attestation-agent/target/release + ${CMAKE_SOURCE_DIR}/../service/attestation/attestation-agent/target/debug + ) endif() target_link_libraries(u${PREFIX} secgear_ra attestation_agent) endif() -- Gitee