diff options
Diffstat (limited to 'pkgs/os-specific/linux/sgx/ssl/tests.nix')
-rw-r--r-- | pkgs/os-specific/linux/sgx/ssl/tests.nix | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/sgx/ssl/tests.nix b/pkgs/os-specific/linux/sgx/ssl/tests.nix new file mode 100644 index 0000000000000..d9357ba043102 --- /dev/null +++ b/pkgs/os-specific/linux/sgx/ssl/tests.nix @@ -0,0 +1,95 @@ +# This package _builds_ (but doesn't run!) the sgx-ssl test enclave + harness. +# The whole package effectively does: +# +# ``` +# SGX_MODE=${sgxMode} make -C Linux/sgx/test_app +# cp Linux/sgx/{TestApp,TestEnclave.signed.so} $out/bin +# ``` +# +# OfBorg fails to run these tests since they require real Intel HW. That +# includes the simulation mode! The tests appears to do something fancy with +# cpuid and exception trap handlers that make them very non-portable. +# +# These tests are split out from the parent pkg since recompiling the parent +# takes like 30 min : ) + +{ lib +, openssl +, sgx-psw +, sgx-sdk +, sgx-ssl +, stdenv +, which +, opensslVersion ? throw "required parameter" +, sgxMode ? throw "required parameter" # "SIM" or "HW" +}: +stdenv.mkDerivation { + inherit (sgx-ssl) postPatch src version; + pname = sgx-ssl.pname + "-tests-${sgxMode}"; + + postUnpack = sgx-ssl.postUnpack + '' + sourceRootAbs=$(readlink -e $sourceRoot) + packageDir=$sourceRootAbs/Linux/package + + # Do the inverse of 'make install' and symlink built artifacts back into + # '$src/Linux/package/' to avoid work. + mkdir $packageDir/lib $packageDir/lib64 + ln -s ${lib.getLib sgx-ssl}/lib/* $packageDir/lib/ + ln -s ${lib.getLib sgx-ssl}/lib64/* $packageDir/lib64/ + ln -sf ${lib.getDev sgx-ssl}/include/* $packageDir/include/ + + # test_app needs some internal openssl headers. + # See: tail end of 'Linux/build_openssl.sh' + tar -C $sourceRootAbs/openssl_source -xf $sourceRootAbs/openssl_source/openssl-${opensslVersion}.tar.gz + echo '#define OPENSSL_VERSION_STR "${opensslVersion}"' > $sourceRootAbs/Linux/sgx/osslverstr.h + ln -s $sourceRootAbs/openssl_source/openssl-${opensslVersion}/include/crypto $sourceRootAbs/Linux/sgx/test_app/enclave/ + ln -s $sourceRootAbs/openssl_source/openssl-${opensslVersion}/include/internal $sourceRootAbs/Linux/sgx/test_app/enclave/ + ''; + + nativeBuildInputs = [ + openssl.bin + sgx-sdk + which + ]; + + preBuild = '' + # Need to regerate the edl header + make -C Linux/sgx/libsgx_tsgxssl sgx_tsgxssl_t.c + ''; + + makeFlags = [ + "-C Linux/sgx/test_app" + "SGX_MODE=${sgxMode}" + ]; + + installPhase = '' + runHook preInstall + + # Enclaves can't be stripped after signing. + install -Dm 755 Linux/sgx/test_app/TestEnclave.signed.so -t $TMPDIR/enclaves + + install -Dm 755 Linux/sgx/test_app/TestApp -t $out/bin + + runHook postInstall + ''; + + postFixup = '' + # Move the enclaves where they actually belong. + mv $TMPDIR/enclaves/*.signed.so* $out/bin/ + + # HW SGX must runs against sgx-psw, not sgx-sdk. + if [[ "${sgxMode}" == "HW" ]]; then + patchelf \ + --set-rpath "$( \ + patchelf --print-rpath $out/bin/TestApp \ + | sed 's|${lib.getLib sgx-sdk}|${lib.getLib sgx-psw}|' \ + )" \ + $out/bin/TestApp + fi + ''; + + meta = { + platforms = [ "x86_64-linux" ]; + mainProgram = "TestApp"; + }; +} |