blob: d9357ba04310281d079fe384564c7c2acade5741 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
# This package _builds_ (but doesn't run!) the sgx-ssl test enclave + harness.
# The whole package effectively does:
#
# ```
# SGX_MODE=${sgxMode} make -C Linux/sgx/test_app
# cp Linux/sgx/{TestApp,TestEnclave.signed.so} $out/bin
# ```
#
# OfBorg fails to run these tests since they require real Intel HW. That
# includes the simulation mode! The tests appears to do something fancy with
# cpuid and exception trap handlers that make them very non-portable.
#
# These tests are split out from the parent pkg since recompiling the parent
# takes like 30 min : )
{ lib
, openssl
, sgx-psw
, sgx-sdk
, sgx-ssl
, stdenv
, which
, opensslVersion ? throw "required parameter"
, sgxMode ? throw "required parameter" # "SIM" or "HW"
}:
stdenv.mkDerivation {
inherit (sgx-ssl) postPatch src version;
pname = sgx-ssl.pname + "-tests-${sgxMode}";
postUnpack = sgx-ssl.postUnpack + ''
sourceRootAbs=$(readlink -e $sourceRoot)
packageDir=$sourceRootAbs/Linux/package
# Do the inverse of 'make install' and symlink built artifacts back into
# '$src/Linux/package/' to avoid work.
mkdir $packageDir/lib $packageDir/lib64
ln -s ${lib.getLib sgx-ssl}/lib/* $packageDir/lib/
ln -s ${lib.getLib sgx-ssl}/lib64/* $packageDir/lib64/
ln -sf ${lib.getDev sgx-ssl}/include/* $packageDir/include/
# test_app needs some internal openssl headers.
# See: tail end of 'Linux/build_openssl.sh'
tar -C $sourceRootAbs/openssl_source -xf $sourceRootAbs/openssl_source/openssl-${opensslVersion}.tar.gz
echo '#define OPENSSL_VERSION_STR "${opensslVersion}"' > $sourceRootAbs/Linux/sgx/osslverstr.h
ln -s $sourceRootAbs/openssl_source/openssl-${opensslVersion}/include/crypto $sourceRootAbs/Linux/sgx/test_app/enclave/
ln -s $sourceRootAbs/openssl_source/openssl-${opensslVersion}/include/internal $sourceRootAbs/Linux/sgx/test_app/enclave/
'';
nativeBuildInputs = [
openssl.bin
sgx-sdk
which
];
preBuild = ''
# Need to regerate the edl header
make -C Linux/sgx/libsgx_tsgxssl sgx_tsgxssl_t.c
'';
makeFlags = [
"-C Linux/sgx/test_app"
"SGX_MODE=${sgxMode}"
];
installPhase = ''
runHook preInstall
# Enclaves can't be stripped after signing.
install -Dm 755 Linux/sgx/test_app/TestEnclave.signed.so -t $TMPDIR/enclaves
install -Dm 755 Linux/sgx/test_app/TestApp -t $out/bin
runHook postInstall
'';
postFixup = ''
# Move the enclaves where they actually belong.
mv $TMPDIR/enclaves/*.signed.so* $out/bin/
# HW SGX must runs against sgx-psw, not sgx-sdk.
if [[ "${sgxMode}" == "HW" ]]; then
patchelf \
--set-rpath "$( \
patchelf --print-rpath $out/bin/TestApp \
| sed 's|${lib.getLib sgx-sdk}|${lib.getLib sgx-psw}|' \
)" \
$out/bin/TestApp
fi
'';
meta = {
platforms = [ "x86_64-linux" ];
mainProgram = "TestApp";
};
}
|
