BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #149948 from veehaitch/sgx-sdk-2.15.1

Browse source 
sgx-sdk, sgx-psw: 2.14 -> 2.15.1
This commit is contained in:
Bobby Rong 2021-12-17 15:53:06 +08:00 committed by GitHub
commit b4693d8dae
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 50 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pkgs/os-specific/linux/sgx/psw/default.nix
View file

@ -25,14 +25,14 @@ stdenv.mkDerivation rec {
let
ae.prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz";
hash = "sha256-nGKZEpT2Mx0DLgqjv9qbZqBt1pQaSHcnA0K6nHma3sk";
hash = "sha256-JriA9UGYFkAPuCtRizk8RMM1YOYGR/eO9ILnx47A40s=";
};
dcap = rec {
version = "1.11";
version = "1.12.1";
filename = "prebuilt_dcap_${version}.tar.gz";
prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
hash = "sha256-ShGScS4yNLki04RNPxxLvqzGmy4U1L0gVETvfAo8w9M=";
hash = "sha256-V/XHva9Sq3P36xSW+Sd0G6Dnk4H0ANO1Ns/u+FI1eGI=";
};
};
in

53
pkgs/os-specific/linux/sgx/sdk/default.nix
View file

@ -1,7 +1,8 @@
{ lib
, stdenv
, fetchzip
, fetchFromGitHub
, fetchpatch
, fetchzip
, callPackage
, autoconf
, automake
@ -25,40 +26,33 @@
}:
stdenv.mkDerivation rec {
pname = "sgx-sdk";
version = "2.14.100.2";
versionTag = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version));
# Version as given in se_version.h
version = "2.15.101.1";
# Version as used in the Git tag
versionTag = "2.15.1";
src = fetchFromGitHub {
owner = "intel";
repo = "linux-sgx";
rev = "sgx_${versionTag}";
hash = "sha256-D/QZWBUe1gRbbjWnV10b7IPoM3utefAsOEKnQuasIrM=";
hash = "sha256-e11COTR5eDPMB81aPRKatvIkAOeX+OZgnvn2utiv78M=";
fetchSubmodules = true;
};
postUnpack =
let
optlibName = "optimized_libs_${versionTag}.tar.gz";
optimizedLibs = fetchzip {
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/${optlibName}";
hash = "sha256-FjNhNV9+KDMvBYdWXZbua6qYOc3Z1/jtcF4j52TSxQY=";
stripRoot = false;
};
sgxIPPCryptoHeader = "${optimizedLibs}/external/ippcp_internal/inc/sgx_ippcp.h";
in
''
# Make sure this is the right version of linux-sgx
grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \
|| (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)
postUnpack = ''
# Make sure this is the right version of linux-sgx
grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \
|| (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)
'';
# Make sure we use the correct version to build IPP Crypto
grep -q 'optlib_name=${optlibName}' "$src/download_prebuilt.sh" \
|| (echo "Could not find expected optimized libs ${optlibName} in linux-sgx source" >&2 && exit 1)
# Add missing sgx_ippcp.h: https://github.com/intel/linux-sgx/pull/752
ln -s ${sgxIPPCryptoHeader} "$sourceRoot/external/ippcp_internal/inc/sgx_ippcp.h"
'';
patches = [
# Commit to add missing sgx_ippcp.h not yet part of this release
(fetchpatch {
name = "add-missing-sgx_ippcp-header.patch";
url = "https://github.com/intel/linux-sgx/commit/51d1087b707a47e18588da7bae23e5f686d44be6.patch";
sha256 = "sha256-RZC14H1oEuGp0zn8CySDPy1KNqP/POqb+KMYoQt2A7M=";
})
];
postPatch = ''
# https://github.com/intel/linux-sgx/pull/730
@ -121,7 +115,7 @@ stdenv.mkDerivation rec {
pushd 'external/ippcp_internal'
install ${ipp-crypto-no_mitigation}/include/* inc/
cp -r ${ipp-crypto-no_mitigation}/include/. inc/
install -D -m a+rw ${ipp-crypto-no_mitigation}/lib/intel64/libippcp.a \
lib/linux/intel64/no_mitigation/libippcp.a
@ -131,7 +125,7 @@ stdenv.mkDerivation rec {
lib/linux/intel64/cve_2020_0551_cf/libippcp.a
rm inc/ippcp.h
patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp20u3.patch -o inc/ippcp.h
patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u3.patch -o inc/ippcp.h
install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE
@ -227,8 +221,7 @@ stdenv.mkDerivation rec {
--replace '/opt/intel/sgxsdk' "$out"
for file in $out/share/SampleCode/*/Makefile; do
substituteInPlace $file \
--replace '/opt/intel/sgxsdk' "$out" \
--replace '$(SGX_SDK)/buildenv.mk' "$out/share/bin/buildenv.mk"
--replace '/opt/intel/sgxsdk' "$out"
done
header "Fixing BINUTILS_DIR in buildenv.mk"

22
pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix
View file

@ -2,23 +2,35 @@
, stdenv
, fetchFromGitHub
, cmake
, python3
, nasm
, openssl
, python3
, extraCmakeFlags ? [ ]
}:
stdenv.mkDerivation rec {
pname = "ipp-crypto";
version = "2020_update3";
version = "2021.3";
src = fetchFromGitHub {
owner = "intel";
repo = "ipp-crypto";
rev = "ipp-crypto_${version}";
sha256 = "02vlda6mlhbd12ljzdf65klpx4kmx1ylch9w3yllsiya4hwqzy4b";
rev = "ippcp_${version}";
hash = "sha256-QEJXvQ//zhQqibFxXwPMdS1MHewgyb24LRmkycVSGrM=";
};
# Fix typo: https://github.com/intel/ipp-crypto/pull/33
postPatch = ''
substituteInPlace sources/cmake/ippcp-gen-config.cmake \
--replace 'ippcpo-config.cmake' 'ippcp-config.cmake'
'';
cmakeFlags = [ "-DARCH=intel64" ] ++ extraCmakeFlags;
nativeBuildInputs = [ cmake python3 nasm ];
nativeBuildInputs = [
cmake
nasm
openssl
python3
];
}

8
pkgs/os-specific/linux/sgx/sdk/samples.nix
View file

@ -12,7 +12,11 @@ let
buildInputs = [
sgx-sdk
];
enableParallelBuilding = true;
# The samples don't have proper support for parallel building
# causing them to fail randomly.
enableParallelBuilding = false;
buildFlags = [
"SGX_MODE=SIM"
];
@ -44,6 +48,7 @@ in
# Requires interaction
doInstallCheck = false;
});
protobufSGXDemo = buildSample "ProtobufSGXDemo";
remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: {
dontFixup = true;
installCheckPhase = ''
@ -52,6 +57,7 @@ in
});
sampleEnclave = buildSample "SampleEnclave";
sampleEnclavePCL = buildSample "SampleEnclavePCL";
sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP";
sealUnseal = buildSample "SealUnseal";
switchless = buildSample "Switchless";
}