Skip to content

Commit

Permalink
sdk/oe: minimal bindings for OpenEnclave SDK
Browse files Browse the repository at this point in the history
  • Loading branch information
jovanbulck committed Jan 15, 2025
1 parent 2a06a95 commit e2eb79b
Show file tree
Hide file tree
Showing 15 changed files with 441 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,6 @@
[submodule "sdk/bare-sgx"]
path = sdk/bare-sgx
url = https://github.com/jovanbulck/bare-sgx.git
[submodule "sdk/oe/openenclave"]
path = sdk/oe/openenclave
url = https://github.com/openenclave/openenclave.git
7 changes: 7 additions & 0 deletions app/oe/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
*_t.*
*_u.*
*.pem
*_args.h
*.signed
enclave/enclave
host/helloworld_host
24 changes: 24 additions & 0 deletions app/oe/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Copyright (c) Open Enclave SDK contributors.
# Licensed under the MIT License.

.PHONY: all build clean run simulate

OE_CRYPTO_LIB := mbedtls
export OE_CRYPTO_LIB

all: build

build:
$(MAKE) -C enclave
$(MAKE) -C host

clean:
$(MAKE) -C enclave clean
$(MAKE) -C host clean

run:
host/helloworld_host ./enclave/enclave.signed

simulate:
host/helloworld_host ./enclave/enclave.signed --simulate

35 changes: 35 additions & 0 deletions app/oe/config.mk
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Copyright (c) Open Enclave SDK contributors.
# Licensed under the MIT License.

# Perform common configuration for building sample enclaves and hosts.

# Detect compiler.
ifneq ($(CC),cc)
# CC explicitly specified.
else ifneq ($(shell $(CC) --version | grep clang),)
# CC is default (cc), and aliases to clang.
else
# CC is default (cc), and does not alias to clang.
CLANG_VERSION = $(shell for v in "11" "10" "9" "8"; do \
if [ -n "$$(command -v clang-$$v)" ]; then \
echo $$v; \
break; \
fi; \
done)

ifneq ($(CLANG_VERSION),)
CC = clang-$(CLANG_VERSION)
CXX = clang++-$(CLANG_VERSION)
endif
endif

# Choose the right pkg-config based on CC.
C_COMPILER = clang
CXX_COMPILER = clang++
ifeq ($(shell $(CC) --version | grep clang),)
C_COMPILER = gcc
CXX_COMPILER = g++
endif

# Define COMPILER for samples that use only C.
COMPILER = $(C_COMPILER)
50 changes: 50 additions & 0 deletions app/oe/enclave/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# Copyright (c) Open Enclave SDK contributors.
# Licensed under the MIT License.

include ../config.mk

CRYPTO_LDFLAGS := $(shell pkg-config oeenclave-$(COMPILER) --variable=${OE_CRYPTO_LIB}libs)

ifeq ($(LVI_MITIGATION), ControlFlow)
ifeq ($(LVI_MITIGATION_BINDIR),)
$(error LVI_MITIGATION_BINDIR is not set)
endif
# Only run once.
ifeq (,$(findstring $(LVI_MITIGATION_BINDIR),$(CC)))
CC := $(LVI_MITIGATION_BINDIR)/$(CC)
endif
COMPILER := $(COMPILER)-lvi-cfg
CRYPTO_LDFLAGS := $(shell pkg-config oeenclave-$(COMPILER) --variable=${OE_CRYPTO_LIB}libslvicfg)
endif

ifeq ($(OE_CRYPTO_LIB),openssl_3)
CFLAGS=$(shell pkg-config oeenclave-$(COMPILER) --variable=${OE_CRYPTO_LIB}flags)
else
CFLAGS=$(shell pkg-config oeenclave-$(COMPILER) --cflags)
endif
LDFLAGS=$(shell pkg-config oeenclave-$(COMPILER) --libs)
INCDIR=$(shell pkg-config oeenclave-$(COMPILER) --variable=includedir)

all:
$(MAKE) build
$(MAKE) keys
$(MAKE) sign

build:
@ echo "Compilers used: $(CC), $(CXX)"
oeedger8r ../helloworld.edl --trusted \
--search-path $(INCDIR) \
--search-path $(INCDIR)/openenclave/edl/sgx
$(CC) -g -c $(CFLAGS) -DOE_API_VERSION=2 enc.c -o enc.o
$(CC) -g -c $(CFLAGS) -DOE_API_VERSION=2 helloworld_t.c -o helloworld_t.o
$(CC) -o enclave helloworld_t.o enc.o $(LDFLAGS) $(CRYPTO_LDFLAGS)

sign:
oesign sign -e enclave -c helloworld.conf -k private.pem

clean:
rm -f enc.o enclave enclave.signed private.pem public.pem helloworld_t.o helloworld_t.h helloworld_t.c helloworld_args.h

keys:
openssl genrsa -out private.pem -3 3072
openssl rsa -in private.pem -pubout -out public.pem
33 changes: 33 additions & 0 deletions app/oe/enclave/enc.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
// Copyright (c) Open Enclave SDK contributors.
// Licensed under the MIT License.

#include <stdio.h>

// Include the trusted helloworld header that is generated
// during the build. This file is generated by calling the
// sdk tool oeedger8r against the helloworld.edl file.
#include "helloworld_t.h"

// This is the function that the host calls. It prints
// a message in the enclave before calling back out to
// the host to print a message from there too.
void enclave_helloworld()
{
// Print a message from the enclave. Note that this
// does not directly call fprintf, but calls into the
// host and calls fprintf from there. This is because
// the fprintf function is not part of the enclave
// as it requires support from the kernel.
fprintf(stdout, "Hello world from the enclave\n");

// Call back into the host
oe_result_t result = host_helloworld();
if (result != OE_OK)
{
fprintf(
stderr,
"Call to host_helloworld failed: result=%u (%s)\n",
result,
oe_result_str(result));
}
}
10 changes: 10 additions & 0 deletions app/oe/enclave/helloworld.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Copyright (c) Open Enclave SDK contributors.
# Licensed under the MIT License.

# Enclave settings:
Debug=1
NumHeapPages=1024
NumStackPages=1024
NumTCS=1
ProductID=1
SecurityVersion=1
17 changes: 17 additions & 0 deletions app/oe/helloworld.edl
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
// Copyright (c) Open Enclave SDK contributors.
// Licensed under the MIT License.

enclave {
from "openenclave/edl/syscall.edl" import *;
from "platform.edl" import *;

trusted {
public void enclave_helloworld();
};

untrusted {
void host_helloworld();
};
};


23 changes: 23 additions & 0 deletions app/oe/host/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Copyright (c) Open Enclave SDK contributors.
# Licensed under the MIT License.

include ../config.mk

LIBSGXSTEP_DIR=../../../
LIBSGXSTEP=$(LIBSGXSTEP_DIR)/libsgxstep

CFLAGS=$(shell pkg-config oehost-$(COMPILER) --cflags) -I$(LIBSGXSTEP_DIR)
LDFLAGS=$(shell pkg-config oehost-$(COMPILER) --libs) -lsgx-step -pthread -L$(LIBSGXSTEP) -lelf
INCDIR=$(shell pkg-config oehost-$(COMPILER) --variable=includedir)

build:
@ echo "Compilers used: $(CC), $(CXX)"
oeedger8r ../helloworld.edl --untrusted \
--search-path $(INCDIR) \
--search-path $(INCDIR)/openenclave/edl/sgx
$(CC) -g -c $(CFLAGS) host.c
$(CC) -g -c $(CFLAGS) helloworld_u.c
$(CC) -o helloworld_host helloworld_u.o host.o $(LDFLAGS)

clean:
rm -f helloworld_host host.o helloworld_u.o helloworld_u.c helloworld_u.h helloworld_args.h
99 changes: 99 additions & 0 deletions app/oe/host/host.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
// Copyright (c) Open Enclave SDK contributors.
// Licensed under the MIT License.

#include <openenclave/host.h>
#include <stdio.h>

// Include the untrusted helloworld header that is generated
// during the build. This file is generated by calling the
// sdk tool oeedger8r against the helloworld.edl file.
#include "helloworld_u.h"

#include "libsgxstep/debug.h"
#include "libsgxstep/enclave.h"

void aep_cb_func(void)
{
uint64_t erip = edbgrd_erip() - (uint64_t)get_enclave_base();
info("^^ enclave RIP=%#lx", erip);
}

bool check_simulate_opt(int* argc, const char* argv[])
{
for (int i = 0; i < *argc; i++)
{
if (strcmp(argv[i], "--simulate") == 0)
{
fprintf(stdout, "Running in simulation mode\n");
memmove(&argv[i], &argv[i + 1], (*argc - i) * sizeof(char*));
(*argc)--;
return true;
}
}
return false;
}

// This is the function that the enclave will call back into to
// print a message.
void host_helloworld()
{
fprintf(stdout, "Enclave called into host to print: Hello World!\n");
}

int main(int argc, const char* argv[])
{
oe_result_t result;
int ret = 1;
oe_enclave_t* enclave = NULL;

uint32_t flags = OE_ENCLAVE_FLAG_DEBUG;
if (check_simulate_opt(&argc, argv))
{
flags |= OE_ENCLAVE_FLAG_SIMULATE;
}

if (argc != 2)
{
fprintf(
stderr, "Usage: %s enclave_image_path [ --simulate ]\n", argv[0]);
goto exit;
}

// Create the enclave
result = oe_create_helloworld_enclave(
argv[1], OE_ENCLAVE_TYPE_AUTO, flags, NULL, 0, &enclave);
if (result != OE_OK)
{
fprintf(
stderr,
"oe_create_helloworld_enclave(): result=%u (%s)\n",
result,
oe_result_str(result));
goto exit;
}

// SGX-Step stuff
register_aep_cb(aep_cb_func);
print_enclave_info();

// Call into the enclave
result = enclave_helloworld(enclave);
if (result != OE_OK)
{
fprintf(
stderr,
"calling into enclave_helloworld failed: result=%u (%s)\n",
result,
oe_result_str(result));
goto exit;
}

ret = 0;

exit:
// Clean up the enclave if we created one
if (enclave)
oe_terminate_enclave(enclave);

return ret;
}
83 changes: 83 additions & 0 deletions sdk/oe/0001-Minimal-SGX-Step-bindings.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
From 2cacff71c210c469a424110510a0c3a5f3561ef2 Mon Sep 17 00:00:00 2001
From: Jo Van Bulck <[email protected]>
Date: Wed, 15 Jan 2025 13:40:17 +0000
Subject: [PATCH] Minimal SGX-Step bindings

Signed-off-by: Jo Van Bulck <[email protected]>
---
host/sgx/asmdefs.h | 2 +-
host/sgx/calls.c | 20 ++++++++++++++++++++
include/openenclave/host.h | 6 ++++++
3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/host/sgx/asmdefs.h b/host/sgx/asmdefs.h
index 4b78e1989..9332f9c2b 100644
--- a/host/sgx/asmdefs.h
+++ b/host/sgx/asmdefs.h
@@ -35,7 +35,7 @@ oe_result_t oe_enter(
uint64_t* arg4,
oe_enclave_t* enclave);

-extern const uint64_t OE_AEP_ADDRESS;
+extern uint64_t OE_AEP_ADDRESS;
#endif

#if !defined(__ASSEMBLER__) && (_WIN32)
diff --git a/host/sgx/calls.c b/host/sgx/calls.c
index eed0c4dcf..66bfb3cc5 100644
--- a/host/sgx/calls.c
+++ b/host/sgx/calls.c
@@ -578,6 +578,25 @@ static void _release_tcs(oe_enclave_t* enclave, void* tcs)
oe_mutex_unlock(&enclave->lock);
}

+/* minimal SGX-Step bindings */
+
+void* __oe_last_tcs;
+
+void* sgx_get_aep(void)
+{
+ return (void*) OE_AEP_ADDRESS;
+}
+
+void sgx_set_aep(void* aep)
+{
+ OE_AEP_ADDRESS = (uint64_t) aep;
+}
+
+void *sgx_get_tcs(void)
+{
+ return __oe_last_tcs;
+}
+
/*
**==============================================================================
**
@@ -608,6 +627,7 @@ oe_result_t oe_ecall(
/* Assign a oe_sgx_td_t for this operation */
if (!(tcs = _assign_tcs(enclave)))
OE_RAISE(OE_OUT_OF_THREADS);
+ __oe_last_tcs = tcs;

oe_log(
OE_LOG_LEVEL_VERBOSE,
diff --git a/include/openenclave/host.h b/include/openenclave/host.h
index d0f279ec5..864b4b7f5 100644
--- a/include/openenclave/host.h
+++ b/include/openenclave/host.h
@@ -231,6 +231,12 @@ oe_result_t oe_create_enclave(
uint32_t ecall_count,
oe_enclave_t** enclave);

+
+/* minimal SGX-Step bindings */
+void* sgx_get_aep(void);
+void sgx_set_aep(void* aep);
+void *sgx_get_tcs(void);
+
/**
* Terminate an enclave and reclaims its resources.
*
--
2.43.0

Loading

0 comments on commit e2eb79b

Please sign in to comment.