-
Notifications
You must be signed in to change notification settings - Fork 2
Usage
Weijie Liu edited this page Nov 6, 2020
·
1 revision
- Make sure the SGXSDK version is 2.5 or later.
- In case the current directory structure of SGXSDK changes, you can use the forked 2.6 version (intact) from my Github.
git clone https://github.com/StanPlatinum/linux-sgx.git
- Please refer to https://github.com/intel/linux-sgx and https://github.com/intel/linux-sgx-driver for more details.
- We use the libelf from the elfutils (https://sourceware.org/elfutils/). By default it will generate a static library.
git clone https://github.com/StanPlatinum/elfutils4sgx.git
cd elfutils4sgx/elfutils-0.176
autoheader
aclocal -I m4
autoconf
automake -a -c
./configure
make
- Capstone can be cloned at https://github.com/aquynh/capstone. But it is suggested that users can build capstone using our modified version. Capstone by default will generate a static library (capstone.a). To reduce program size, you can configure capstone to only build x86 instruction decoding support.
git clone https://github.com/StanPlatinum/capstone.git
cd capstone
mkdir build
mkdir install-x86
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=../install-x86 -DCAPSTONE_ARCHITECTURE_DEFAULT=OFF -DCAPSTONE_X86_SUPPORT=1
make
- Libz is typically already installed in system directory. In case libz.a is not installed, it can be generated by compiling from source (https://zlib.net/).
- To use the prototype, users should first know we have provided a code generator (using LLVM and some linking scripts) and a code execution environment (using Intel SGX).
- Then users should prepare a crafted source code (in C) for proof generation using our compiler toolset.
- The entry function is
void enclave_main(). - The return of an enclave should be
enclave_exit();.
git clone https://github.com/StanPlatinum/proofGen.git
cd proofGen
mkdir build && cd build
cmake -DLLVM_ENABLE_PROJECTS=clang -DLLVM_TARGETS_TO_BUILD="X86" -G "Unix Makefiles" ../llvm
make
- Please modify $(CC) in
dynamic-loader-checker/target-program/Makefileto where the our compiler is cloned.
- The general way to generate a relocatable binary with proof is to the following commands:
cd dynamic-loader-checker/target-program/
make
- Then the
programand theentryLabel.txtwill be generated and copied to the dirdynamic-loader-checker
- To get your prepared binary checked and run, you should build the SGX dynamic-loader-check first.
cd ..
cp elfutils4sgx/elfutils-0.176/libelf/libelf.a Enclave/TrustedLib
cp capstone/install-x86/lib/libcapstone.a Enclave/TrustedLib
cp /usr/lib/x86_64-linux-gnu/libz.a Enclave/TrustedLib
- Please note that at this time some necessary libs have been copied into the dir Enclave/TrustedLib.
cd dynamic-loader-checker
vi Makefile
- Please modify $(SGX_SRC_PATH) to where the SGXSDK is installed.
- And set
$(ELFUTILS_PATH) and $ (CAPSTONE_PATH) to where the elfutils and capstone have been installed respectively.
make
./app
*You can totally use our toolset to evaluate any other C/C++ programs.
- Firstly, modify your program. You can refer to here. And put your target unmodified program $(TARGET_NAME).c(.cpp) in
ShadowStackCFI/. - Secondly, according to the Readme in ShadowStackCFI/, follow the instructions to generate a directory whose name is
$(TARGET_NAME), which includes 5 files in the directory. Copy the dir $ (TARGET_NAME) todynamic-loader-checker/target-program/. Runmakeindynamic-loader-checker/target-program/to generate theprogramindynamic-loader-checker/. - Thirdly, run
makeindynamic-loader-checker/to generate the SGX app that can provide your service. Simply run./appto get what you want. If your code has data leakage behaviors, the SGX app would failed.
*To re-generate the program, please do make clean in both dynamic-loader-checker/target-program/ and dynamic-loader-checker/ directories.
Using RA:
cd sgx-ra/
./bootstrap
./configure --with-openssldir=/opt/openssl/1.1.0i
make
./run-client
./run-server