enclave: divide source and header files into inside and outside enclave

faasm · Feb 15, 2022 · 7d8d993 · 7d8d993
1 parent edf637c
commit 7d8d993
Show file tree

Hide file tree

Showing 36 changed files with 282 additions and 265 deletions.
diff --git a/include/enclave/crypto/encryption.h → include/enclave/inside/crypto/encryption.h b/include/enclave/crypto/encryption.h → include/enclave/inside/crypto/encryption.h
@@ -1,7 +1,7 @@
 #pragma once
 
-#include <enclave/crypto/types.h>
 #include <enclave/error.h>
+#include <enclave/inside/crypto/types.h>
 
 #include <sgx_tcrypto.h>
 #include <sgx_trts.h>

diff --git a/include/enclave/crypto/hash.h → include/enclave/inside/crypto/hash.h b/include/enclave/crypto/hash.h → include/enclave/inside/crypto/hash.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <enclave/crypto/types.h>
+#include <enclave/inside/crypto/types.h>
 
 #include <sgx_tcrypto.h>
 

diff --git a/include/enclave/crypto/types.h → include/enclave/inside/crypto/types.h b/include/enclave/crypto/types.h → include/enclave/inside/crypto/types.h
diff --git a/include/enclave/enclave_config.h → include/enclave/inside/enclave_config.h b/include/enclave/enclave_config.h → include/enclave/inside/enclave_config.h
diff --git a/include/enclave/enclave_types.h → include/enclave/inside/enclave_types.h b/include/enclave/enclave_types.h → include/enclave/inside/enclave_types.h
diff --git a/include/enclave/native.h → include/enclave/inside/native.h b/include/enclave/native.h → include/enclave/inside/native.h
@@ -1,7 +1,7 @@
 #pragma once
 
 #include <enclave/error.h>
-#include <enclave/ocalls.h>
+#include <enclave/inside/ocalls.h>
 
 #include <iwasm/aot/aot_runtime.h>
 #include <iwasm/common/wasm_exec_env.h>

diff --git a/include/enclave/ocalls.h → include/enclave/inside/ocalls.h b/include/enclave/ocalls.h → include/enclave/inside/ocalls.h
diff --git a/include/enclave/rw_lock.h → include/enclave/inside/rw_lock.h b/include/enclave/rw_lock.h → include/enclave/inside/rw_lock.h
diff --git a/include/enclave/SGXWAMRWasmModule.h → include/enclave/outside/SGXWAMRWasmModule.h b/include/enclave/SGXWAMRWasmModule.h → include/enclave/outside/SGXWAMRWasmModule.h
diff --git a/include/enclave/system.h → include/enclave/outside/system.h b/include/enclave/system.h → include/enclave/outside/system.h
diff --git a/src/enclave/CMakeLists.txt b/src/enclave/CMakeLists.txt
@@ -1,5 +1,5 @@
 # --------------------------------------------------------
-# General SGX Config and Checks
+# SGX Config and Checks Shared Between Trusted/Untrusted Builds
 # --------------------------------------------------------
 
 # SGX configuration
@@ -28,53 +28,22 @@ set(CMAKE_ASM_NASM_COMPILE_OBJECT
 )
 
 # --------------------------------------------------------
-# SGX Compilation Flags
+# Global SGX Compilation Flags
 # --------------------------------------------------------
 
 set(SGX_C_GLOBAL_FLAGS -m64)
 
 if(CMAKE_BUILD_TYPE EQUAL "Debug")
     set(SGX_C_GLOBAL_FLAGS ${SGX_C_GLOBAL_FLAGS} -O0 -g)
 
-    set(ENCLAVE_UNTRUSTED_C_FLAGS
-        ${SGX_C_GLOBAL_FLAGS}
-        -fPIC
-        -Wno-attributes
-        -DDEBUG
-        -UNDEBUG
-        -UEDEBUG
-    )
-
     add_definitions(-DFAASM_SGX_DEBUG)
 else()
     set(SGX_C_GLOBAL_FLAGS ${SGX_C_GLOBAL_FLAGS} -O2)
-
-    set(ENCLAVE_UNTRUSTED_C_FLAGS
-        ${SGX_C_GLOBAL_FLAGS}
-        -fPIC
-        -Wno-attributes
-    )
 endif()
 
-# Note - these are the same in debug/ non-debug mode
-set(ENCLAVE_TRUSTED_C_FLAGS
-    ${SGX_C_GLOBAL_FLAGS}
-    -nostdinc
-    -fvisibility=hidden
-    -fpie
-    -ffunction-sections
-    -fdata-sections
-    -fstack-protector-strong
-)
-
-set(ENCLAVE_TRSUTED_CXX_FLAGS
-    -Wnon-virtual-dtor
-    -std=c++11
-    -nostdinc++
-)
 
 # --------------------------------------------------------
-# WAMR Build
+# WAMR Build Common For Trusted and Untrusted
 #
 # 28/06/2021 - To build WAMR inside SGX, we follow the provided example:
 # https://github.com/bytecodealliance/wasm-micro-runtime/blob/main/product-mini/platforms/linux-sgx/CMakeLists.txt
@@ -131,207 +100,10 @@ target_compile_options(wamrlib_untrusted PRIVATE
 # --------------------------------------------------------
 # Trusted Enclave Library
 # --------------------------------------------------------
-
-set(ENCLAVE_HEADERS
-    ${FAASM_INCLUDE_DIR}/enclave/enclave_config.h
-    ${FAASM_INCLUDE_DIR}/enclave/enclave_types.h
-    ${FAASM_INCLUDE_DIR}/enclave/error.h
-    ${FAASM_INCLUDE_DIR}/enclave/native.h
-    ${FAASM_INCLUDE_DIR}/enclave/ocalls.h
-    ${FAASM_INCLUDE_DIR}/enclave/rw_lock.h
-    ${FAASM_INCLUDE_DIR}/enclave/SGXWAMRWasmModule.h
-    ${FAASM_INCLUDE_DIR}/enclave/system.h
-)
-
-# SGX WAMR enclave library
-set(ENCLAVE_TRUSTED_SRC
-    checks.cpp
-    enclave.cpp
-    env.cpp
-    filesystem.cpp
-    funcs.cpp
-    memory.cpp
-    native.cpp
-    pthread.cpp
-    rw_lock.cpp
-    state.cpp
-    ${ENCLAVE_HEADERS}
-)
-
-add_library(enclave_trusted SHARED "${ENCLAVE_TRUSTED_SRC}")
-
-target_include_directories(enclave_trusted PRIVATE
-    ${SGX_SDK_PATH}/include
-    ${SGX_SDK_PATH}/include/tlibc
-    ${SGX_SDK_PATH}/include/libcxx
-    ${WAMR_ROOT_DIR}/core
-    ${WAMR_ROOT_DIR}/core/shared/utils
-    ${WAMR_ROOT_DIR}/core/shared/platform/linux-sgx
-)
-
-set_target_properties(enclave_trusted PROPERTIES PREFIX "")
-
-target_compile_options(enclave_trusted PRIVATE
-    ${ENCLAVE_TRUSTED_C_FLAGS}
-    ${ENCLAVE_TRUSTED_CXX_FLAGS}
-)
-
-target_link_directories(enclave_trusted PRIVATE ${SGX_SDK_LIB_PATH})
-target_link_options(enclave_trusted PRIVATE
-    ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_EDL_FILENAME}_t.o
-    ${SGX_C_GLOBAL_FLAGS}
-    -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles
-    -Bstatic -Bsymbolic
-    -Wl,-pie,-eenclave_entry
-    -Wl,--export-dynamic
-    -Wl,--defsym,__ImageBase=0
-    -Wl,--gc-sections
-    -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/enclave.lds
-)
-
-if(FAASM_SGX_SIM_MODE)
-    set(SGX_TRUSTED_RUNTIME_LIB ${SGX_SDK_LIB_PATH}/libsgx_trts_sim.a)
-    set(SGX_SERVICE_LIB ${SGX_SDK_LIB_PATH}/libsgx_tservice_sim.a)
-else()
-    set(SGX_TRUSTED_RUNTIME_LIB ${SGX_SDK_LIB_PATH}/libsgx_trts.a)
-    set(SGX_SERVICE_LIB ${SGX_SDK_LIB_PATH}/libsgx_tservice.a)
-endif()
-
-# Enclave trusted crypto
-add_subdirectory(crypto)
-
-# Common libraries
-target_link_libraries(enclave_trusted
-    faasm::common_deps
-    -Wl,--whole-archive
-    ${SGX_TRUSTED_RUNTIME_LIB}
-    -Wl,--no-whole-archive
-    -Wl,--start-group
-    ${SGX_SDK_LIB_PATH}/libsgx_pthread.a
-    ${SGX_SDK_LIB_PATH}/libsgx_tstdc.a
-    ${SGX_SDK_LIB_PATH}/libsgx_tcxx.a
-    ${SGX_SDK_LIB_PATH}/libsgx_tcrypto.a
-    ${SGX_SERVICE_LIB}
-    enclave_trusted_crypto
-    wamrlib_trusted
-    -Wl,--end-group
-)
+add_subdirectory(inside)
 
 # --------------------------------------------------------
 # Untrusted Enclave Library
 # --------------------------------------------------------
+add_subdirectory(outside)
 
-set(ENCLAVE_UNTRUSTED_HEADERS
-    ${FAASM_INCLUDE_DIR}/enclave/error.h
-    ${FAASM_INCLUDE_DIR}/enclave/system.h
-    ${FAASM_INCLUDE_DIR}/enclave/SGXWAMRWasmModule.h
-)
-
-set(ENCLAVE_UNTRUSTED_ASM_SRC
-    SGXWAMRWasmModule.S
-)
-
-set_source_files_properties(${ENCLAVE_UNTRUSTED_ASM_SRC}
-    PROPERTIES LANGUAGE ASM_NASM
-)
-
-set(ENCLAVE_UNTRUSTED_SRC
-    ocalls.cpp
-    rw_lock.cpp
-    SGXWAMRWasmModule.cpp
-    system.cpp
-)
-
-add_library(enclave_untrusted STATIC
-    ${ENCLAVE_UNTRUSTED_HEADERS}
-    ${ENCLAVE_UNTRUSTED_SRC}
-    ${ENCLAVE_UNTRUSTED_ASM_SRC}
-)
-
-target_include_directories(enclave_untrusted PUBLIC ${SGX_SDK_PATH}/include)
-
-target_compile_options(enclave_untrusted PRIVATE
-    ${ENCLAVE_UNTRUSTED_C_FLAGS}
-    -std=c++11
-    -ffunction-sections
-    -fdata-sections
-)
-
-add_dependencies(enclave_untrusted enclave_trusted)
-
-target_link_directories(enclave_untrusted INTERFACE ${SGX_SDK_LIB_PATH})
-
-target_link_options(enclave_untrusted PUBLIC
-    ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_EDL_FILENAME}_u.o
-    -Wl,--gc-sections
-)
-
-if(FAASM_SGX_SIM_MODE)
-    set(SGX_UNTRUSTED_RUNTIME_LIB ${SGX_SDK_LIB_PATH}/libsgx_urts_sim.so)
-    set(SGX_UAE_SERVICE_LIB ${SGX_SDK_LIB_PATH}/libsgx_uae_service_sim.so)
-else()
-    set(SGX_UNTRUSTED_RUNTIME_LIB ${SGX_SDK_LIB_PATH}/libsgx_urts.so)
-    set(SGX_UAE_SERVICE_LIB ${SGX_SDK_LIB_PATH}/libsgx_uae_service.so)
-endif()
-
-target_link_libraries(enclave_untrusted
-    faasm::common_deps
-    ${SGX_UNTRUSTED_RUNTIME_LIB}
-    ${SGX_UAE_SERVICE_LIB}
-    Threads::Threads
-    wamrlib_untrusted
-    wasm
-)
-
-add_library(faasm::enclave ALIAS enclave_untrusted)
-
-# --------------------------------------------------------
-# Trusted Enclave Build + Signature
-# --------------------------------------------------------
-
-add_custom_command(TARGET enclave_trusted
-    PRE_BUILD COMMAND ${SGX_SDK_ENCLAVE_EDGER8R}
-    --trusted ${ENCLAVE_EDL_FILENAME}.edl
-    --search-path ${FAASM_SOURCE_DIR}/enclave
-    --search-path ${SGX_SDK_PATH}/include
-    --search-path ${WAMR_SHARED_DIR}/platform/linux-sgx/
-)
-
-add_custom_command(TARGET enclave_trusted
-    PRE_BUILD COMMAND gcc
-    ${ENCLAVE_TRUSTED_C_FLAGS}
-    -I${SGX_SDK_PATH}/include
-    -I${SGX_SDK_PATH}/include/tlibc
-    -c ${ENCLAVE_EDL_FILENAME}_t.c
-    -o ${ENCLAVE_EDL_FILENAME}_t.o
-)
-
-# TODO - sign with an actual key
-add_custom_command(TARGET enclave_trusted
-    POST_BUILD COMMAND
-    ${SGX_SDK_ENCLAVE_SIGNER} sign
-    -key ${CMAKE_CURRENT_SOURCE_DIR}/enclave.pem
-    -enclave ${CMAKE_BINARY_DIR}/lib/enclave_trusted.so
-    -out ${ENCLAVE_PATH}
-    -config ${CMAKE_CURRENT_SOURCE_DIR}/enclave.config
-)
-
-# --------------------------------------------------------
-# Unrusted Enclave Build + Signature
-# --------------------------------------------------------
-
-add_custom_command(TARGET enclave_untrusted
-    PRE_BUILD COMMAND ${SGX_SDK_ENCLAVE_EDGER8R}
-    --untrusted ${ENCLAVE_EDL_FILENAME}.edl
-    --search-path ${FAASM_SOURCE_DIR}/enclave
-    --search-path ${SGX_SDK_PATH}/include
-    --search-path ${WAMR_SHARED_DIR}/platform/linux-sgx/
-)
-
-add_custom_command(TARGET enclave_untrusted
-    PRE_BUILD COMMAND gcc
-    ${ENCLAVE_UNTRUSTED_C_FLAGS}
-    -I${SGX_SDK_PATH}/include
-    -c ${ENCLAVE_EDL_FILENAME}_u.c
-    -o ${ENCLAVE_EDL_FILENAME}_u.o
-)