Adding error messages for debug purposes

common/inc/sgx_error_messages.h

@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef _SGX_ERROR_MESSAGES_H_
+#define _SGX_ERROR_MESSAGES_H_
+
+#include "sgx_error.h"
+
+const char *sgx_create_enclave_err_msg(sgx_status_t err);
+
+#endif

linux/installer/common/sdk/BOMs/sdk_base.txt

@@ -10,6 +10,7 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/common/inc/sgx_lfence.h	<installdir>/package/include/./sgx_lfence.h	0	main	STP
 <deliverydir>/common/inc/sgx_eid.h	<installdir>/package/include/./sgx_eid.h	0	main	STP
 <deliverydir>/common/inc/sgx_error.h	<installdir>/package/include/./sgx_error.h	0	main	STP
+<deliverydir>/common/inc/sgx_error_messages.h	<installdir>/package/include/./sgx_error_messages.h	0	main	STP
 <deliverydir>/common/inc/sgx.h	<installdir>/package/include/./sgx.h	0	main	STP
 <deliverydir>/common/inc/sgx_intrin.h	<installdir>/package/include/./sgx_intrin.h	0	main	STP
 <deliverydir>/common/inc/sgx_key_exchange.h	<installdir>/package/include/./sgx_key_exchange.h	0	main	STP

linux/installer/common/sdk/BOMs/sdk_x64.txt

@@ -19,6 +19,7 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/build/linux/libsgx_uae_service_deploy.so	<installdir>/package/lib64/libsgx_uae_service.so	0	main	STP
 <deliverydir>/build/linux/libsgx_uae_service_sim.so	<installdir>/package/lib64/libsgx_uae_service_sim.so	0	main	STP
 <deliverydir>/build/linux/libsgx_ukey_exchange.a	<installdir>/package/lib64/libsgx_ukey_exchange.a	0	main	STP
+<deliverydir>/build/linux/libsgx_error_messages.a	<installdir>/package/lib64/libsgx_error_messages.a	0	main	STP
 <deliverydir>/build/linux/libsgx_capable.a	<installdir>/package/lib64/libsgx_capable.a	0	main	STP
 <deliverydir>/build/linux/libsgx_capable.so	<installdir>/package/lib64/libsgx_capable.so	0	main	STP
 <deliverydir>/build/linux/libsgx_uprotected_fs.a	<installdir>/package/lib64/libsgx_uprotected_fs.a	0	main	STP

linux/installer/common/sdk/BOMs/sdk_x86.txt

@@ -22,6 +22,7 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/build/linux/libsgx_tprotected_fs.a	<installdir>/package/lib/libsgx_tprotected_fs.a	0	main	STP
 <deliverydir>/build/linux/libsgx_urts_deploy.so	<installdir>/package/lib/libsgx_urts.so	0	main	STP
 <deliverydir>/build/linux/libsgx_urts_sim.so	<installdir>/package/lib/libsgx_urts_sim.so	0	main	STP
+<deliverydir>/build/linux/libsgx_error_messages.a	<installdir>/package/lib/libsgx_error_messages.a	0	main	STP
 <deliverydir>/build/linux/STLport_Changes_SGX.txt	<installdir>/package/lib/STLport_Changes_SGX.txt	0	main	STP
 <deliverydir>/build/linux/libc++_Changes_SGX.txt	<installdir>/package/lib/libc++_Changes_SGX.txt	0	main	STP
 <deliverydir>/build/linux/sgx_config_cpusvn	<installdir>/package/bin/x86/sgx_config_cpusvn	0	main	STP

sdk/Makefile.opt_lib

@@ -32,29 +32,30 @@
 # This Makefile will compile SDK to generate various components
 # including:
 #  - Trusted libraries
-#        - tstdc:         libsgx_tstdc.a
-#        - tstdcxx:       libsgx_tstdcxx.a
-#        - tcxx:          libsgx_tcxx.a
-#        - tservice:      libsgx_tservice.a
-#        - trts:          libsgx_trts.a
-#        - tcrypto:       libsgx_tcrypto.a
-#        - tkey_exchange: libsgx_tkey_exchange.a
-#        - tprotected_fs: libsgx_tprotected_fs.a
-#        - tcmalloc:      libsgx_tcmalloc.a
-#        - sgx_pcl:       libsgx_pcl.a
+#        - tstdc:          libsgx_tstdc.a
+#        - tstdcxx:        libsgx_tstdcxx.a
+#        - tcxx:           libsgx_tcxx.a
+#        - tservice:       libsgx_tservice.a
+#        - trts:           libsgx_trts.a
+#        - tcrypto:        libsgx_tcrypto.a
+#        - tkey_exchange:  libsgx_tkey_exchange.a
+#        - tprotected_fs:  libsgx_tprotected_fs.a
+#        - tcmalloc:       libsgx_tcmalloc.a
+#        - sgx_pcl:        libsgx_pcl.a
 #  - Untrtusted libraries
-#        - ukey_exchange: libsgx_ukey_exchange.a
-#        - uprotected_fs: libsgx_uprotected_fs.a
-#        - sample_crypto: libsample_crypto.so (for sample code use)
-#        - ptrace:        libsgx_ptrace.so, gdb-sgx-plugin
+#        - error_messages: libsgx_error_messages.a 
+#        - ukey_exchange:  libsgx_ukey_exchange.a
+#        - uprotected_fs:  libsgx_uprotected_fs.a
+#        - sample_crypto:  libsample_crypto.so (for sample code use)
+#        - ptrace:         libsgx_ptrace.so, gdb-sgx-plugin
 #  - Standalone, untrusted libraries
-#        - libcapable:    libsgx_capable.a libsgx_capable.so
+#        - libcapable:     libsgx_capable.a libsgx_capable.so
 #  - Tools
-#        - signtool:      sgx_sign
-#        - edger8r:       sgx_edger8r
-#        - sgx_encrypt:  sgx_encrypt
+#        - signtool:       sgx_sign
+#        - edger8r:        sgx_edger8r
+#        - sgx_encrypt:    sgx_encrypt
 #  - Simulation libraries and tools
-#        - simulation:    libsgx_trts_sim.a, libsgx_tservice_sim.a, libsgx_urts_sim.so, libsgx_uae_service_sim.so, sgx_config_cpusvn
+#        - simulation:     libsgx_trts_sim.a, libsgx_tservice_sim.a, libsgx_urts_sim.so, libsgx_uae_service_sim.so, sgx_config_cpusvn
 #
 include ../buildenv.mk
 
@@ -64,7 +65,7 @@ LIBTCXX    := $(BUILD_DIR)/libsgx_tcxx.a
 LIBTSE     := $(BUILD_DIR)/libsgx_tservice.a
 
 .PHONY: components
-components: tstdc tstdcxx tcxx tservice trts tcrypto tkey_exchange ukey_exchange tprotected_fs uprotected_fs ptrace sample_crypto libcapable simulation signtool edger8r tcmalloc sgx_pcl sgx_encrypt switchless
+components: tstdc tstdcxx tcxx tservice trts tcrypto tkey_exchange error_messages ukey_exchange tprotected_fs uprotected_fs ptrace sample_crypto libcapable simulation signtool edger8r tcmalloc sgx_pcl sgx_encrypt switchless
 
 # ---------------------------------------------------
 #  tstdc
@@ -224,6 +225,10 @@ sgx_pcl:
 # ---------------------------------------------------
 #  Untrusted libraries
 # ---------------------------------------------------
+.PHONY: error_messages
+error_messages:
+	$(MAKE) -C error_messages
+
 .PHONY: ukey_exchange
 ukey_exchange:
 	$(MAKE) -C ukey_exchange

sdk/error_messages/Makefile

@@ -0,0 +1,65 @@
+#
+# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#   * Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in
+#     the documentation and/or other materials provided with the
+#     distribution.
+#   * Neither the name of Intel Corporation nor the names of its
+#     contributors may be used to endorse or promote products derived
+#     from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+
+TOP_DIR  = ../..
+include $(TOP_DIR)/buildenv.mk
+
+CFLAGS   += -Werror
+CXXFLAGS += -Werror
+
+INCLUDE += -I$(COMMON_DIR)/inc
+
+CXXFLAGS += -fPIC -fno-exceptions -fno-rtti $(INCLUDE)
+CFLAGS += -fPIC $(INCLUDE)
+
+OBJ := sgx_error_messages.o
+
+LIBNAME := libsgx_error_messages.a
+
+.PHONY: all
+all: $(LIBNAME) | $(BUILD_DIR)
+	$(CP) $< $|
+
+$(LIBNAME): $(OBJ)
+	$(AR) rcsD $@ $^
+
+$(BUILD_DIR):
+	@$(MKDIR) $@
+
+.PHONY: clean
+clean:
+	@$(RM) $(OBJ)
+	@$(RM) $(LIBNAME) $(BUILD_DIR)/$(LIBNAME)
+
+.PHONY: rebuild
+rebuild:
+	$(MAKE) clean
+	$(MAKE) all

sdk/error_messages/sgx_error_messages.cpp

@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "sgx_error_messages.h"
+
+const char *sgx_create_enclave_err_msg(sgx_status_t err)
+{
+    switch (err) {
+      case SGX_SUCCESS:
+        return "The enclave was loaded and initialized successfully.";
+        break;
+      case SGX_ERROR_INVALID_ENCLAVE:
+        return "The enclave file is corrupted.";
+        break;
+      case SGX_ERROR_INVALID_PARAMETER:
+        return "The ‘enclave_id’, ‘updated’ or ‘token’ parameter is NULL.";
+        break;
+      case SGX_ERROR_OUT_OF_MEMORY:
+        return "Not enough memory available to complete sgx_create_enclave().";
+        break;
+      case SGX_ERROR_ENCLAVE_FILE_ACCESS:
+        return "The enclave file can’t be opened. It may be caused by enclave file not being found or no privilege to access the enclave file.";
+        break;
+      case SGX_ERROR_INVALID_METADATA:
+        return "The metadata embedded within the enclave image is corrupt or missing.";
+        break;
+      case SGX_ERROR_INVALID_VERSION:
+        return "The enclave metadata version (created by the signing tool) and the untrusted library version (uRTS) do not match.";
+        break;
+      case SGX_ERROR_INVALID_SIGNATURE:
+        return "The signature for the enclave is not valid.";
+        break;
+      case SGX_ERROR_OUT_OF_EPC:
+        return "The protected memory has run out. For example, a user is creating too many enclaves, the enclave requires too much memory, or we cannot load one of the Architecture Enclaves needed to complete this operation.";
+        break;
+      case SGX_ERROR_NO_DEVICE:
+        return "The Intel SGX device is not valid. This may be caused by the Intel SGX driver not being installed or the Intel SGX driver being disabled.";
+        break;
+      case SGX_ERROR_MEMORY_MAP_CONFLICT:
+        return "During enclave creation, there is a race condition for mapping memory between the loader and another thread. The loader may fail to map virtual address. If this errorcode is encountered, create the enclave again.";
+        break;
+      case SGX_ERROR_DEVICE_BUSY:
+        return "The Intel SGX driver or low level system is busy when creating the enclave. If this error code is encountered, we suggest creating the enclave again.";
+        break;
+      case SGX_ERROR_MODE_INCOMPATIBLE:
+        return "The target enclave mode is incompatible with the mode of the current RTS. For example, a 64-bit application tries to load a 32-bit enclave or a simulation uRTS tries to load a hardware enclave.";
+        break;
+      case SGX_ERROR_SERVICE_UNAVAILABLE:
+        return "sgx_create_enclave() needs the AE service to get a launch token. If the service is not available, the enclave may not be launched.";
+        break;
+      case SGX_ERROR_SERVICE_TIMEOUT:
+        return "The request to the AE service timed out.";
+        break;
+      case SGX_ERROR_SERVICE_INVALID_PRIVILEGE:
+        return "The request requires some special attributes for the enclave, but is not privileged.";
+        break;
+      case SGX_ERROR_NDEBUG_ENCLAVE:
+        return "The enclave is signed as a product enclave and cannot be created as a debuggable enclave.";
+        break;
+      case SGX_ERROR_UNDEFINED_SYMBOL:
+        return "The enclave contains an undefined symbol. The signing tool should typically report this type of error when the enclave is built.";
+        break;
+      case SGX_ERROR_INVALID_MISC:
+        return "The MiscSelct/MiscMask settings are not correct.";
+        break;
+      case SGX_ERROR_PCL_ENCRYPTED:
+        return "PCL is not set in the input parameters, sgx_create_enclave is called, but the enclave is encrypted. PCL is set in the input parameters, while the enclave is not encrypted.";
+        break;
+      default:
+        return "Unexpected error is detected.";
+    }
+}