This repository has been archived by the owner on Mar 31, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e03a9ea
commit aa2a35a
Showing
6 changed files
with
178 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
blender_dir/ | ||
blender.tar.xz | ||
run_dir/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
# assumes this makefile lies in cwd | ||
PWD := $(shell pwd) | ||
|
||
GRAPHENE_DIR = $(PWD)/../../../../.. | ||
|
||
BLENDER_DIR = $(PWD)/blender_dir | ||
BLENDER_URL ?= https://ftp.nluug.nl/pub/graphics/blender/release/Blender2.82/blender-2.82-linux64.tar.xz | ||
BLENDER_SHA256 ?= b13600fa2ca23ea1bba511e3a6599b6792acde80b180707c3ea75db592a9b916 | ||
BLENDER_VER = 2.82 | ||
|
||
DATA_DIR = $(PWD)/data | ||
RUN_DIR = $(PWD)/run_dir | ||
|
||
UBUNTU_VER = $(shell lsb_release --short --id)$(shell lsb_release --short --release) | ||
|
||
ifeq ($(UBUNTU_VER), Ubuntu18.04) | ||
else ifeq ($(UBUNTU_VER), Ubuntu16.04) | ||
else | ||
$(error This example requires Ubuntu 16.04 or 18.04) | ||
endif | ||
|
||
ifeq ($(DEBUG),1) | ||
GRAPHENE_DEBUG = inline | ||
else | ||
GRAPHENE_DEBUG = none | ||
endif | ||
|
||
|
||
.PHONY: all | ||
all: $(BLENDER_DIR)/blender $(RUN_DIR)/blender.manifest $(RUN_DIR)/pal_loader $(DATA_DIR)/images | ||
ifeq ($(SGX),1) | ||
all: $(RUN_DIR)/blender.manifest.sgx | ||
endif | ||
|
||
$(BLENDER_DIR)/blender: | ||
$(GRAPHENE_DIR)/Scripts/download --output blender.tar.xz \ | ||
--sha256 $(BLENDER_SHA256) --url $(BLENDER_URL) | ||
mkdir $(BLENDER_DIR) | ||
tar -C $(BLENDER_DIR) --strip-components=1 -xf blender.tar.xz | ||
|
||
$(RUN_DIR): | ||
mkdir -p $@ | ||
|
||
$(RUN_DIR)/blender.manifest: blender.manifest.template $(RUN_DIR) | ||
sed -e 's|$$(GRAPHENE_DIR)|'"$(GRAPHENE_DIR)"'|g' \ | ||
-e 's|$$(GRAPHENE_DEBUG)|'"$(GRAPHENE_DEBUG)"'|g' \ | ||
-e 's|$$(DATA_DIR)|'"$(DATA_DIR)"'|g' \ | ||
-e 's|$$(BLENDER_DIR)|'"$(BLENDER_DIR)"'|g' \ | ||
-e 's|$$(BLENDER_VER)|'"$(BLENDER_VER)"'|g' \ | ||
-e 's|# \['"$(UBUNTU_VER)"'\] ||g' \ | ||
$< > $@ | ||
|
||
$(RUN_DIR)/blender.manifest.sgx: $(BLENDER_DIR)/blender $(RUN_DIR)/blender.manifest $(GRAPHENE_DIR)/Runtime/libpal-Linux-SGX.so $(RUN_DIR) | ||
$(GRAPHENE_DIR)/Pal/src/host/Linux-SGX/signer/pal-sgx-sign \ | ||
-output $@ \ | ||
-libpal $(GRAPHENE_DIR)/Runtime/libpal-Linux-SGX.so \ | ||
-key $(GRAPHENE_DIR)/Pal/src/host/Linux-SGX/signer/enclave-key.pem \ | ||
-manifest $(RUN_DIR)/blender.manifest \ | ||
-exec $< | ||
$(GRAPHENE_DIR)/Pal/src/host/Linux-SGX/signer/pal-sgx-get-token \ | ||
-output $(RUN_DIR)/blender.token \ | ||
-sig $(RUN_DIR)/blender.sig | ||
|
||
$(RUN_DIR)/pal_loader: | ||
ln -s $(GRAPHENE_DIR)/Runtime/pal_loader $@ | ||
|
||
$(DATA_DIR)/images: | ||
mkdir -p $@ | ||
|
||
.PHONY: check | ||
check: all | ||
cd $(RUN_DIR) && DATA_DIR=$(DATA_DIR) sh $(PWD)/test_all_scenes.sh | ||
|
||
.PHONY: clean | ||
clean: | ||
$(RM) -r $(RUN_DIR) $(DATA_DIR)/images | ||
|
||
.PHONY: distclean | ||
distclean: clean | ||
$(RM) -r $(BLENDER_DIR) blender.tar.xz | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
# INSECURE!!! | ||
# These 3 lines are insecure by design and should never be used in production environments. | ||
# There is a lot of files that Blender uses (e.g. bundled Python) and listing them here would | ||
# be counter productive, as they may change between Blender releases and this is just a testing | ||
# manifest. | ||
# Additionally, Blender scenes could allow for code execution (e.g. via bundled scripts), so | ||
# running untrusted scenes should not be allowed. This can be achieved for example by adding scenes | ||
# to trusted files or uploading them to a running and attested enclave via secured connection. | ||
sgx.allowed_files.blender_dir = file:$(BLENDER_DIR)/$(BLENDER_VER)/ | ||
sgx.allowed_files.blender_input = file:$(DATA_DIR)/scenes/ | ||
sgx.allowed_files.blender_output = file:$(DATA_DIR)/images/ | ||
|
||
|
||
loader.exec = file:$(BLENDER_DIR)/blender | ||
loader.execname = blender | ||
|
||
loader.preload = file:$(GRAPHENE_DIR)/Runtime/libsysdb.so | ||
loader.debug_type = $(GRAPHENE_DEBUG) | ||
|
||
loader.env.LD_LIBRARY_PATH = /graphene_lib:/blender_lib:/usr/lib/x86_64-linux-gnu:/lib/x86_64-linux-gnu | ||
# Graphene implicitly copies host environment variables - overwriting troublesome one | ||
loader.env.PWD = | ||
|
||
fs.mount.graphene_lib.type = chroot | ||
fs.mount.graphene_lib.path = /graphene_lib | ||
fs.mount.graphene_lib.uri = file:$(GRAPHENE_DIR)/Runtime | ||
|
||
fs.mount.blender_lib.type = chroot | ||
fs.mount.blender_lib.path = /blender_lib | ||
fs.mount.blender_lib.uri = file:$(BLENDER_DIR)/lib | ||
|
||
fs.mount.usr_lib.type = chroot | ||
fs.mount.usr_lib.path = /usr/lib/x86_64-linux-gnu | ||
fs.mount.usr_lib.uri = file:/usr/lib/x86_64-linux-gnu | ||
|
||
fs.mount.lib.type = chroot | ||
fs.mount.lib.path = /lib/x86_64-linux-gnu | ||
fs.mount.lib.uri = file:/lib/x86_64-linux-gnu | ||
|
||
fs.mount.scenes.type = chroot | ||
fs.mount.scenes.path = /data | ||
fs.mount.scenes.uri = file:$(DATA_DIR) | ||
|
||
fs.mount.blender.type = chroot | ||
fs.mount.blender.path = /blender | ||
fs.mount.blender.uri = file:$(BLENDER_DIR) | ||
|
||
|
||
sys.stack.size = 8M | ||
|
||
|
||
sgx.enclave_size = 2048M | ||
sgx.thread_num = 28 | ||
|
||
|
||
sgx.trusted_files.ld = file:$(GRAPHENE_DIR)/Runtime/ld-linux-x86-64.so.2 | ||
sgx.trusted_files.libc = file:$(GRAPHENE_DIR)/Runtime/libc.so.6 | ||
sgx.trusted_files.libdl = file:$(GRAPHENE_DIR)/Runtime/libdl.so.2 | ||
sgx.trusted_files.libm = file:$(GRAPHENE_DIR)/Runtime/libm.so.6 | ||
sgx.trusted_files.libpthread = file:$(GRAPHENE_DIR)/Runtime/libpthread.so.0 | ||
sgx.trusted_files.libutil = file:$(GRAPHENE_DIR)/Runtime/libutil.so.1 | ||
sgx.trusted_files.librt = file:$(GRAPHENE_DIR)/Runtime/librt.so.1 | ||
|
||
sgx.trusted_files.libGL = file:$(BLENDER_DIR)/lib/libGL.so.1 | ||
sgx.trusted_files.libglapi = file:$(BLENDER_DIR)/lib/libglapi.so.0 | ||
|
||
sgx.trusted_files.libX11 = file:/usr/lib/x86_64-linux-gnu/libX11.so.6 | ||
sgx.trusted_files.libXi = file:/usr/lib/x86_64-linux-gnu/libXi.so.6 | ||
sgx.trusted_files.libXxf86vm = file:/usr/lib/x86_64-linux-gnu/libXxf86vm.so.1 | ||
sgx.trusted_files.libXfixes = file:/usr/lib/x86_64-linux-gnu/libXfixes.so.3 | ||
sgx.trusted_files.libXrender = file:/usr/lib/x86_64-linux-gnu/libXrender.so.1 | ||
sgx.trusted_files.libgcc_s = file:/lib/x86_64-linux-gnu/libgcc_s.so.1 | ||
sgx.trusted_files.libz = file:/lib/x86_64-linux-gnu/libz.so.1 | ||
sgx.trusted_files.libXext = file:/usr/lib/x86_64-linux-gnu/libXext.so.6 | ||
sgx.trusted_files.libxcb = file:/usr/lib/x86_64-linux-gnu/libxcb.so.1 | ||
sgx.trusted_files.libXau = file:/usr/lib/x86_64-linux-gnu/libXau.so.6 | ||
sgx.trusted_files.libXdmcp = file:/usr/lib/x86_64-linux-gnu/libXdmcp.so.6 | ||
sgx.trusted_files.libstdcpp = file:/usr/lib/x86_64-linux-gnu/libstdc++.so.6 | ||
sgx.trusted_files.libnuma = file:/usr/lib/x86_64-linux-gnu/libnuma.so.1 | ||
|
||
# Ubuntu version specific files | ||
# [Ubuntu18.04] sgx.trusted_files.libbsd = file:/lib/x86_64-linux-gnu/libbsd.so.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
images/ |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/sh | ||
|
||
set -e | ||
|
||
for i in `ls "$DATA_DIR"/scenes/`; | ||
do | ||
rm -f "$DATA_DIR"/images/"$i"0001.png | ||
./pal_loader ./blender.manifest -b /data/scenes/$i -t 4 -F PNG -o /data/images/$i -f 1 | ||
# TODO add a better test, probably some diff with a precomputed image | ||
[ -f "$DATA_DIR"/images/"$i"0001.png ] | ||
done |