summary refs log tree commit diff
path: root/pkgs/os-specific/linux/sgx/sdk
diff options
context:
space:
mode:
authorVincent Haupert <mail@vincent-haupert.de>2021-12-13 15:23:42 +0100
committerVincent Haupert <mail@vincent-haupert.de>2021-12-15 13:09:18 +0100
commit4f7f8d0b2dce31038d1fde0d5d8321e68f16e0c6 (patch)
tree29add0cfe033a9eea0a71fa18058d1afea122b36 /pkgs/os-specific/linux/sgx/sdk
parentbedca751c562675ce1ad6c73db2a2278e974611d (diff)
downloadnixpkgs-4f7f8d0b2dce31038d1fde0d5d8321e68f16e0c6.tar
nixpkgs-4f7f8d0b2dce31038d1fde0d5d8321e68f16e0c6.tar.gz
nixpkgs-4f7f8d0b2dce31038d1fde0d5d8321e68f16e0c6.tar.bz2
nixpkgs-4f7f8d0b2dce31038d1fde0d5d8321e68f16e0c6.tar.lz
nixpkgs-4f7f8d0b2dce31038d1fde0d5d8321e68f16e0c6.tar.xz
nixpkgs-4f7f8d0b2dce31038d1fde0d5d8321e68f16e0c6.tar.zst
nixpkgs-4f7f8d0b2dce31038d1fde0d5d8321e68f16e0c6.zip
sgx-sdk, sgx-psw: 2.14 -> 2.15.1
Also add some of the new samples as tests. Disable parallel builds for
the samples as they don't seem to support it (fail randomly).
Diffstat (limited to 'pkgs/os-specific/linux/sgx/sdk')
-rw-r--r--pkgs/os-specific/linux/sgx/sdk/default.nix53
-rw-r--r--pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix22
-rw-r--r--pkgs/os-specific/linux/sgx/sdk/samples.nix8
3 files changed, 47 insertions, 36 deletions
diff --git a/pkgs/os-specific/linux/sgx/sdk/default.nix b/pkgs/os-specific/linux/sgx/sdk/default.nix
index e08511272af..18876f927e8 100644
--- a/pkgs/os-specific/linux/sgx/sdk/default.nix
+++ b/pkgs/os-specific/linux/sgx/sdk/default.nix
@@ -1,7 +1,8 @@
 { lib
 , stdenv
-, fetchzip
 , fetchFromGitHub
+, fetchpatch
+, fetchzip
 , callPackage
 , autoconf
 , automake
@@ -25,40 +26,33 @@
 }:
 stdenv.mkDerivation rec {
   pname = "sgx-sdk";
-  version = "2.14.100.2";
-
-  versionTag = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version));
+  # Version as given in se_version.h
+  version = "2.15.101.1";
+  # Version as used in the Git tag
+  versionTag = "2.15.1";
 
   src = fetchFromGitHub {
     owner = "intel";
     repo = "linux-sgx";
     rev = "sgx_${versionTag}";
-    hash = "sha256-D/QZWBUe1gRbbjWnV10b7IPoM3utefAsOEKnQuasIrM=";
+    hash = "sha256-e11COTR5eDPMB81aPRKatvIkAOeX+OZgnvn2utiv78M=";
     fetchSubmodules = true;
   };
 
-  postUnpack =
-    let
-      optlibName = "optimized_libs_${versionTag}.tar.gz";
-      optimizedLibs = fetchzip {
-        url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/${optlibName}";
-        hash = "sha256-FjNhNV9+KDMvBYdWXZbua6qYOc3Z1/jtcF4j52TSxQY=";
-        stripRoot = false;
-      };
-      sgxIPPCryptoHeader = "${optimizedLibs}/external/ippcp_internal/inc/sgx_ippcp.h";
-    in
-    ''
-      # Make sure this is the right version of linux-sgx
-      grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \
-        || (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)
-
-      # Make sure we use the correct version to build IPP Crypto
-      grep -q 'optlib_name=${optlibName}' "$src/download_prebuilt.sh" \
-        || (echo "Could not find expected optimized libs ${optlibName} in linux-sgx source" >&2 && exit 1)
+  postUnpack = ''
+    # Make sure this is the right version of linux-sgx
+    grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \
+      || (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)
+  '';
 
-      # Add missing sgx_ippcp.h: https://github.com/intel/linux-sgx/pull/752
-      ln -s ${sgxIPPCryptoHeader} "$sourceRoot/external/ippcp_internal/inc/sgx_ippcp.h"
-    '';
+  patches = [
+    # Commit to add missing sgx_ippcp.h not yet part of this release
+    (fetchpatch {
+      name = "add-missing-sgx_ippcp-header.patch";
+      url = "https://github.com/intel/linux-sgx/commit/51d1087b707a47e18588da7bae23e5f686d44be6.patch";
+      sha256 = "sha256-RZC14H1oEuGp0zn8CySDPy1KNqP/POqb+KMYoQt2A7M=";
+    })
+  ];
 
   postPatch = ''
     # https://github.com/intel/linux-sgx/pull/730
@@ -121,7 +115,7 @@ stdenv.mkDerivation rec {
 
       pushd 'external/ippcp_internal'
 
-      install ${ipp-crypto-no_mitigation}/include/* inc/
+      cp -r ${ipp-crypto-no_mitigation}/include/. inc/
 
       install -D -m a+rw ${ipp-crypto-no_mitigation}/lib/intel64/libippcp.a \
         lib/linux/intel64/no_mitigation/libippcp.a
@@ -131,7 +125,7 @@ stdenv.mkDerivation rec {
         lib/linux/intel64/cve_2020_0551_cf/libippcp.a
 
       rm inc/ippcp.h
-      patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp20u3.patch -o inc/ippcp.h
+      patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u3.patch -o inc/ippcp.h
 
       install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE
 
@@ -227,8 +221,7 @@ stdenv.mkDerivation rec {
       --replace '/opt/intel/sgxsdk' "$out"
     for file in $out/share/SampleCode/*/Makefile; do
       substituteInPlace $file \
-        --replace '/opt/intel/sgxsdk' "$out" \
-        --replace '$(SGX_SDK)/buildenv.mk' "$out/share/bin/buildenv.mk"
+        --replace '/opt/intel/sgxsdk' "$out"
     done
 
     header "Fixing BINUTILS_DIR in buildenv.mk"
diff --git a/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix b/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix
index ac5fd2ad1cc..85fcfc9c554 100644
--- a/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix
+++ b/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix
@@ -2,23 +2,35 @@
 , stdenv
 , fetchFromGitHub
 , cmake
-, python3
 , nasm
+, openssl
+, python3
 , extraCmakeFlags ? [ ]
 }:
 
 stdenv.mkDerivation rec {
   pname = "ipp-crypto";
-  version = "2020_update3";
+  version = "2021.3";
 
   src = fetchFromGitHub {
     owner = "intel";
     repo = "ipp-crypto";
-    rev = "ipp-crypto_${version}";
-    sha256 = "02vlda6mlhbd12ljzdf65klpx4kmx1ylch9w3yllsiya4hwqzy4b";
+    rev = "ippcp_${version}";
+    hash = "sha256-QEJXvQ//zhQqibFxXwPMdS1MHewgyb24LRmkycVSGrM=";
   };
 
+  # Fix typo: https://github.com/intel/ipp-crypto/pull/33
+  postPatch = ''
+    substituteInPlace sources/cmake/ippcp-gen-config.cmake \
+      --replace 'ippcpo-config.cmake' 'ippcp-config.cmake'
+  '';
+
   cmakeFlags = [ "-DARCH=intel64" ] ++ extraCmakeFlags;
 
-  nativeBuildInputs = [ cmake python3 nasm ];
+  nativeBuildInputs = [
+    cmake
+    nasm
+    openssl
+    python3
+  ];
 }
diff --git a/pkgs/os-specific/linux/sgx/sdk/samples.nix b/pkgs/os-specific/linux/sgx/sdk/samples.nix
index 82dbc24568e..21b31f82447 100644
--- a/pkgs/os-specific/linux/sgx/sdk/samples.nix
+++ b/pkgs/os-specific/linux/sgx/sdk/samples.nix
@@ -12,7 +12,11 @@ let
     buildInputs = [
       sgx-sdk
     ];
-    enableParallelBuilding = true;
+
+    # The samples don't have proper support for parallel building
+    # causing them to fail randomly.
+    enableParallelBuilding = false;
+
     buildFlags = [
       "SGX_MODE=SIM"
     ];
@@ -44,6 +48,7 @@ in
     # Requires interaction
     doInstallCheck = false;
   });
+  protobufSGXDemo = buildSample "ProtobufSGXDemo";
   remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: {
     dontFixup = true;
     installCheckPhase = ''
@@ -52,6 +57,7 @@ in
   });
   sampleEnclave = buildSample "SampleEnclave";
   sampleEnclavePCL = buildSample "SampleEnclavePCL";
+  sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP";
   sealUnseal = buildSample "SealUnseal";
   switchless = buildSample "Switchless";
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-29 05:51:28 +0000