From 72e1e3177364cab322746760738350301eb64788 Mon Sep 17 00:00:00 2001
From: oxalica <oxalicc@pm.me>
Date: Thu, 1 Apr 2021 07:33:38 +0800
Subject: linuxPackages.isgx: init at 2.11 (#109013)

* linuxPackages.isgx: init at 2.11

* isgx: simplify

* isgx: fix meta and mark as broken for kernel >= 5.11.0
---
 pkgs/os-specific/linux/isgx/default.nix | 53 +++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 pkgs/os-specific/linux/isgx/default.nix

(limited to 'pkgs/os-specific/linux/isgx/default.nix')

diff --git a/pkgs/os-specific/linux/isgx/default.nix b/pkgs/os-specific/linux/isgx/default.nix
new file mode 100644
index 00000000000..1806916b14d
--- /dev/null
+++ b/pkgs/os-specific/linux/isgx/default.nix
@@ -0,0 +1,53 @@
+{ stdenv, lib, fetchFromGitHub, fetchpatch, kernel, kernelAtLeast }:
+
+stdenv.mkDerivation rec {
+  name = "isgx-${version}-${kernel.version}";
+  version = "2.11";
+
+  src = fetchFromGitHub {
+    owner = "intel";
+    repo = "linux-sgx-driver";
+    rev = "sgx_driver_${version}";
+    hash = "sha256-zZ0FgCx63LCNmvQ909O27v/o4+93gefhgEE/oDr/bHw=";
+  };
+
+  patches = [
+    # Fixes build with kernel >= 5.8
+    (fetchpatch {
+      url = "https://github.com/intel/linux-sgx-driver/commit/276c5c6a064d22358542f5e0aa96b1c0ace5d695.patch";
+      sha256 = "sha256-PmchqYENIbnJ51G/tkdap/g20LUrJEoQ4rDtqy6hj24=";
+    })
+  ];
+
+  hardeningDisable = [ "pic" ];
+
+  nativeBuildInputs = kernel.moduleBuildDependencies;
+
+  makeFlags = [
+    "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+  ];
+
+  installPhase = ''
+    runHook preInstall
+    install -D isgx.ko -t $out/lib/modules/${kernel.modDirVersion}/kernel/drivers/intel/sgx
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Intel SGX Linux Driver";
+    longDescription = ''
+      The linux-sgx-driver project (isgx) hosts an out-of-tree driver
+      for the Linux* Intel(R) SGX software stack, which would be used
+      until the driver upstreaming process is complete (before 5.11.0).
+
+      It is used to support Enhanced Privacy Identification (EPID)
+      based attestation on the platforms without Flexible Launch Control.
+    '';
+    homepage = "https://github.com/intel/linux-sgx-driver";
+    license = with licenses; [ bsd3 /* OR */ gpl2Only ];
+    maintainers = with maintainers; [ oxalica ];
+    platforms = platforms.linux;
+    # The driver is already in kernel >= 5.11.0.
+    broken = kernelAtLeast "5.11.0";
+  };
+}
-- 
cgit 1.4.1


From 7745b7a9d1c1aea593c45d2645ebe8f27baf9f1d Mon Sep 17 00:00:00 2001
From: Jörg Thalheim <joerg@thalheim.io>
Date: Wed, 21 Apr 2021 06:03:35 +0200
Subject: isgx: fix support for 5.11

---
 pkgs/os-specific/linux/isgx/default.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'pkgs/os-specific/linux/isgx/default.nix')

diff --git a/pkgs/os-specific/linux/isgx/default.nix b/pkgs/os-specific/linux/isgx/default.nix
index 1806916b14d..5963d8a0e4f 100644
--- a/pkgs/os-specific/linux/isgx/default.nix
+++ b/pkgs/os-specific/linux/isgx/default.nix
@@ -17,6 +17,11 @@ stdenv.mkDerivation rec {
       url = "https://github.com/intel/linux-sgx-driver/commit/276c5c6a064d22358542f5e0aa96b1c0ace5d695.patch";
       sha256 = "sha256-PmchqYENIbnJ51G/tkdap/g20LUrJEoQ4rDtqy6hj24=";
     })
+    # Fixes detection with kernel >= 5.11
+    (fetchpatch {
+      url = "https://github.com/intel/linux-sgx-driver/commit/ed2c256929962db1a8805db53bed09bb8f2f4de3.patch";
+      sha256 = "sha256-MRbgS4U8FTCP1J1n+rhsvbXxKDytfl6B7YlT9Izq05U=";
+    })
   ];
 
   hardeningDisable = [ "pic" ];
@@ -47,7 +52,5 @@ stdenv.mkDerivation rec {
     license = with licenses; [ bsd3 /* OR */ gpl2Only ];
     maintainers = with maintainers; [ oxalica ];
     platforms = platforms.linux;
-    # The driver is already in kernel >= 5.11.0.
-    broken = kernelAtLeast "5.11.0";
   };
 }
-- 
cgit 1.4.1


From d0a90eb51a873795165c4d2f8f4a187fd550e71a Mon Sep 17 00:00:00 2001
From: Jörg Thalheim <joerg@thalheim.io>
Date: Wed, 21 Apr 2021 23:39:53 +0200
Subject: linuxPackages.isgx: limit to x86_64

---
 pkgs/os-specific/linux/isgx/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'pkgs/os-specific/linux/isgx/default.nix')

diff --git a/pkgs/os-specific/linux/isgx/default.nix b/pkgs/os-specific/linux/isgx/default.nix
index 5963d8a0e4f..3e551e55917 100644
--- a/pkgs/os-specific/linux/isgx/default.nix
+++ b/pkgs/os-specific/linux/isgx/default.nix
@@ -51,6 +51,6 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/intel/linux-sgx-driver";
     license = with licenses; [ bsd3 /* OR */ gpl2Only ];
     maintainers = with maintainers; [ oxalica ];
-    platforms = platforms.linux;
+    platforms = [ "x86_64-linux" ];
   };
 }
-- 
cgit 1.4.1