Skip to content

Commit effae62

Browse files
lllyllly
committed
Linux 2.17 Open Source Gold Release
Along with the latest processor microcode and re-signed all the Intel(R) SGX Architecture Enclaves (AEs) to address CVE-2022-21123, CVE-2022-21125 and CVE-2022-21166. Upgraded to Protobuf 3.20. Upgraded to SgxSSL/OpenSSL 1.1.1o. Added Intel TDX Attestation support. Added Rust support for ECDSA quote verification. Fixed bugs. Signed-off-by: Li, Xun <[email protected]>
1 parent da3ce11 commit effae62

File tree

83 files changed

+1193
-496
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

83 files changed

+1193
-496
lines changed

.gitmodules

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,4 +16,4 @@
1616
[submodule "external/protobuf/protobuf_code"]
1717
path = external/protobuf/protobuf_code
1818
url = https://github.com/protocolbuffers/protobuf.git
19-
branch = 3.14.x
19+
branch = 3.20.x

Makefile

Lines changed: 81 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030
#
3131

3232
include buildenv.mk
33-
.PHONY: all preparation psw sdk clean rebuild sdk_install_pkg psw_install_pkg
33+
.PHONY: all preparation psw sdk clean rebuild sdk_install_pkg psw_install_pkg tdx
3434

3535
all: tips
3636

@@ -80,6 +80,12 @@ sdk:
8080
$(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl clean
8181
$(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl
8282

83+
tdx:
84+
$(MAKE) -C external/dcap_source/QuoteGeneration pce_logic
85+
$(MAKE) -C external/dcap_source/QuoteGeneration tdx_logic
86+
$(MAKE) -C external/dcap_source/QuoteGeneration tdx_qgs
87+
$(MAKE) -C external/dcap_source/QuoteGeneration tdx_attest
88+
8389
# Generate SE SDK Install package
8490
sdk_install_pkg_no_mitigation: sdk_no_mitigation
8591
./linux/installer/bin/build-installpkg.sh sdk
@@ -112,17 +118,51 @@ ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/li
112118
endif
113119
$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_ae_id_enclave_pkg
114120
$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-id-enclave/libsgx-ae-id-enclave*.deb ./linux/installer/deb/sgx-aesm-service/
121+
122+
.PHONY: deb_libsgx_ae_tdqe deb_libsgx_tdx_logic deb_tdx_qgs deb_tdx_attest
123+
ifeq ($(DISTR_ID)$(DISTR_VER),ubuntu18.04)
124+
deb_libsgx_ae_tdqe:
125+
echo "Skip tdqe in ubuntu 18.04"
126+
deb_libsgx_tdx_logic:
127+
echo "Skip tdx_logic in ubuntu 18.04"
128+
deb_tdx_qgs:
129+
echo "Skip tdx_qgs in ubuntu 18.04"
130+
deb_tdx_attest:
131+
echo "Skip tdx_attest in ubuntu 18.04"
132+
else
133+
deb_libsgx_ae_tdqe:
134+
ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/libsgx_tdqe.signed.so)", "")
135+
./external/dcap_source/QuoteGeneration/download_prebuilt.sh
136+
endif
137+
$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_ae_tdqe_pkg
138+
$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-tdqe/libsgx-ae-tdqe*.deb ./linux/installer/deb/sgx-aesm-service/
139+
140+
deb_libsgx_tdx_logic:
141+
$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_tdx_logic_pkg
142+
$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-tdx-logic/libsgx-tdx-logic*deb ./linux/installer/deb/sgx-aesm-service/
143+
144+
deb_tdx_qgs:
145+
$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_tdx_qgs_pkg
146+
$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/tdx-qgs/tdx-qgs*deb ./linux/installer/deb/sgx-aesm-service/
147+
148+
deb_tdx_attest:
149+
$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_tdx_attest_pkg
150+
$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libtdx-attest/libtdx-attest*deb ./linux/installer/deb/sgx-aesm-service/
151+
endif
152+
115153
.PHONY: deb_libsgx_qe3_logic
116154
deb_libsgx_qe3_logic: psw
117155
$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_qe3_logic_pkg
118156
$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-qe3-logic/libsgx-qe3-logic*deb ./linux/installer/deb/sgx-aesm-service/
157+
119158
.PHONY: deb_libsgx_pce_logic
120159
deb_libsgx_pce_logic: psw
121160
$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_pce_logic_pkg
161+
$(CP) external/dcap_source/QuoteGeneration/build/linux/libsgx_pce_logic.so* $(BUILD_DIR)
122162
$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/libsgx-pce-logic*deb ./linux/installer/deb/sgx-aesm-service/
123163

124164
.PHONY: deb_sgx_aesm_service
125-
deb_sgx_aesm_service: psw
165+
deb_sgx_aesm_service: psw deb_libsgx_pce_logic
126166
./linux/installer/deb/sgx-aesm-service/build.sh
127167

128168
.PHONY: deb_libsgx_epid
@@ -155,7 +195,7 @@ deb_libsgx_headers_pkg:
155195

156196
ifeq ($(CC_BELOW_5_2), 1)
157197
.PHONY: deb_psw_pkg
158-
deb_psw_pkg: deb_libsgx_headers_pkg deb_libsgx_qe3_logic deb_libsgx_pce_logic deb_sgx_aesm_service deb_libsgx_epid deb_libsgx_launch deb_libsgx_quote_ex deb_libsgx_uae_service deb_libsgx_enclave_common deb_libsgx_urts deb_libsgx_ae_qe3 deb_libsgx_ae_id_enclave
198+
deb_psw_pkg: deb_libsgx_headers_pkg deb_libsgx_qe3_logic deb_libsgx_pce_logic deb_sgx_aesm_service deb_libsgx_epid deb_libsgx_launch deb_libsgx_quote_ex deb_libsgx_uae_service deb_libsgx_enclave_common deb_libsgx_urts deb_libsgx_ae_qe3 deb_libsgx_ae_tdqe deb_libsgx_ae_id_enclave deb_libsgx_tdx_logic deb_tdx_qgs deb_tdx_attest
159199
else
160200
.PHONY: deb_libsgx_dcap_default_qpl
161201
deb_libsgx_dcap_default_qpl:
@@ -168,7 +208,7 @@ deb_libsgx_dcap_pccs:
168208
$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/sgx-dcap-pccs/sgx-dcap-pccs*deb ./linux/installer/deb/sgx-aesm-service/
169209

170210
.PHONY: deb_libsgx_dcap_ql
171-
deb_libsgx_dcap_ql:
211+
deb_libsgx_dcap_ql: deb_libsgx_pce_logic
172212
$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_dcap_ql_pkg
173213
$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/libsgx-dcap-ql*deb ./linux/installer/deb/sgx-aesm-service/
174214

@@ -190,16 +230,14 @@ deb_sgx_pck_id_retrieval_tool_pkg:
190230
$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_pck_id_retrieval_tool_pkg
191231
$(CP) external/dcap_source/tools/PCKRetrievalTool/installer/deb/sgx-pck-id-retrieval-tool/sgx-pck-id-retrieval-tool*deb ./linux/installer/deb/sgx-aesm-service/
192232

193-
194233
.PHONY: deb_sgx_ra_service_pkg
195234
deb_sgx_ra_service_pkg:
196235
$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_ra_service_pkg
197236
$(CP) external/dcap_source/tools/SGXPlatformRegistration/build/installer/sgx-ra-service*deb ./linux/installer/deb/sgx-aesm-service/
198237
$(CP) external/dcap_source/tools/SGXPlatformRegistration/build/installer/libsgx-ra-*deb ./linux/installer/deb/sgx-aesm-service/
199238

200-
201239
.PHONY: deb_psw_pkg
202-
deb_psw_pkg: deb_libsgx_headers_pkg deb_libsgx_qe3_logic deb_libsgx_pce_logic deb_sgx_aesm_service deb_libsgx_epid deb_libsgx_launch deb_libsgx_quote_ex deb_libsgx_uae_service deb_libsgx_enclave_common deb_libsgx_urts deb_libsgx_ae_qe3 deb_libsgx_ae_id_enclave deb_libsgx_dcap_default_qpl deb_libsgx_dcap_pccs deb_libsgx_dcap_ql deb_libsgx_ae_qve deb_sgx_dcap_quote_verify deb_sgx_pck_id_retrieval_tool_pkg deb_sgx_ra_service_pkg
240+
deb_psw_pkg: deb_libsgx_headers_pkg deb_libsgx_qe3_logic deb_libsgx_pce_logic deb_sgx_aesm_service deb_libsgx_epid deb_libsgx_launch deb_libsgx_quote_ex deb_libsgx_uae_service deb_libsgx_enclave_common deb_libsgx_urts deb_libsgx_ae_qe3 deb_libsgx_ae_id_enclave deb_libsgx_dcap_default_qpl deb_libsgx_dcap_pccs deb_libsgx_dcap_ql deb_libsgx_ae_qve deb_sgx_dcap_quote_verify deb_sgx_pck_id_retrieval_tool_pkg deb_sgx_ra_service_pkg deb_libsgx_ae_tdqe deb_libsgx_tdx_logic deb_tdx_qgs deb_tdx_attest
203241
endif
204242

205243
.PHONY: deb_local_repo
@@ -213,17 +251,43 @@ ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/li
213251
endif
214252
$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_ae_qe3_pkg
215253
$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-qe3/libsgx-ae-qe3*.rpm ./linux/installer/rpm/sgx-aesm-service/
254+
255+
.PHONY: rpm_libsgx_ae_tdqe
256+
rpm_libsgx_ae_tdqe:
257+
ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/libsgx_tdqe.signed.so)", "")
258+
./external/dcap_source/QuoteGeneration/download_prebuilt.sh
259+
endif
260+
$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_ae_tdqe_pkg
261+
$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-tdqe/libsgx-ae-tdqe*.rpm ./linux/installer/rpm/sgx-aesm-service/
262+
216263
.PHONY: rpm_libsgx_ae_id_enclave
217264
rpm_libsgx_ae_id_enclave:
218265
ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/libsgx_id_enclave.signed.so)", "")
219266
./external/dcap_source/QuoteGeneration/download_prebuilt.sh
220267
endif
221268
$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_ae_id_enclave_pkg
222269
$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-id-enclave/libsgx-ae-id-enclave*.rpm ./linux/installer/rpm/sgx-aesm-service/
270+
271+
.PHONY: rpm_libsgx_tdx_logic
272+
rpm_libsgx_tdx_logic:
273+
$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_tdx_logic_pkg
274+
$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-tdx-logic/libsgx-tdx-logic*.rpm ./linux/installer/rpm/sgx-aesm-service/
275+
276+
.PHONY: rpm_tdx_qgs
277+
rpm_tdx_qgs:
278+
$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_tdx_qgs_pkg
279+
$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/tdx-qgs/tdx-qgs*.rpm ./linux/installer/rpm/sgx-aesm-service/
280+
281+
.PHONY: rpm_tdx_attest
282+
rpm_tdx_attest:
283+
$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_tdx_attest_pkg
284+
$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libtdx-attest/libtdx-attest*.rpm ./linux/installer/rpm/sgx-aesm-service/
285+
223286
.PHONY: rpm_libsgx_pce_logic
224287
rpm_libsgx_pce_logic: psw
225288
$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_pce_logic_pkg
226289
$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-pce-logic/libsgx-pce-logic*.rpm ./linux/installer/rpm/sgx-aesm-service/
290+
227291
.PHONY: rpm_libsgx_qe3_logic
228292
rpm_libsgx_qe3_logic: psw
229293
$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_qe3_logic_pkg
@@ -267,7 +331,7 @@ rpm_libsgx_headers_pkg:
267331

268332
ifeq ($(CC_BELOW_5_2), 1)
269333
.PHONY: rpm_psw_pkg
270-
rpm_psw_pkg: rpm_libsgx_headers_pkg rpm_libsgx_pce_logic rpm_libsgx_qe3_logic rpm_sgx_aesm_service rpm_libsgx_epid rpm_libsgx_launch rpm_libsgx_quote_ex rpm_libsgx_uae_service rpm_libsgx_enclave_common rpm_libsgx_urts rpm_libsgx_ae_qe3 rpm_libsgx_ae_id_enclave
334+
rpm_psw_pkg: rpm_libsgx_headers_pkg rpm_libsgx_pce_logic rpm_libsgx_qe3_logic rpm_sgx_aesm_service rpm_libsgx_epid rpm_libsgx_launch rpm_libsgx_quote_ex rpm_libsgx_uae_service rpm_libsgx_enclave_common rpm_libsgx_urts rpm_libsgx_ae_qe3 rpm_libsgx_ae_tdqe rpm_libsgx_ae_id_enclave rpm_libsgx_tdx_logic rpm_tdx_qgs rpm_tdx_attest
271335
else
272336
.PHONY: rpm_libsgx_dcap_default_qpl
273337
rpm_libsgx_dcap_default_qpl:
@@ -309,7 +373,7 @@ rpm_sgx_ra_service_pkg:
309373
$(CP) external/dcap_source/tools/SGXPlatformRegistration/build/installer/libsgx-ra-*rpm ./linux/installer/rpm/sgx-aesm-service/
310374

311375
.PHONY: rpm_psw_pkg
312-
rpm_psw_pkg: rpm_libsgx_headers_pkg rpm_libsgx_pce_logic rpm_libsgx_qe3_logic rpm_sgx_aesm_service rpm_libsgx_epid rpm_libsgx_launch rpm_libsgx_quote_ex rpm_libsgx_uae_service rpm_libsgx_enclave_common rpm_libsgx_urts rpm_libsgx_ae_qe3 rpm_libsgx_ae_id_enclave rpm_libsgx_dcap_default_qpl rpm_libsgx_dcap_pccs rpm_libsgx_dcap_ql rpm_libsgx_ae_qve rpm_sgx_dcap_quote_verify rpm_sgx_pck_id_retrieval_tool_pkg rpm_sgx_ra_service_pkg
376+
rpm_psw_pkg: rpm_libsgx_headers_pkg rpm_libsgx_pce_logic rpm_libsgx_qe3_logic rpm_sgx_aesm_service rpm_libsgx_epid rpm_libsgx_launch rpm_libsgx_quote_ex rpm_libsgx_uae_service rpm_libsgx_enclave_common rpm_libsgx_urts rpm_libsgx_ae_qe3 rpm_libsgx_ae_id_enclave rpm_libsgx_dcap_default_qpl rpm_libsgx_dcap_pccs rpm_libsgx_dcap_ql rpm_libsgx_ae_qve rpm_sgx_dcap_quote_verify rpm_sgx_pck_id_retrieval_tool_pkg rpm_sgx_ra_service_pkg rpm_libsgx_ae_tdqe rpm_libsgx_tdx_logic rpm_tdx_qgs rpm_tdx_attest
313377
endif
314378

315379
.PHONY: rpm_local_repo
@@ -354,6 +418,10 @@ ifeq ("$(shell test -f external/dcap_source/QuoteVerification/Makefile && echo M
354418
./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-qve/clean.sh
355419
./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-qe3/clean.sh
356420
./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-id-enclave/clean.sh
421+
./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-tdqe/clean.sh
422+
./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-tdx-logic/clean.sh
423+
./external/dcap_source/QuoteGeneration/installer/linux/deb/libtdx-attest/clean.sh
424+
./external/dcap_source/QuoteGeneration/installer/linux/deb/tdx-qgs/clean.sh
357425
./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-dcap-default-qpl/clean.sh
358426
./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/clean.sh
359427
./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/clean.sh
@@ -363,6 +431,10 @@ ifeq ("$(shell test -f external/dcap_source/QuoteVerification/Makefile && echo M
363431
./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-qve/clean.sh
364432
./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-qe3/clean.sh
365433
./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-id-enclave/clean.sh
434+
./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-tdqe/clean.sh
435+
./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-tdx-logic/clean.sh
436+
./external/dcap_source/QuoteGeneration/installer/linux/rpm/libtdx-attest/clean.sh
437+
./external/dcap_source/QuoteGeneration/installer/linux/rpm/tdx-qgs/clean.sh
366438
./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-default-qpl/clean.sh
367439
./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/clean.sh
368440
./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-pce-logic/clean.sh

Makefile.psw_dcap

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ endef
3838
SGX_SDK := /tmp/intel/sgxsdk
3939
export SGX_SDK
4040

41-
.PHONY: build psw dcap install clean sdk install_sdk
41+
.PHONY: build psw dcap install clean sdk install_sdk ippcp
4242

4343
build: psw dcap
4444

@@ -55,11 +55,15 @@ clean:
5555
@$(MAKE) -C psw/ clean
5656
@$(MAKE) -C external/dcap_source/ clean
5757
@$(MAKE) -C sdk/ clean
58+
@$(MAKE) -C external/ippcp_internal/ clean
5859
ifneq ($(call DIR_EXISTS,$(SGX_SDK)),)
5960
$(SGX_SDK)/uninstall.sh
6061
endif
6162

62-
sdk:
63+
ippcp:
64+
$(MAKE) -C external/ippcp_internal/
65+
66+
sdk: ippcp
6367
$(MAKE) -C sdk/ USE_OPT_LIBS=$(USE_OPT_LIBS)
6468
$(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl clean
6569
$(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl

0 commit comments

Comments
 (0)