pkgs/os-specific/linux/sgx/samples/default.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / os-specific / linux / sgx / samples / default.nix
at 23.11-beta 109 lines 2.6 kB view raw
  1{ stdenv
  2, lib
  3, makeWrapper
  4, sgx-sdk
  5, sgx-psw
  6, which
  7  # "SIM" or "HW"
  8, sgxMode
  9}:
 10let
 11  isSimulation = sgxMode == "SIM";
 12  buildSample = name: stdenv.mkDerivation {
 13    pname = name;
 14    version = sgxMode;
 15
 16    src = sgx-sdk.out;
 17    sourceRoot = "${sgx-sdk.name}/share/SampleCode/${name}";
 18
 19    nativeBuildInputs = [
 20      makeWrapper
 21      which
 22    ];
 23
 24    buildInputs = [
 25      sgx-sdk
 26    ];
 27
 28    # The samples don't have proper support for parallel building
 29    # causing them to fail randomly.
 30    enableParallelBuilding = false;
 31
 32    buildFlags = [
 33      "SGX_MODE=${sgxMode}"
 34    ];
 35
 36    installPhase = ''
 37      runHook preInstall
 38
 39      mkdir -p $out/{bin,lib}
 40      install -m 755 app $out/bin
 41      install *.so $out/lib
 42
 43      wrapProgram "$out/bin/app" \
 44        --chdir "$out/lib" \
 45        ${lib.optionalString (!isSimulation)
 46        ''--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-psw ]}"''}
 47
 48      runHook postInstall
 49    '';
 50
 51    # Breaks the signature of the enclaves
 52    dontFixup = true;
 53
 54    # We don't have access to real SGX hardware during the build
 55    doInstallCheck = isSimulation;
 56    installCheckPhase = ''
 57      runHook preInstallCheck
 58
 59      pushd /
 60      echo a | $out/bin/app
 61      popd
 62
 63      runHook preInstallCheck
 64    '';
 65  };
 66in
 67{
 68  cxx11SGXDemo = buildSample "Cxx11SGXDemo";
 69  localAttestation = (buildSample "LocalAttestation").overrideAttrs (oldAttrs: {
 70    installPhase = ''
 71      runHook preInstall
 72
 73      mkdir -p $out/{bin,lib}
 74      install -m 755 bin/app* $out/bin
 75      install bin/*.so $out/lib
 76
 77      for bin in $out/bin/*; do
 78        wrapProgram $bin \
 79          --chdir "$out/lib" \
 80          ${lib.optionalString (!isSimulation)
 81          ''--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-psw ]}"''}
 82      done
 83
 84      runHook postInstall
 85    '';
 86  });
 87  powerTransition = buildSample "PowerTransition";
 88  protobufSGXDemo = buildSample "ProtobufSGXDemo";
 89  remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: {
 90    # Makefile sets rpath to point to $TMPDIR
 91    preFixup = ''
 92      patchelf --remove-rpath $out/bin/app
 93    '';
 94
 95    postInstall = ''
 96      install sample_libcrypto/*.so $out/lib
 97    '';
 98  });
 99  sampleEnclave = buildSample "SampleEnclave";
100  sampleEnclavePCL = buildSample "SampleEnclavePCL";
101  sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP";
102  sealUnseal = (buildSample "SealUnseal").overrideAttrs (oldAttrs: {
103    prePatch = ''
104      substituteInPlace App/App.cpp \
105        --replace '"sealed_data_blob.txt"' '"/tmp/sealed_data_blob.txt"'
106    '';
107  });
108  switchless = buildSample "Switchless";
109}