tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / os-specific / linux / sgx / samples / default.nix
at devShellTools-shell 146 lines 3.7 kB view raw
1{ 2 stdenv, 3 lib, 4 makeWrapper, 5 openssl, 6 sgx-sdk, 7 sgx-psw, 8 which, 9 # "SIM" or "HW" 10 sgxMode, 11}: 12let 13 isSimulation = sgxMode == "SIM"; 14 buildSample = 15 name: 16 stdenv.mkDerivation { 17 pname = name; 18 version = sgxMode; 19 20 src = sgx-sdk.out; 21 sourceRoot = "${sgx-sdk.name}/share/SampleCode/${name}"; 22 23 nativeBuildInputs = [ 24 makeWrapper 25 openssl 26 which 27 ]; 28 29 buildInputs = [ 30 sgx-sdk 31 ]; 32 33 # The samples don't have proper support for parallel building 34 # causing them to fail randomly. 35 enableParallelBuilding = false; 36 37 buildFlags = [ 38 "SGX_MODE=${sgxMode}" 39 ]; 40 41 installPhase = '' 42 runHook preInstall 43 44 mkdir -p $out/{bin,lib} 45 install -m 755 app $out/bin 46 install *.so $out/lib 47 48 wrapProgram "$out/bin/app" \ 49 --chdir "$out/lib" \ 50 ${lib.optionalString (!isSimulation) 51 ''--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-psw ]}"'' 52 } 53 54 runHook postInstall 55 ''; 56 57 # Breaks the signature of the enclaves 58 dontFixup = true; 59 60 # We don't have access to real SGX hardware during the build 61 doInstallCheck = isSimulation; 62 installCheckPhase = '' 63 runHook preInstallCheck 64 65 pushd / 66 echo a | $out/bin/app 67 popd 68 69 runHook preInstallCheck 70 ''; 71 }; 72in 73{ 74 cxx11SGXDemo = buildSample "Cxx11SGXDemo"; 75 cxx14SGXDemo = buildSample "Cxx14SGXDemo"; 76 cxx17SGXDemo = buildSample "Cxx17SGXDemo"; 77 localAttestation = (buildSample "LocalAttestation").overrideAttrs (old: { 78 installPhase = '' 79 runHook preInstall 80 81 mkdir -p $out/{bin,lib} 82 install -m 755 bin/app* $out/bin 83 install bin/*.so $out/lib 84 85 for bin in $out/bin/*; do 86 wrapProgram $bin \ 87 --chdir "$out/lib" \ 88 ${lib.optionalString (!isSimulation) 89 ''--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-psw ]}"'' 90 } 91 done 92 93 runHook postInstall 94 ''; 95 }); 96 powerTransition = buildSample "PowerTransition"; 97 protobufSGXDemo = buildSample "ProtobufSGXDemo"; 98 remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (old: { 99 # Makefile sets rpath to point to $TMPDIR 100 preFixup = '' 101 patchelf --remove-rpath $out/bin/app 102 ''; 103 104 postInstall = '' 105 install sample_libcrypto/*.so $out/lib 106 ''; 107 }); 108 sampleEnclave = buildSample "SampleEnclave"; 109 sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP"; 110 sampleMbedCrypto = buildSample "SampleMbedCrypto"; 111 sealUnseal = (buildSample "SealUnseal").overrideAttrs (old: { 112 prePatch = '' 113 substituteInPlace App/App.cpp \ 114 --replace '"sealed_data_blob.txt"' '"/tmp/sealed_data_blob.txt"' 115 ''; 116 }); 117 switchless = buildSample "Switchless"; 118 # # Requires SGX-patched openssl (sgxssl) build 119 # sampleAttestedTLS = buildSample "SampleAttestedTLS"; 120} 121// lib.optionalAttrs (!isSimulation) { 122 # # Requires kernel >= v6.2 && HW SGX 123 # sampleAEXNotify = buildSample "SampleAEXNotify"; 124 125 # Requires HW SGX 126 sampleCommonLoader = (buildSample "SampleCommonLoader").overrideAttrs (old: { 127 nativeBuildInputs = [ sgx-psw ] ++ old.nativeBuildInputs; 128 129 installPhase = '' 130 runHook preInstall 131 132 mkdir -p $out/{bin,lib} 133 mv sample app 134 install -m 755 app $out/bin 135 136 wrapProgram "$out/bin/app" \ 137 --chdir "$out/lib" \ 138 --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-psw ]}" 139 140 runHook postInstall 141 ''; 142 }); 143 144 # # SEGFAULTs in simulation mode? 145 # sampleEnclavePCL = buildSample "SampleEnclavePCL"; 146}