tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / os-specific / linux / sgx / samples / default.nix
at fix-function-merge 140 lines 3.5 kB view raw
1{ stdenv 2, lib 3, makeWrapper 4, openssl 5, sgx-sdk 6, sgx-psw 7, which 8 # "SIM" or "HW" 9, sgxMode 10}: 11let 12 isSimulation = sgxMode == "SIM"; 13 buildSample = name: stdenv.mkDerivation { 14 pname = name; 15 version = sgxMode; 16 17 src = sgx-sdk.out; 18 sourceRoot = "${sgx-sdk.name}/share/SampleCode/${name}"; 19 20 nativeBuildInputs = [ 21 makeWrapper 22 openssl 23 which 24 ]; 25 26 buildInputs = [ 27 sgx-sdk 28 ]; 29 30 # The samples don't have proper support for parallel building 31 # causing them to fail randomly. 32 enableParallelBuilding = false; 33 34 buildFlags = [ 35 "SGX_MODE=${sgxMode}" 36 ]; 37 38 installPhase = '' 39 runHook preInstall 40 41 mkdir -p $out/{bin,lib} 42 install -m 755 app $out/bin 43 install *.so $out/lib 44 45 wrapProgram "$out/bin/app" \ 46 --chdir "$out/lib" \ 47 ${lib.optionalString (!isSimulation) 48 ''--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-psw ]}"''} 49 50 runHook postInstall 51 ''; 52 53 # Breaks the signature of the enclaves 54 dontFixup = true; 55 56 # We don't have access to real SGX hardware during the build 57 doInstallCheck = isSimulation; 58 installCheckPhase = '' 59 runHook preInstallCheck 60 61 pushd / 62 echo a | $out/bin/app 63 popd 64 65 runHook preInstallCheck 66 ''; 67 }; 68in 69{ 70 cxx11SGXDemo = buildSample "Cxx11SGXDemo"; 71 cxx14SGXDemo = buildSample "Cxx14SGXDemo"; 72 cxx17SGXDemo = buildSample "Cxx17SGXDemo"; 73 localAttestation = (buildSample "LocalAttestation").overrideAttrs (old: { 74 installPhase = '' 75 runHook preInstall 76 77 mkdir -p $out/{bin,lib} 78 install -m 755 bin/app* $out/bin 79 install bin/*.so $out/lib 80 81 for bin in $out/bin/*; do 82 wrapProgram $bin \ 83 --chdir "$out/lib" \ 84 ${lib.optionalString (!isSimulation) 85 ''--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-psw ]}"''} 86 done 87 88 runHook postInstall 89 ''; 90 }); 91 powerTransition = buildSample "PowerTransition"; 92 protobufSGXDemo = buildSample "ProtobufSGXDemo"; 93 remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (old: { 94 # Makefile sets rpath to point to $TMPDIR 95 preFixup = '' 96 patchelf --remove-rpath $out/bin/app 97 ''; 98 99 postInstall = '' 100 install sample_libcrypto/*.so $out/lib 101 ''; 102 }); 103 sampleEnclave = buildSample "SampleEnclave"; 104 sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP"; 105 sampleMbedCrypto = buildSample "SampleMbedCrypto"; 106 sealUnseal = (buildSample "SealUnseal").overrideAttrs (old: { 107 prePatch = '' 108 substituteInPlace App/App.cpp \ 109 --replace '"sealed_data_blob.txt"' '"/tmp/sealed_data_blob.txt"' 110 ''; 111 }); 112 switchless = buildSample "Switchless"; 113 # # Requires SGX-patched openssl (sgxssl) build 114 # sampleAttestedTLS = buildSample "SampleAttestedTLS"; 115} // lib.optionalAttrs (!isSimulation) { 116 # # Requires kernel >= v6.2 && HW SGX 117 # sampleAEXNotify = buildSample "SampleAEXNotify"; 118 119 # Requires HW SGX 120 sampleCommonLoader = (buildSample "SampleCommonLoader").overrideAttrs (old: { 121 nativeBuildInputs = [ sgx-psw ] ++ old.nativeBuildInputs; 122 123 installPhase = '' 124 runHook preInstall 125 126 mkdir -p $out/{bin,lib} 127 mv sample app 128 install -m 755 app $out/bin 129 130 wrapProgram "$out/bin/app" \ 131 --chdir "$out/lib" \ 132 --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [sgx-psw]}" 133 134 runHook postInstall 135 ''; 136 }); 137 138 # # SEGFAULTs in simulation mode? 139 # sampleEnclavePCL = buildSample "SampleEnclavePCL"; 140}