Linux 编写SGX Hello_World

最新推荐文章于 2024-01-23 23:22:18 发布
最新推荐文章于 2024-01-23 23:22:18 发布
阅读量1.1k 收藏 5
点赞数 2
分类专栏: C Program Linux 机密计算 文章标签: c++ 安全 系统安全 安全架构 ubuntu
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/P_Bloomberg/article/details/119483286
版权
Linux 同时被 3 个专栏收录
4 篇文章 0 订阅
订阅专栏
C Program
3 篇文章 0 订阅
订阅专栏
机密计算
3 篇文章 0 订阅
订阅专栏

实验环境 Ubuntu18.04 SGX环境配置

建议先在Windows Vs2017中创建SGX项目编译,再迁移到Linux中。

项目结构

>>> tree
.
├── App
│   └── App.cpp
├── Enclave
│   ├── Enclave.config.xml
│   ├── Enclave.cpp
│   ├── Enclave.edl
│   ├── Enclave.lds
│   └── Enclave_private_test.pem
└── Makefile

文件内容

1、App.cpp
#include <stdio.h>
#include <stdlib.h>

#include "sgx_urts.h"
#include "Enclave_u.h"

#define ENCLAVE_FILE "enclave.signed.so"
#define MAX_BUF_LEN 100
int main()
{
    sgx_enclave_id_t eid;
    sgx_status_t ret = SGX_SUCCESS;
    sgx_launch_token_t token = {0};
    int updated = 0;
    char buffer[MAX_BUF_LEN] = "Hello World!";
    // Create the Enclave with above launch token.
    ret = sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG, &token, &updated, &eid, NULL);
    if (ret != SGX_SUCCESS)
    {
        printf("App: error %#x, failed to create enclave.\n", ret);
        return -1;
    }
    // An Enclave call (ECALL) will happen here.
    foo(eid, buffer, MAX_BUF_LEN);
    printf("%s\n", buffer);

    // Destroy the enclave when all Enclave calls finished.
    if (SGX_SUCCESS != sgx_destroy_enclave(eid))
        return -1;
    return 0;
}
2、Enclave.cpp
#include "Enclave_t.h"

#include "sgx_trts.h"
#include <string.h>
#include <stdlib.h>

void foo(char *buf, size_t len)
{
    const char *secret = "Hello Enclave!";
    if (len > strlen(secret))
    {
        memcpy(buf, secret, strlen(secret) + 1);
    }
}
3、Enclave.edl
enclave {
    from "sgx_tstdc.edl" import *;

    trusted {
        /* define ECALLs here. */
		public void foo([out,size=len] char* buf,size_t len);
    };
};
4、Enclave.config.xml
<EnclaveConfiguration>
  <ProdID>0</ProdID>
  <ISVSVN>0</ISVSVN>
  <StackMaxSize>0x40000</StackMaxSize>
  <HeapMaxSize>0x100000</HeapMaxSize>
  <TCSNum>10</TCSNum>
  <TCSPolicy>1</TCSPolicy>
  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
  <DisableDebug>0</DisableDebug>
  <MiscSelect>0</MiscSelect>
  <MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>
5、Enclave.lds
enclave.so
{
    global:
        g_global_data_sim;
        g_global_data;
        enclave_entry;
        g_peak_heap_used;
        g_peak_rsrv_mem_committed;
    local:
        *;
};
6、Enclave_private_test.pem
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
-----END RSA PRIVATE KEY-----
7、Makefile
######## SGX SDK Settings ########

SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= HW
SGX_ARCH ?= x64
SGX_DEBUG ?= 1

include $(SGX_SDK)/buildenv.mk

ifeq ($(shell getconf LONG_BIT), 32)
	SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
	SGX_ARCH := x86
endif

ifeq ($(SGX_ARCH), x86)
	SGX_COMMON_FLAGS := -m32
	SGX_LIBRARY_PATH := $(SGX_SDK)/lib
	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
	SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
	SGX_COMMON_FLAGS := -m64
	SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
	SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif

ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif

ifeq ($(SGX_DEBUG), 1)
        SGX_COMMON_FLAGS += -O0 -g
else
        SGX_COMMON_FLAGS += -O2
endif

SGX_COMMON_FLAGS += -Wall -Wextra -Winit-self -Wpointer-arith -Wreturn-type \
                    -Waddress -Wsequence-point -Wformat-security \
                    -Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow \
                    -Wcast-align -Wcast-qual -Wconversion -Wredundant-decls
SGX_COMMON_CFLAGS := $(SGX_COMMON_FLAGS) -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants
SGX_COMMON_CXXFLAGS := $(SGX_COMMON_FLAGS) -Wnon-virtual-dtor -std=c++11

######## App Settings ########

ifneq ($(SGX_MODE), HW)
	Urts_Library_Name := sgx_urts_sim
else
	Urts_Library_Name := sgx_urts
endif

App_Cpp_Files := App/App.cpp $(wildcard App/Edger8rSyntax/*.cpp) $(wildcard App/TrustedLibrary/*.cpp)
App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include

App_C_Flags := -fPIC -Wno-attributes $(App_Include_Paths)

# Three configuration modes - Debug, prerelease, release
#   Debug - Macro DEBUG enabled.
#   Prerelease - Macro NDEBUG and EDEBUG enabled.
#   Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1)
        App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1)
        App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
else
        App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
endif

App_Cpp_Flags := $(App_C_Flags)
App_Link_Flags := -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread 

App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)

App_Name := app

######## Enclave Settings ########

ifneq ($(SGX_MODE), HW)
	Trts_Library_Name := sgx_trts_sim
	Service_Library_Name := sgx_tservice_sim
else
	Trts_Library_Name := sgx_trts
	Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto

Enclave_Cpp_Files := Enclave/Enclave.cpp
Enclave_Include_Paths := -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx

Enclave_C_Flags := $(Enclave_Include_Paths) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections $(MITIGATION_CFLAGS)
CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
ifeq ($(CC_BELOW_4_9), 1)
	Enclave_C_Flags += -fstack-protector
else
	Enclave_C_Flags += -fstack-protector-strong
endif

Enclave_Cpp_Flags := $(Enclave_C_Flags) -nostdinc++

# Enable the security flags
Enclave_Security_Link_Flags := -Wl,-z,relro,-z,now,-z,noexecstack

# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
#    1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
#       so that the whole content of trts is included in the enclave.
#    2. For other libraries, you just need to pull the required symbols.
#       Use `--start-group' and `--end-group' to link these libraries.
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
# Otherwise, you may get some undesirable errors.
Enclave_Link_Flags := $(MITIGATION_LDFLAGS) $(Enclave_Security_Link_Flags) \
    -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_TRUSTED_LIBRARY_PATH) \
	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
	-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
	-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
	-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections   \
	-Wl,--version-script=Enclave/Enclave.lds

Enclave_Cpp_Objects := $(sort $(Enclave_Cpp_Files:.cpp=.o))

Enclave_Name := enclave.so
Signed_Enclave_Name := enclave.signed.so
Enclave_Config_File := Enclave/Enclave.config.xml

ifeq ($(SGX_MODE), HW)
ifeq ($(SGX_DEBUG), 1)
	Build_Mode = HW_DEBUG
else ifeq ($(SGX_PRERELEASE), 1)
	Build_Mode = HW_PRERELEASE
else
	Build_Mode = HW_RELEASE
endif
else
ifeq ($(SGX_DEBUG), 1)
	Build_Mode = SIM_DEBUG
else ifeq ($(SGX_PRERELEASE), 1)
	Build_Mode = SIM_PRERELEASE
else
	Build_Mode = SIM_RELEASE
endif
endif


.PHONY: all target run
all: .config_$(Build_Mode)_$(SGX_ARCH)
	@$(MAKE) target

ifeq ($(Build_Mode), HW_RELEASE)
target:  $(App_Name) $(Enclave_Name)
	@echo "The project has been built in release hardware mode."
	@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
	@echo "To sign the enclave use the command:"
	@echo "   $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
	@echo "You can also sign the enclave using an external signing tool."
	@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."


else
target: $(App_Name) $(Signed_Enclave_Name)
ifeq ($(Build_Mode), HW_DEBUG)
	@echo "The project has been built in debug hardware mode."
else ifeq ($(Build_Mode), SIM_DEBUG)
	@echo "The project has been built in debug simulation mode."
else ifeq ($(Build_Mode), HW_PRERELEASE)
	@echo "The project has been built in pre-release hardware mode."
else ifeq ($(Build_Mode), SIM_PRERELEASE)
	@echo "The project has been built in pre-release simulation mode."
else
	@echo "The project has been built in release simulation mode."
endif

endif

run: all
ifneq ($(Build_Mode), HW_RELEASE)
	@$(CURDIR)/$(App_Name)
	@echo "RUN  =>  $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
endif

.config_$(Build_Mode)_$(SGX_ARCH):
	@rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.*
	@touch .config_$(Build_Mode)_$(SGX_ARCH)

######## App Objects ########

App/Enclave_u.h: $(SGX_EDGER8R) Enclave/Enclave.edl
	@cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include
	@echo "GEN  =>  $@"

App/Enclave_u.c: App/Enclave_u.h

App/Enclave_u.o: App/Enclave_u.c
	@$(CC) $(SGX_COMMON_CFLAGS) $(App_C_Flags) -c $< -o $@
	@echo "CC   <=  $<"

App/%.o: App/%.cpp  App/Enclave_u.h
	@$(CXX) $(SGX_COMMON_CXXFLAGS) $(App_Cpp_Flags) -c $< -o $@
	@echo "CXX  <=  $<"

$(App_Name): App/Enclave_u.o $(App_Cpp_Objects)
	@$(CXX) $^ -o $@ $(App_Link_Flags)
	@echo "LINK =>  $@"

######## Enclave Objects ########

Enclave/Enclave_t.h: $(SGX_EDGER8R) Enclave/Enclave.edl
	@cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include
	@echo "GEN  =>  $@"

Enclave/Enclave_t.c: Enclave/Enclave_t.h

Enclave/Enclave_t.o: Enclave/Enclave_t.c
	@$(CC) $(SGX_COMMON_CFLAGS) $(Enclave_C_Flags) -c $< -o $@
	@echo "CC   <=  $<"

Enclave/%.o: Enclave/%.cpp Enclave/Enclave_t.h
	@$(CXX) $(SGX_COMMON_CXXFLAGS) $(Enclave_Cpp_Flags) -c $< -o $@
	@echo "CXX  <=  $<"

$(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects)
	@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
	@echo "LINK =>  $@"

$(Signed_Enclave_Name): $(Enclave_Name)
	@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private_test.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
	@echo "SIGN =>  $@"

.PHONY: clean

clean:
	@rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.*

编译运行

>>> sudo make
...
tcs_num 10, tcs_max_num 10, tcs_min_pool 1
The required memory is 3878912B.
The required memory is 0x3b3000, 3788 KB.
Succeed.
SIGN =>  enclave.signed.so
The project has been built in debug hardware mode.
...
>>> sudo ./app
Hello Enclave!
蚁小剑
关注
  • 2
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
SGX|hello world
励志长大
06-07 1192
hello world!示例Enclave.edlApp.cppEnclave.cpp实现test.edlApp.cpptset.cpp注意事项 示例 了解了SGX的相关基础,我们试着来编写一个打印“hello world!”的demo。 关于SGX的makefile的解读,参照https://blog.csdn.net/daichunkai123/article/details/78027895 接下来我们尝试编写属于我们的“hello world!”。 首先我们直接打开SDK中的示例程序: 其中APP
Ubuntu 16.04下Intel SGX应用程序程序开发——OCALL调用打印Hello World
qiu_pengfei的博客
12-14 1995
这篇文章主要讲述在Enclave函数中调用应用程序中的不可信函数,打印Hello World!。由于SGX认为printf是不安全的函数,所以不能在Enclave函数中直接使用printf函数打印想打印的内容,不过Intel SGX提供了一个Enclave中的printf封装函数,可以用来打印想打印的内容,可以参考:http://blog.csdn.net/qiu_pengfei/article/
LinuxSGX的使用(3)-编译多个文件
daichunkai123的博客
11-09 1254
在上一篇文章中,我们写出了Hello Enclave,但是只有一个cpp文件,较为简单,如果我们想同时编译多个文件我们应该怎么写每个CPP文件对应的EDl文件呢?本次我们就对这些内容做分析: 正如C++支持多个文件同时编译一样,SGX也同时支持类似的方式,我们还是以Hello Enclave的例子做改进,首先,我们看一下C++多个文件同时编译。我们建立三个文件,分别名为hello.cpp wor
Intel SGX开发环境配置 linux 16.04
Justdoforever的博客
06-05 1654
以下是针对不支持sgx开发所需硬件的开发环境配置,楼主就是BIOS不支持,所以psw(平台环境)安装不了,只能在SDK模拟环境下开发,因为Windows下真机环境无法模拟运行,上一篇博文就是楼主走的坑,这次在linux 16.04 lts下开发sgx,但愿成功。 安装SDK之前配置命令:再次之前我希望你更换一下国内下载源,这样会快多了。具体更换请看我之前的博文。 sudo apt-get ...
LinuxSGX的使用(2)-Hello Enclave
daichunkai123的博客
09-20 3586
编写代码之前,我们需要定义可信和不可信的函数,我们首先建立一个文件夹,在文件夹中为了编译方便(仿照上一节的makefile写我们自己的makefie)也仿照sdk给的例子中的文件夹布局建立新的文件夹文件夹的布局如下: 其中后缀为xml,lds,pem的文件,直接从SDK中SampleEnclave中拷贝即可(在所有的案例中,xml,lds的内容一样,但是名称不一样,也可以自己更该,但是makef
Linux ubuntu20.04 安装使用 Intel sgx
小立仔
11-29 1629
Linux ubuntu20.04 安装使用 Intel sgx
Intel SGX入门教程(二)在windows环境搭建intel sgx环境并运行helloworld程序
热门推荐
kouryoushine的博客
05-16 2万+
一 、环境要求 1.1 实验环境不低于一下要求 64 位 Microsoft Windows 操作系统 Microsoft Visual Studio 2015 英特尔软件防护扩展 SDK 1.2 BIOS中开启SGX配置 不同bios的设置可能会有区别,即使bios不支持sgx,也不会影响入门学习。我们可以通过SGX SDK里面内置的模拟器来运行调试enclave程序。 手动 BIOS ...
SGX实现hello World
10-25
void enclave_hello_world() { printf("Hello, World! This is an SGX Enclave.\n"); } ``` 3. 在`Enclave.cpp`中定义 enclave 的入口点: ```cpp extern "C" void enclave_entry(void* arg) { enclave_...
sgx.zip_SGX
09-22
SGX,全称为Software Guard Extensions,是Intel推出的一种硬件安全技术,主要用于保护应用程序中的敏感数据和代码不被恶意软件攻击。在3D图像引擎中,SGX能够为图形处理提供额外的安全层,确保渲染过程的隐私性和...
linux-sgx:面向Linux的英特尔SGX *
05-11
Linux * Intel(R)SGX软件堆栈由Intel(R)SGX驱动程序,Intel(R)SGX SDK和Intel(R)SGX平台软件(PSW)组成。 英特尔SGX SDK和英特尔SGX PSW托管在项目中。 项目维护Linux * Intel(R)SGX软件堆栈的树外驱动...
linux-sgx-driver:英特尔SGX Linux *驱动程序
05-14
Linux *操作系统的英特尔(R)软件保护扩展 linux-sgx驱动程序 介绍 英特尔:registered:软件保护扩展(英特尔:registered:SGX)是面向寻求保护选定代码和数据免于泄露或修改的应用程序开发人员的英特尔技术。 Linux SGX软件堆栈由Intel(R)SGX驱动程序,Intel(R)SGX SDK和Intel(R)SGX平台软件组成。 英特尔SGX SDK和英特尔SGX PSW托管在项目中。 项目托管Linux Intel(R)SGX软件堆栈的树外驱动程序,该驱动程序将一直使用到驱动程序上游过程完成为止。 重要的: 此驱动程序可用于支持不具有灵活启动控制(FLC)的,具有SGX较早功能的CPU。 但是,请注意,此驱动程序的ABI与上游SGX内核补丁有所不同,可能需要付出额外的努力才能将使用此驱动程序的软件迁移到支持SGX的将来的内核。 为了使ABI差异最小化并使所有SGX软件堆栈与将来启用SG
sgx官方文档
07-28
sgx是intel开发的新一代可信执行环境的硬软件套件。不仅提供了硬件环境,包括cpu指令,enclave内存环境。还提供了配套的c语言库以及其他依赖库。
Intel SGX SDK PSW ME_SW
11-20
Windows Intel SGX SDK和PSW,2.7版的,适合VS2015和VS2017,最新的好像是2.11版本了,想要的下载吧,或者用最新的也挺好使的。还有适合WIN8.1和WIN10的ME_SW,安装SGX SDK前最好先安装一下ME_SW吧。
Distributed_SGX_for_Deep_Learning
02-13
Distributed_SGX_for_Deep_Learning
英特尔开源 SGX For Linux 工具的早期版本
weixin_34240520的博客
06-02 105
一直以来,开源虽然在大踏步向前发展,但是软件领域的微软和硬件领域的英特尔似乎一直是专利的代名词,也曾经成为开源路上的阻力。如今微软纳德拉已经多次向开源示好,与Linux讲和,并在最新的Windows10的中原生支持了Linux bash。那么英特尔与开源的情缘现在如何呢? 在前不久的OpenStack Days China上,英特尔公司软件与服务事业部(...
LinuxSGX的使用(1)-makefile阅读
daichunkai123的博客
09-19 5282
预备UbuntuUbuntu 16.04.1 LTS SGX版本:Intel SGX Linux 1.8 Release 下载地址:https://01.org/zh/intel-software-guard-extensions/downloads?langredirect=1 安装过程:https://download.01.org/intel-sgx/linux-1.8/docs/In
SGX系列教程】(一)Intel-SGX SDK在ubuntu22.04下安装全流程
最新发布
tutu_hu的博客
01-23 2420
Intel-SGX SDK在ubuntu22.04下安装教程,从驱动到SDK到PSW,再到demo源码分析,一站式学习Intel SGX
Intel SGX Application
M021的专栏
04-29 3709
SGX的概念提出到支持SGX的硬件问世的这段时间,有一些基于SGX的应用,但是很少。只有微软的Haven(USENIX 2014)、VC3(SP 2015)。但是,2016年有大量基于SGX安全文章,SGX安全研究比较热门。
Intel SGX安装指南(Ubuntu20.04)
hhh078的博客
08-14 1321
Intel Software Guard Extensions(Intel SGX)是Intel对于可信执行环境(TEE)的一种实现,是一套基于硬件底层的安全技术。Intel SGX的诞生较早,且在近年来持续更新,体量庞杂,依赖多,有较多历史遗留问题。Intel最新使用Trust Domain Extensions(TDX)技术替代了SGX,然而由于其诞生之初,配套的框架、支持以及文档较少,因此较难使用。
# Non-SGX files Nsgx_App_Cpp_Files := $(wildcard App/*.cpp) Nsgx_App_Cpp_Files := $(filter-out App/test.cpp App/foo.cpp App/Start.cpp App/App.cpp App/Keys.cpp App/Client.cpp App/Server.cpp, $(Nsgx_App_Cpp_Files)) # Includes SGX files App_Cpp_Files := $(Nsgx_App_Cpp_Files) App/sgx_utils/sgx_utils.cpp App_Include_Paths := -IApp -I$(SGX_SDK)/include $(Salticidae_Include_Paths) App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
07-12
这部分代码定义了一些变量和规则,用于编译非SGX相关的文件。 首先,使用`wildcard`函数获取`App`目录下的所有`.cpp`文件,并将结果保存在`Nsgx_App_Cpp_Files`变量中。然后使用`filter-out`函数将特定的文件(`App/test.cpp`, `App/foo.cpp`, `App/Start.cpp`, `App/App.cpp`, `App/Keys.cpp`, `App/Client.cpp`, `App/Server.cpp`)从`Nsgx_App_Cpp_Files`中过滤掉。 接下来,定义了一个包含SGX文件的变量,将之前过滤得到的`Nsgx_App_Cpp_Files`和`App/sgx_utils/sgx_utils.cpp`文件合并在一起。 然后,定义了一个包含头文件路径的变量,包括`App`目录和指定的SGX SDK目录的include路径。 最后,定义了一个包含编译标志的变量,其中包括SGX公共编译标志、-fPIC标志、禁用某些属性的警告标志和之前定义的头文件路径。 这部分代码的作用是为非SGX相关的文件提供编译所需的文件列表和编译标志。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值