optee, openenclave: added custom key path parameter

optee, openenclave: added yubikey option to hosts optee, openenclave: added random shared secret for totp optee, openenclave: updated yubikey to optional if auth token is supplied optee, openenclave: updated totp to optional if password is supplied optee, openenclave: updated totp check from string to integer optee, openenclave: updated to confirm password optee: updated delegate key to store and export extended key optee: updated host to prompt as necessary and removed option openenclave: added password as mnemonic passphrase openenclave: added auth token option to host and parameter to enclave openenclave: added oeseal_gcmaes for enclave sealing openenclave: added data_t and updated enclave parameters openenclave: removed simulated oe_seal_wrap and oe_unseal_wrap header: added utils for hex/bin conversion ci: removed patches now applied during make or un-necessary ci: updated to OP-TEE repo and branch to master ci: updated to build libdogecoin separately for host and enclave doc: updated enclaves.md
dogecoinfoundation · Jan 14, 2025 · cde8a01 · cde8a01
1 parent b00701a
commit cde8a01
Show file tree

Hide file tree

Showing 13 changed files with 884 additions and 743 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -383,16 +383,13 @@ jobs:
                     curl https://storage.googleapis.com/git-repo-downloads/repo > /bin/repo && chmod a+x /bin/repo && \
                     mkdir -p optee && \
                     cd optee && \
-                    repo init -u https://github.com/edtubbs/manifest.git -m nanopc-t6.xml -b nanopc-t6 && \
+                    repo init -u https://github.com/OP-TEE/manifest.git -m nanopc-t6.xml -b master && \
                     export FORCE_UNSAFE_CONFIGURE=1 && \
                     repo sync -j\"$(getconf _NPROCESSORS_ONLN)\" && \
                     if [[ "${{ github.ref }}" == refs/tags/* ]]; then \
                       mv /src/rsa_private.pem /src/optee/optee_os/keys/default_ta.pem; \
                     fi && \
                     patch -F 4 /src/optee/build/common.mk < /src/src/optee/common.mk.patch && \
-                    patch /src/optee/build/kconfigs/qemu.conf < /src/src/optee/qemu.conf.patch && \
-                    patch /src/optee/linux/arch/arm64/boot/dts/rockchip/rk3588-nanopi6-common.dtsi < /src/src/optee/rk3588-nanopi6-common.dtsi.patch && \
-                    patch /src/optee/u-boot/include/configs/nanopi6.h < /src/src/optee/nanopi6.h.patch && \
                     cd build && \
                     make toolchains -j\"$(getconf _NPROCESSORS_ONLN)\" && \
                     export CFG_TEE_CORE_LOG_LEVEL=0 && \
@@ -451,22 +448,28 @@ jobs:
                     export PATH=/src/optee/toolchains/aarch64/bin:$PATH && \
                     export CC=aarch64-linux-gnu-gcc && \
 
-                    # Run the libdogecoin TA
-                    cd /src/src/optee/host && \
-                    make -j"$(getconf _NPROCESSORS_ONLN)" \
-                      CROSS_COMPILE=aarch64-linux-gnu- \
-                      LDFLAGS=\"-L/src/optee/toolchains/aarch64/lib -L/src/depends/aarch64-linux-gnu/lib -ldogecoin -lunistring\" \
-                      CFLAGS=\"-I/src/optee/toolchains/aarch64/include -I/src/src/optee/ta/include -I/src/depends/aarch64-linux-gnu/include -I/src/depends/aarch64-linux-gnu/include/ykpers-1 -I/src/depends/aarch64-linux-gnu/include/dogecoin\" && \
-
                     # Build the Trusted Application
-                    cd ../ta && \
+                    cd /src/src/optee/ta && \
                     make -j"$(getconf _NPROCESSORS_ONLN)" \
                       CROSS_COMPILE=aarch64-linux-gnu- \
                       LDFLAGS=\"-L/src/depends/aarch64-linux-gnu/lib -ldogecoin -lunistring\" \
                       CFLAGS=\"-I/src/depends/aarch64-linux-gnu/include -I/src/depends/aarch64-linux-gnu/include/dogecoin\" \
                       PLATFORM=vexpress-qemu_armv8a \
                       TA_DEV_KIT_DIR=/src/optee/optee_os/out/arm/export-ta_arm64 && \
 
+                    # Build libdogecoin for Host
+                    cd /src/ && \
+                    ./configure --prefix=/src/depends/aarch64-linux-gnu LIBS=-levent_pthreads --enable-static --disable-shared --enable-test-passwd HOST=aarch64-linux-gnu && \
+                    make -j 4 && \
+                    make install && \
+
+                    # Run the libdogecoin TA
+                    cd /src/src/optee/host && \
+                    make -j"$(getconf _NPROCESSORS_ONLN)" \
+                      CROSS_COMPILE=aarch64-linux-gnu- \
+                      LDFLAGS=\"-L/src/optee/toolchains/aarch64/lib -L/src/depends/aarch64-linux-gnu/lib -ldogecoin -lunistring\" \
+                      CFLAGS=\"-I/src/optee/toolchains/aarch64/include -I/src/src/optee/ta/include -I/src/depends/aarch64-linux-gnu/include -I/src/depends/aarch64-linux-gnu/include/ykpers-1 -I/src/depends/aarch64-linux-gnu/include/dogecoin\" && \
+
                     # Create symbolic links and prepare image
                     mkdir -p /src/optee/out/bin && \
                     cd /src/optee/out/bin && \
@@ -496,6 +499,10 @@ jobs:
               elif ([ "${{ matrix.name }}" == "x86_64-linux-openenclave" ]); then
                 make install && \
                 mkdir -p src/openenclave/build && \
+                make -j 4 -C depends HOST=x86_64-pc-linux-gnu/host && \
+                ./configure --prefix=${{ github.workspace }}/depends/x86_64-pc-linux-gnu/host --enable-test-passwd && \
+                make && \
+                make install && \
                 if [[ "${{ github.ref }}" == refs/tags/* ]]; then
                   printf "%s" "${{ secrets.OE_PRIVATE_PEM }}" > src/openenclave/build/private.pem && \
                   openssl rsa -pubout -in src/openenclave/build/private.pem -out src/openenclave/build/public.pem; \