From e1a6ff2de00001aa14fd2dededf01ed2e694046a Mon Sep 17 00:00:00 2001 From: Ed Tubbs Date: Tue, 14 Jan 2025 17:35:47 +0000 Subject: [PATCH] ci: update to build libdogecoin seperate for host and enclave --- .github/workflows/ci.yml | 30 +++++++++++++++++++---------- doc/enclaves.md | 22 ++++++++++++++++----- src/openenclave/host/CMakeLists.txt | 4 ++-- 3 files changed, 39 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index adf6643ce..518cbd759 100755 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -383,7 +383,7 @@ jobs: curl https://storage.googleapis.com/git-repo-downloads/repo > /bin/repo && chmod a+x /bin/repo && \ mkdir -p optee && \ cd optee && \ - repo init -u https://github.com/OP-TEE/manifest.git -m nanopc-t6.xml -b master && \ + repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml -b 4.2.0 && \ export FORCE_UNSAFE_CONFIGURE=1 && \ repo sync -j\"$(getconf _NPROCESSORS_ONLN)\" && \ if [[ "${{ github.ref }}" == refs/tags/* ]]; then \ @@ -433,7 +433,7 @@ jobs: --subkey-version 1 && \ # Build and test the OP-TEE OS and client - make -j\"$(getconf _NPROCESSORS_ONLN)\" && \ + make -j\"$(getconf _NPROCESSORS_ONLN)\" check && \ cd /src && \ git clone https://github.com/OP-TEE/optee_client.git && \ cd optee_client && \ @@ -448,15 +448,8 @@ jobs: export PATH=/src/optee/toolchains/aarch64/bin:$PATH && \ export CC=aarch64-linux-gnu-gcc && \ - # Run the libdogecoin TA - cd /src/src/optee/host && \ - make -j"$(getconf _NPROCESSORS_ONLN)" \ - CROSS_COMPILE=aarch64-linux-gnu- \ - LDFLAGS=\"-L/src/optee/toolchains/aarch64/lib -L/src/depends/aarch64-linux-gnu/lib -ldogecoin -lunistring\" \ - CFLAGS=\"-I/src/optee/toolchains/aarch64/include -I/src/src/optee/ta/include -I/src/depends/aarch64-linux-gnu/include -I/src/depends/aarch64-linux-gnu/include/ykpers-1 -I/src/depends/aarch64-linux-gnu/include/dogecoin\" && \ - # Build the Trusted Application - cd ../ta && \ + cd /src/src/optee/ta && \ make -j"$(getconf _NPROCESSORS_ONLN)" \ CROSS_COMPILE=aarch64-linux-gnu- \ LDFLAGS=\"-L/src/depends/aarch64-linux-gnu/lib -ldogecoin -lunistring\" \ @@ -464,6 +457,19 @@ jobs: PLATFORM=vexpress-qemu_armv8a \ TA_DEV_KIT_DIR=/src/optee/optee_os/out/arm/export-ta_arm64 && \ + # Build libdogecoin for Host + cd /src/ && \ + ./configure --prefix=/src/depends/aarch64-linux-gnu LIBS=-levent_pthreads --enable-static --disable-shared --enable-test-passwd HOST=aarch64-linux-gnu && \ + make -j 4 && \ + make install && \ + + # Run the libdogecoin TA + cd /src/src/optee/host && \ + make -j"$(getconf _NPROCESSORS_ONLN)" \ + CROSS_COMPILE=aarch64-linux-gnu- \ + LDFLAGS=\"-L/src/optee/toolchains/aarch64/lib -L/src/depends/aarch64-linux-gnu/lib -ldogecoin -lunistring\" \ + CFLAGS=\"-I/src/optee/toolchains/aarch64/include -I/src/src/optee/ta/include -I/src/depends/aarch64-linux-gnu/include -I/src/depends/aarch64-linux-gnu/include/ykpers-1 -I/src/depends/aarch64-linux-gnu/include/dogecoin\" && \ + # Create symbolic links and prepare image mkdir -p /src/optee/out/bin && \ cd /src/optee/out/bin && \ @@ -491,6 +497,10 @@ jobs: umount /src/optee/out-br/mnt && \ exit" elif ([ "${{ matrix.name }}" == "x86_64-linux-openenclave" ]); then + make install && \ + make -j 4 -C depends HOST=x86_64-pc-linux-gnu/host && \ + ./configure --prefix=/src/depends/x86_64-pc-linux-gnu/host --enable-test-passwd && \ + make && \ make install && \ mkdir -p src/openenclave/build && \ if [[ "${{ github.ref }}" == refs/tags/* ]]; then diff --git a/doc/enclaves.md b/doc/enclaves.md index 6619fd3c4..9c5408cad 100644 --- a/doc/enclaves.md +++ b/doc/enclaves.md @@ -272,7 +272,7 @@ docker run -v "$(pwd):/src" -w /src jforissier/optee_os_ci:qemu_check /bin/bash ### Building OP-TEE SDK and Client (QEMU ARMv8) -This command builds the SDK (version 3.22.0) and client for ARMv8 QEMU emulation (qemu_v8.xml). For other platforms, change the manifest file in the `repo init` command accordingly. Replace `3.22.0` with the desired version and `qemu_v8.xml` with the desired platform. Refer to the [OP-TEE documentation](https://optee.readthedocs.io/en/latest/building/index.html) for more information. +This command builds the SDK (version 4.2.0) and client for ARMv8 QEMU emulation (qemu_v8.xml). For other platforms, change the manifest file in the `repo init` command accordingly. Replace `4.2.0` with the desired version and `qemu_v8.xml` with the desired platform. Refer to the [OP-TEE documentation](https://optee.readthedocs.io/en/latest/building/index.html) for more information. An RSA private key is generated and overwrites the default Trusted Application (TA) key. This key is used to sign the enclave binaries during development. In the Continuous Integration (CI) environment, an Actions secret is used. Subkeys are generated for testing purposes but are not used to sign the enclave binaries. @@ -287,7 +287,7 @@ docker run -v "$(pwd):/src" -w /src jforissier/optee_os_ci:qemu_check /bin/bash curl https://storage.googleapis.com/git-repo-downloads/repo > /bin/repo && chmod a+x /bin/repo && \ mkdir -p optee && \ cd optee && \ - repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml -b master + repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml -b 4.2.0 export FORCE_UNSAFE_CONFIGURE=1 && \ repo sync -j 4 --force-sync && \ patch -N -F 4 /src/optee/build/common.mk < /src/src/optee/common.mk.patch && \ @@ -340,7 +340,7 @@ docker run -v "$(pwd):/src" -w /src jforissier/optee_os_ci:qemu_check /bin/bash # Build and test the OP-TEE OS and client make -j 4 check cd /src && \ - git clone https://github.com/OP-TEE/optee_client.git && \ + [ ! -d optee_client ] && git clone https://github.com/OP-TEE/optee_client.git && \ cd optee_client && \ mkdir -p build && \ cd build && \ @@ -361,9 +361,10 @@ docker run --privileged -v "$(pwd):/src" -w /src jforissier/optee_os_ci:qemu_che apt-get update && \ apt-get install -y autoconf automake libtool-bin build-essential curl python3 valgrind g++-aarch64-linux-gnu qemu-user-static qemu-user && \ + # Build libdogecoin for Host make -j 4 -C depends HOST=aarch64-linux-gnu && \ ./autogen.sh && \ - ./configure --prefix=/src/depends/aarch64-linux-gnu LIBS=-levent_pthreads --enable-static --disable-shared --enable-test-passwd --enable-optee CFLAGS=-U_FORTIFY_SOURCE HOST=aarch64-linux-gnu && \ + ./configure --prefix=/src/depends/aarch64-linux-gnu LIBS=-levent_pthreads --enable-static --disable-shared --enable-test-passwd HOST=aarch64-linux-gnu && \ make -j 4 && \ make install && \ @@ -377,8 +378,14 @@ docker run --privileged -v "$(pwd):/src" -w /src jforissier/optee_os_ci:qemu_che LDFLAGS=\"-L/src/optee/toolchains/aarch64/lib -L/src/depends/aarch64-linux-gnu/lib -ldogecoin -lunistring\" \ CFLAGS=\"-I/src/optee/toolchains/aarch64/include -I/src/src/optee/ta/include -I/src/depends/aarch64-linux-gnu/include -I/src/depends/aarch64-linux-gnu/include/ykpers-1 -I/src/depends/aarch64-linux-gnu/include/dogecoin\" && \ + # Build libdogecoin for OP-TEE + cd /src/ && \ + ./configure --prefix=/src/depends/aarch64-linux-gnu LIBS=-levent_pthreads --enable-static --disable-shared --enable-test-passwd --enable-optee CFLAGS=-U_FORTIFY_SOURCE HOST=aarch64-linux-gnu && \ + make -j 4 && \ + make install && \ + # Build the Enclave - cd ../ta && \ + cd /src/src/optee/ta && \ make -j 4 \ CROSS_COMPILE=aarch64-linux-gnu- \ LDFLAGS=\"-L/src/depends/aarch64-linux-gnu/lib -ldogecoin -lunistring\" \ @@ -513,11 +520,16 @@ docker run --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provisio apt-get install -y autoconf automake libtool-bin build-essential curl python3 valgrind python3-dev python3-dbg pkg-config && \ cd /src && \ make -j 4 -C depends HOST=x86_64-pc-linux-gnu && \ + make -j 4 -C depends HOST=x86_64-pc-linux-gnu/host && \ ./autogen.sh && \ ./configure --prefix=/src/depends/x86_64-pc-linux-gnu --enable-openenclave --enable-test-passwd CFLAGS=-U_FORTIFY_SOURCE && \ make && \ make install && \ + ./configure --prefix=/src/depends/x86_64-pc-linux-gnu/host --enable-test-passwd && \ + make && \ + make install && \ + # Set up the OpenEnclave environment and build the enclave apt-get install -y wget gnupg2 cmake && \ echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ diff --git a/src/openenclave/host/CMakeLists.txt b/src/openenclave/host/CMakeLists.txt index 8c18e22cf..51b253a55 100644 --- a/src/openenclave/host/CMakeLists.txt +++ b/src/openenclave/host/CMakeLists.txt @@ -18,9 +18,9 @@ endif () target_include_directories( host PRIVATE # Needed for the generated file libdogecoin_u.h - ${CMAKE_CURRENT_BINARY_DIR} /usr/local/include /usr/local/include/dogecoin /usr/include/ykpers-1 ${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/include/ ${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/include/dogecoin/ ${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/include/ykpers-1 ${CMAKE_SOURCE_DIR}/../../src/libevent/build/include) + ${CMAKE_CURRENT_BINARY_DIR} /usr/local/include /usr/local/include/dogecoin /usr/include/ykpers-1 ${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/host/include/ ${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/host/include/dogecoin/ ${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/host/include/ykpers-1 ${CMAKE_SOURCE_DIR}/../../src/libevent/build/include) # Add search paths to find the enclave libraries. -target_link_directories(host PRIVATE ${CMAKE_SOURCE_DIR}../../ ${CMAKE_SOURCE_DIR}/../../src/libevent/build/lib ${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/lib) +target_link_directories(host PRIVATE ${CMAKE_SOURCE_DIR}../../ ${CMAKE_SOURCE_DIR}/../../src/libevent/build/lib ${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/host/lib) target_link_libraries(host openenclave::oehost "libdogecoin.a" "libevent.a" "libunistring.a" "libykpers-1.so" "libyubikey.so" "libusb-1.0.so")