diff --git a/Makefile.psw_dcap b/Makefile.psw_dcap index c180e2b77..8fc09aca7 100644 --- a/Makefile.psw_dcap +++ b/Makefile.psw_dcap @@ -64,19 +64,11 @@ ippcp: $(MAKE) -C external/ippcp_internal/ sdk: ippcp - $(MAKE) -C sdk/ MITIGATION-CVE-2020-0551=LOAD - $(MAKE) -C sdk/ clean - $(MAKE) -C sdk/ MITIGATION-CVE-2020-0551=CF - $(MAKE) -C sdk/ clean $(MAKE) -C sdk/ - $(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl MITIGATION-CVE-2020-0551=LOAD - $(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl MITIGATION-CVE-2020-0551=CF clean - $(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl MITIGATION-CVE-2020-0551=CF - $(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl clean $(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl install_sdk: sdk - ./linux/installer/bin/build-installpkg.sh sdk cve-2020-0551 + ./linux/installer/bin/build-installpkg.sh sdk ifeq ($(call DIR_EXISTS,$(SGX_SDK)),) ./linux/installer/bin/sgx_linux_x64_sdk_*.bin --prefix=$(dir $(SGX_SDK)) endif diff --git a/Makefile.psw_tdx b/Makefile.psw_tdx index 1fc8c144b..2b51d70df 100644 --- a/Makefile.psw_tdx +++ b/Makefile.psw_tdx @@ -63,19 +63,11 @@ endif ippcp: $(MAKE) -C external/ippcp_internal/ sdk: ippcp - $(MAKE) -C sdk/ MITIGATION-CVE-2020-0551=LOAD - $(MAKE) -C sdk/ clean - $(MAKE) -C sdk/ MITIGATION-CVE-2020-0551=CF - $(MAKE) -C sdk/ clean $(MAKE) -C sdk/ - $(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl MITIGATION-CVE-2020-0551=LOAD - $(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl MITIGATION-CVE-2020-0551=CF clean - $(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl MITIGATION-CVE-2020-0551=CF - $(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl clean $(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl install_sdk: sdk - ./linux/installer/bin/build-installpkg.sh sdk cve-2020-0551 + ./linux/installer/bin/build-installpkg.sh sdk ifeq ($(call DIR_EXISTS,$(SGX_SDK)),) ./linux/installer/bin/sgx_linux_x64_sdk_*.bin --prefix=$(dir $(SGX_SDK)) endif diff --git a/README.md b/README.md index 1acc18c9e..b89b31f6c 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,8 @@ Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package - Use the following command(s) to install the required tools to build the Intel(R) SGX SDK: * On Ubuntu 18.04 and Debian 10: ``` - $ sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python libssl-dev git cmake perl + $ sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python3 libssl-dev git cmake perl + $ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1 ``` * On Ubuntu 20.04 and Ubuntu 22.04: ``` @@ -111,25 +112,26 @@ Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package * On Red Hat Enterprise Linux 8.6: ``` $ sudo yum groupinstall 'Development Tools' - $ sudo yum install ocaml ocaml-ocamlbuild wget python2 openssl-devel git cmake perl - $ sudo alternatives --set python /usr/bin/python2 + $ sudo yum install ocaml ocaml-ocamlbuild wget python3 openssl-devel git cmake perl + $ sudo alternatives --set python /usr/bin/python3 ``` * On CentOS Stream 8 and CentOS 8.3: ``` $ sudo dnf group install 'Development Tools' - $ sudo dnf --enablerepo=powertools install ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget rpm-build git cmake perl python2 - $ sudo alternatives --set python /usr/bin/python2 + $ sudo dnf --enablerepo=powertools install ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget rpm-build git cmake perl python3 + $ sudo alternatives --set python /usr/bin/python3 ``` * On Anolis 8.6: ``` $ sudo dnf group install 'Development Tools' - $ sudo dnf --enablerepo=PowerTools install ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget rpm-build git cmake perl python2 - $ sudo alternatives --set python /usr/bin/python2 + $ sudo dnf --enablerepo=PowerTools install ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget rpm-build git cmake perl python3 + $ sudo alternatives --set python /usr/bin/python3 ``` * On SUSE Linux Enterprise Server 15.4: ``` $ sudo zypper install --type pattern devel_basis - $ sudo zypper install ocaml ocaml-ocamlbuild automake autoconf libtool wget python libopenssl-devel rpm-build git cmake perl + $ sudo zypper install ocaml ocaml-ocamlbuild automake autoconf libtool wget python3 libopenssl-devel rpm-build git cmake perl + $ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1 ``` **Note**: To build Intel(R) SGX SDK, gcc version is required to be 7.3 or above and glibc version is required to be 2.27 or above. - Use the following command to install additional required tools and latest Intel(R) SGX SDK Installer to build the Intel(R) SGX PSW: @@ -140,19 +142,19 @@ Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package ``` * On Ubuntu 20.04 and Ubuntu 22.04: ``` - $ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev debhelper cmake reprepro unzip pkgconf libboost-dev libboost-system-dev libboost-thread-dev protobuf-c-compiler libprotobuf-c-dev lsb-release libsystemd0 + $ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev debhelper cmake reprepro unzip pkgconf libboost-dev libboost-system-dev libboost-thread-dev lsb-release libsystemd0 ``` * On Red Hat Enterprise Linux 8.6: ``` - $ sudo yum install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils pkgconf boost-devel protobuf-lite-devel protobuf-c-compiler protobuf-c-devel systemd-libs + $ sudo yum install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils pkgconf boost-devel protobuf-lite-devel systemd-libs ``` * On CentOS Stream 8 and CentOS 8.3: ``` - $ sudo dnf --enablerepo=powertools install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils pkgconf boost-devel protobuf-lite-devel protobuf-c-compiler protobuf-c-devel systemd-libs + $ sudo dnf --enablerepo=powertools install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils pkgconf boost-devel protobuf-lite-devel systemd-libs ``` * On Anolis 8.6: ``` - $ sudo dnf --enablerepo=PowerTools install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils pkgconf boost-devel protobuf-lite-devel protobuf-c-compiler protobuf-c-devel systemd-libs + $ sudo dnf --enablerepo=PowerTools install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils pkgconf boost-devel protobuf-lite-devel systemd-libs ``` * On SUSE Linux Enterprise Server 15.4: ``` @@ -343,24 +345,26 @@ Install the Intel(R) SGX SDK * Anolis OS 8.6 64bits * Debian 10 64bits - Use the following command to install the required tool to use Intel(R) SGX SDK: - * On Ubuntu 18.04, Ubuntu 20.04 and Debian 10: + * On Ubuntu 18.04 and Debian 10: ``` - $ sudo apt-get install build-essential python + $ sudo apt-get install build-essential python3 + $ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1 ``` - * On Ubuntu 22.04: + * On Ubuntu 20.04 and Ubuntu 22.04: ``` - $ sudo apt-get install build-essential python2 + $ sudo apt-get install build-essential python-is-python3 ``` * On Red Hat Enterprise Linux 8.6, CentOS Stream 8, CentOS 8.3 and Anolis OS 8.6: ``` $ sudo yum groupinstall 'Development Tools' - $ sudo yum install python2 - $ sudo alternatives --set python /usr/bin/python2 + $ sudo yum install python3 + $ sudo alternatives --set python /usr/bin/python3 ``` * On SUSE Linux Enterprise Server 15.4: ``` $ sudo zypper install --type pattern devel_basis - $ sudo zypper install python + $ sudo zypper install python3 + $ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1 ``` ### Install the Intel(R) SGX SDK @@ -403,6 +407,13 @@ See the later topic, *Install Intel(R) SGX PSW*, for information on how to insta $ ./app ``` Use similar commands for other code samples. + **Note:** On Ubuntu 22.04 or any distro with systemd v248 or later, /dev/sgx_enclave is only accessible by users in the group "sgx". The enclave app should be run with a uid in the sgx group. + ``` + # check systemd version: + $ systemctl --version + # add sgx group to user if it's 248 or above: + $ sudo usermod -a -G sgx + ``` Install the Intel(R) SGX PSW diff --git a/SampleCode/Cxx11SGXDemo/App/App.h b/SampleCode/Cxx11SGXDemo/App/App.h index 9c0ac2e8b..9d1cbe465 100644 --- a/SampleCode/Cxx11SGXDemo/App/App.h +++ b/SampleCode/Cxx11SGXDemo/App/App.h @@ -49,7 +49,6 @@ #endif #if defined(__GNUC__) -# define TOKEN_FILENAME "enclave.token" # define ENCLAVE_FILENAME "enclave.signed.so" #endif diff --git a/SampleCode/Cxx14SGXDemo/App/App.h b/SampleCode/Cxx14SGXDemo/App/App.h index 9c0ac2e8b..9d1cbe465 100644 --- a/SampleCode/Cxx14SGXDemo/App/App.h +++ b/SampleCode/Cxx14SGXDemo/App/App.h @@ -49,7 +49,6 @@ #endif #if defined(__GNUC__) -# define TOKEN_FILENAME "enclave.token" # define ENCLAVE_FILENAME "enclave.signed.so" #endif diff --git a/SampleCode/Cxx17SGXDemo/App/App.h b/SampleCode/Cxx17SGXDemo/App/App.h index 9c0ac2e8b..9d1cbe465 100644 --- a/SampleCode/Cxx17SGXDemo/App/App.h +++ b/SampleCode/Cxx17SGXDemo/App/App.h @@ -49,7 +49,6 @@ #endif #if defined(__GNUC__) -# define TOKEN_FILENAME "enclave.token" # define ENCLAVE_FILENAME "enclave.signed.so" #endif diff --git a/SampleCode/ProtobufSGXDemo/App/App.h b/SampleCode/ProtobufSGXDemo/App/App.h index 9c0ac2e8b..9d1cbe465 100644 --- a/SampleCode/ProtobufSGXDemo/App/App.h +++ b/SampleCode/ProtobufSGXDemo/App/App.h @@ -49,7 +49,6 @@ #endif #if defined(__GNUC__) -# define TOKEN_FILENAME "enclave.token" # define ENCLAVE_FILENAME "enclave.signed.so" #endif diff --git a/SampleCode/ProtobufSGXDemo/Enclave/person.proto b/SampleCode/ProtobufSGXDemo/Enclave/person.proto index 17d536820..96d25fc94 100644 --- a/SampleCode/ProtobufSGXDemo/Enclave/person.proto +++ b/SampleCode/ProtobufSGXDemo/Enclave/person.proto @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + package lm; message Person { diff --git a/SampleCode/SampleAttestedTLS/README.md b/SampleCode/SampleAttestedTLS/README.md index ccf454b1b..25fc61b9f 100644 --- a/SampleCode/SampleAttestedTLS/README.md +++ b/SampleCode/SampleAttestedTLS/README.md @@ -122,6 +122,7 @@ Note: running in this sample. The project has a pre-preparation script - prepare_sgxssl.sh to prepare the SgxSSL libraries and link to them in the Makefile. + Note that script "prepare_sgxssl.sh" requires git installed and configured. - Limitation: No Simulation mode is supported. ### Running attested TLS server in loop diff --git a/SampleCode/SampleAttestedTLS/prepare_sgxssl.sh b/SampleCode/SampleAttestedTLS/prepare_sgxssl.sh index bbbe064d8..62929e783 100755 --- a/SampleCode/SampleAttestedTLS/prepare_sgxssl.sh +++ b/SampleCode/SampleAttestedTLS/prepare_sgxssl.sh @@ -35,9 +35,9 @@ project_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" echo "project_dir is $project_dir" sgxssl_dir=$project_dir/sgxssl openssl_out_dir=$sgxssl_dir/openssl_source -openssl_ver_name=openssl-1.1.1q -sgxssl_github_archive=https://github.com/01org/intel-sgx-ssl/archive -sgxssl_file_name=support_tls_lin_1.1.1q +openssl_ver_name=openssl-1.1.1t +intel_sgx_ssl_url=https://github.com/intel/intel-sgx-ssl +support_tls_branch=support_tls build_script=$sgxssl_dir/Linux/build_openssl.sh server_url_path=https://www.openssl.org/source full_openssl_url=$server_url_path/$openssl_ver_name.tar.gz @@ -56,22 +56,10 @@ if [ $debug == true ] ; then read -n 1 -p "download souce code only, because we need to build ourselves" fi -openssl_chksum=d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca -sgxssl_chksum=0ab6f62bda33e760422d502ba4812d058e50516ebb82e6c7713c78f580a7d622 -rm -f check_sum_openssl.txt check_sum_sgxssl.txt +openssl_chksum=8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b +rm -f check_sum_openssl.txt if [ ! -f $build_script ]; then - wget $sgxssl_github_archive/$sgxssl_file_name.zip -P $sgxssl_dir/ || exit 1 - sha256sum $sgxssl_dir/$sgxssl_file_name.zip > $sgxssl_dir/check_sum_sgxssl.txt - grep $sgxssl_chksum $sgxssl_dir/check_sum_sgxssl.txt - if [ $? -ne 0 ]; then - echo "File $sgxssl_dir/$sgxssl_file_name.zip checksum failure" - rm -f $sgxssl_dir/$sgxssl_file_name.zip - exit -1 - fi - unzip -qq $sgxssl_dir/$sgxssl_file_name.zip -d $sgxssl_dir/ || exit 1 - mv $sgxssl_dir/intel-sgx-ssl-$sgxssl_file_name/* $sgxssl_dir/ || exit 1 - rm $sgxssl_dir/$sgxssl_file_name.zip || exit 1 - rm -rf $sgxssl_dir/intel-sgx-ssl-$sgxssl_file_name || exit 1 + git clone $intel_sgx_ssl_url -b $support_tls_branch $sgxssl_dir || exit 1 fi if [ ! -f $openssl_out_dir/$openssl_ver_name.tar.gz ]; then diff --git a/SampleCode/SampleAttestedTLS/server_tdx/Makefile b/SampleCode/SampleAttestedTLS/server_tdx/Makefile new file mode 100644 index 000000000..f640f69ca --- /dev/null +++ b/SampleCode/SampleAttestedTLS/server_tdx/Makefile @@ -0,0 +1,41 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + +include ../sgxenv.mk + +all: server + +server: + $(CXX) -c -DTDX_ENV -DCLIENT_USE_QVL $(App_Cpp_Flags) server.cpp openssl_server.cpp ../common/verify_callback.cpp ../common/utility.cpp ../common/openssl_utility.cpp ../common/err_msg.cpp + $(CXX) -o tls_server server.o openssl_server.o verify_callback.o utility.o openssl_utility.o err_msg.o $(App_Link_Flags) -lssl -ltdx_tls -lsgx_dcap_quoteverify -l:libtdx_attest.so.1 + +clean: + rm -f tls_server *.o diff --git a/SampleCode/SampleAttestedTLS/server_tdx/openssl_server.cpp b/SampleCode/SampleAttestedTLS/server_tdx/openssl_server.cpp new file mode 100644 index 000000000..6a3ca15e1 --- /dev/null +++ b/SampleCode/SampleAttestedTLS/server_tdx/openssl_server.cpp @@ -0,0 +1,238 @@ +/** +* +* MIT License +* +* Copyright (c) Open Enclave SDK contributors. +* +* Permission is hereby granted, free of charge, to any person obtaining a copy +* of this software and associated documentation files (the "Software"), to deal +* in the Software without restriction, including without limitation the rights +* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +* copies of the Software, and to permit persons to whom the Software is +* furnished to do so, subject to the following conditions: +* +* The above copyright notice and this permission notice shall be included in all +* copies or substantial portions of the Software. +* +* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +* SOFTWARE +* +*/ + +#include +#include +#include +#include +#include +#include +#include +#include "../common/openssl_utility.h" + +int set_up_tls_server(char* server_port, bool keep_server_up); + +int verify_callback(int preverify_ok, X509_STORE_CTX* ctx); + +int create_listener_socket(int port, int& server_socket) +{ + int ret = -1; + const int reuse = 1; + struct sockaddr_in addr; + addr.sin_family = AF_INET; + addr.sin_port = htons(port); + addr.sin_addr.s_addr = htonl(INADDR_ANY); + + server_socket = socket(AF_INET, SOCK_STREAM, 0); + if (server_socket < 0) + { + PRINT(TLS_SERVER "socket creation failed\n"); + goto exit; + } + + if (setsockopt( + server_socket, + SOL_SOCKET, + SO_REUSEADDR, + (const void*)&reuse, + sizeof(reuse)) < 0) + { + PRINT(TLS_SERVER "setsocket failed \n"); + goto exit; + } + + if (bind(server_socket, (struct sockaddr*)&addr, sizeof(addr)) < 0) + { + PRINT(TLS_SERVER "Unable to bind socket to the port\n"); + goto exit; + } + + if (listen(server_socket, 20) < 0) + { + PRINT(TLS_SERVER "Unable to open socket for listening\n"); + goto exit; + } + ret = 0; +exit: + return ret; +} + +int handle_communication_until_done( + int& server_socket_fd, + int& client_socket_fd, + SSL_CTX*& ssl_server_ctx, + SSL*& ssl_session, + bool keep_server_up) +{ + int ret = -1; + int test_error = 1; +waiting_for_connection_request: + + struct sockaddr_in addr; + uint len = sizeof(addr); + + // reset ssl_session and client_socket_fd to prepare for the new TLS + // connection + if (client_socket_fd > 0) + { + ret = close(client_socket_fd); + if (ret != 0) { + PRINT(TLS_SERVER "error closing client socket before starting a new TLS session.\n"); + goto exit; + } + } + SSL_free(ssl_session); + PRINT(TLS_SERVER " waiting for client connection\n"); + + client_socket_fd = accept(server_socket_fd, (struct sockaddr*)&addr, &len); + + if (client_socket_fd < 0) + { + PRINT(TLS_SERVER "Unable to accept the client request\n"); + goto exit; + } + + // create a new SSL structure for a connection + if ((ssl_session = SSL_new(ssl_server_ctx)) == nullptr) + { + PRINT(TLS_SERVER + "Unable to create a new SSL connection state object\n"); + goto exit; + } + + SSL_set_fd(ssl_session, client_socket_fd); + + // wait for a TLS/SSL client to initiate a TLS/SSL handshake + + PRINT(TLS_SERVER "initiating a passive connect SSL_accept\n"); + test_error = SSL_accept(ssl_session); + if (test_error <= 0) + { + PRINT(TLS_SERVER " SSL handshake failed, error(%d)(%d)\n", + test_error, SSL_get_error(ssl_session, test_error)); + goto exit; + } + + PRINT(TLS_SERVER "<---- Read from client:\n"); + if (read_from_session_peer( + ssl_session, CLIENT_PAYLOAD, CLIENT_PAYLOAD_SIZE) != 0) + { + PRINT(TLS_SERVER " Read from client failed\n"); + goto exit; + } + + PRINT(TLS_SERVER "<---- Write to client:\n"); + if (write_to_session_peer( + ssl_session, SERVER_PAYLOAD, strlen(SERVER_PAYLOAD)) != 0) + { + PRINT(TLS_SERVER " Write to client failed\n"); + goto exit; + } + + if (keep_server_up) + goto waiting_for_connection_request; + + ret = 0; +exit: + return ret; +} + +int set_up_tls_server(char* server_port, bool keep_server_up) +{ + int ret = 0; + int server_socket_fd; + int client_socket_fd = -1; + unsigned int server_port_number; + + X509* certificate = nullptr; + EVP_PKEY* pkey = nullptr; + SSL_CONF_CTX* ssl_confctx = SSL_CONF_CTX_new(); + + SSL_CTX* ssl_server_ctx = nullptr; + SSL* ssl_session = nullptr; + if ((ssl_server_ctx = SSL_CTX_new(TLS_server_method())) == nullptr) + { + PRINT(TLS_SERVER "unable to create a new SSL context\n"); + goto exit; + } + + if (initalize_ssl_context(ssl_confctx, ssl_server_ctx) != SGX_SUCCESS) + { + PRINT(TLS_SERVER "unable to create a initialize SSL context\n "); + goto exit; + } + SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER, &verify_callback); + + if (load_tls_certificates_and_keys(ssl_server_ctx, certificate, pkey) != 0) + { + PRINT(TLS_SERVER + " unable to load certificate and private key on the server\n "); + goto exit; + } + + server_port_number = (unsigned int)atoi(server_port); // convert to char* to int + if (create_listener_socket(server_port_number, server_socket_fd) != 0) + { + PRINT(TLS_SERVER " unable to create listener socket on the server\n "); + goto exit; + } + + // handle communication + ret = handle_communication_until_done( + server_socket_fd, + client_socket_fd, + ssl_server_ctx, + ssl_session, + keep_server_up); + if (ret != 0) + { + PRINT(TLS_SERVER "server communication error %d\n", ret); + goto exit; + } + +exit: + ret = close(client_socket_fd); // close the socket connections + if (ret != 0) + PRINT(TLS_SERVER "error closing client socket\n"); + ret = close(server_socket_fd); + if (ret != 0) + PRINT(TLS_SERVER "error closing server socket\n"); + + if (ssl_session) + { + SSL_shutdown(ssl_session); + SSL_free(ssl_session); + } + if (ssl_server_ctx) + SSL_CTX_free(ssl_server_ctx); + if (ssl_confctx) + SSL_CONF_CTX_free(ssl_confctx); + if (certificate) + X509_free(certificate); + if (pkey) + EVP_PKEY_free(pkey); + return (ret); +} diff --git a/SampleCode/SampleAttestedTLS/server_tdx/server.cpp b/SampleCode/SampleAttestedTLS/server_tdx/server.cpp new file mode 100644 index 000000000..0dd50b397 --- /dev/null +++ b/SampleCode/SampleAttestedTLS/server_tdx/server.cpp @@ -0,0 +1,92 @@ +/** +* +* MIT License +* +* Copyright (c) Open Enclave SDK contributors. +* +* Permission is hereby granted, free of charge, to any person obtaining a copy +* of this software and associated documentation files (the "Software"), to deal +* in the Software without restriction, including without limitation the rights +* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +* copies of the Software, and to permit persons to whom the Software is +* furnished to do so, subject to the following conditions: +* +* The above copyright notice and this permission notice shall be included in all +* copies or substantial portions of the Software. +* +* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +* SOFTWARE +* +*/ + +#include +#include + +#define LOOP_OPTION "-server-in-loop" + +int set_up_tls_server(char* server_port, bool keep_server_up); + +int main(int argc, const char* argv[]) +{ + int ret = 1; + char* server_port = NULL; + int keep_server_up = 0; // should be bool type, 0 false, 1 true + + /* Check argument count */ + if (argc != 2) + { + if (argc == 3) + { + if (strcmp(argv[2], LOOP_OPTION) != 0) + { + goto print_usage; + } + else + { + keep_server_up = 1; + goto read_port; + } + } + print_usage: + printf( + "Usage: %s -port: [%s]\n", + argv[0], + LOOP_OPTION); + return 1; + } + +read_port: + // read port parameter + { + char* option = (char*)"-port:"; + size_t param_len = 0; + param_len = strlen(option); + if (strncmp(argv[1], option, param_len) == 0) + { + server_port = (char*)(argv[1] + param_len); + } + else + { + fprintf(stderr, "Unknown option %s\n", argv[1]); + goto print_usage; + } + } + printf("server port = %s\n", server_port); + + printf("Host: calling setup_tls_server\n"); + ret = set_up_tls_server(server_port, keep_server_up); + if (ret != 0) + { + printf("Host: setup_tls_server failed\n"); + goto exit; + } + +exit: + printf("Host: %s \n", (ret == 0) ? "succeeded" : "failed"); + return ret; +} diff --git a/SampleCode/SampleAttestedTLS/sgx_socket/htonl.c b/SampleCode/SampleAttestedTLS/sgx_socket/htonl.c index 6622d16cc..38770dda4 100644 --- a/SampleCode/SampleAttestedTLS/sgx_socket/htonl.c +++ b/SampleCode/SampleAttestedTLS/sgx_socket/htonl.c @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #include #include diff --git a/SampleCode/SampleAttestedTLS/sgx_socket/htons.c b/SampleCode/SampleAttestedTLS/sgx_socket/htons.c index 03a3a1d59..534442cb9 100644 --- a/SampleCode/SampleAttestedTLS/sgx_socket/htons.c +++ b/SampleCode/SampleAttestedTLS/sgx_socket/htons.c @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #include #include diff --git a/SampleCode/SampleEnclave/App/App.h b/SampleCode/SampleEnclave/App/App.h index ec2de43c8..8b60023d9 100644 --- a/SampleCode/SampleEnclave/App/App.h +++ b/SampleCode/SampleEnclave/App/App.h @@ -49,7 +49,6 @@ # define FALSE 0 #endif -# define TOKEN_FILENAME "enclave.token" # define ENCLAVE_FILENAME "enclave.signed.so" extern sgx_enclave_id_t global_eid; /* global enclave id */ diff --git a/SampleCode/SampleEnclaveGMIPP/App/App.h b/SampleCode/SampleEnclaveGMIPP/App/App.h index 7779642e4..46afb20bf 100644 --- a/SampleCode/SampleEnclaveGMIPP/App/App.h +++ b/SampleCode/SampleEnclaveGMIPP/App/App.h @@ -49,7 +49,6 @@ # define FALSE 0 #endif -# define TOKEN_FILENAME "enclave.token" # define ENCLAVE_FILENAME "enclave.signed.so" extern sgx_enclave_id_t global_eid; /* global enclave id */ diff --git a/SampleCode/SampleEnclavePCL/App/App.cpp b/SampleCode/SampleEnclavePCL/App/App.cpp index 42d3c64bb..d0d9ad561 100644 --- a/SampleCode/SampleEnclavePCL/App/App.cpp +++ b/SampleCode/SampleEnclavePCL/App/App.cpp @@ -45,7 +45,6 @@ #define SEAL_FILENAME "Seal.signed.so" #define SEALED_KEY_FILE_NAME "sealed_key.bin" -#define TOKEN_FILENAME "enclave.token" /* Global EID shared by multiple threads */ sgx_enclave_id_t global_eid = 0; diff --git a/SampleCode/SampleEnclavePCL/App/App.h b/SampleCode/SampleEnclavePCL/App/App.h index 5261170c8..02299ebfa 100644 --- a/SampleCode/SampleEnclavePCL/App/App.h +++ b/SampleCode/SampleEnclavePCL/App/App.h @@ -49,7 +49,6 @@ # define FALSE 0 #endif -#define TOKEN_FILENAME "enclave.token" #define ENCLAVE_FILENAME "enclave.signed.so" #define SEAL_TOKEN_FILENAME "seal.token" #define SEAL_FILENAME "Seal.signed.so" diff --git a/SampleCode/Switchless/App/App.h b/SampleCode/Switchless/App/App.h index 9dfa8cb93..98157ab82 100644 --- a/SampleCode/Switchless/App/App.h +++ b/SampleCode/Switchless/App/App.h @@ -49,7 +49,6 @@ # define FALSE 0 #endif -# define TOKEN_FILENAME "enclave.token" # define ENCLAVE_FILENAME "enclave.signed.so" extern sgx_enclave_id_t global_eid; /* global enclave id */ diff --git a/common/inc/internal/se_version.h b/common/inc/internal/se_version.h index cda0763b3..c44d03d52 100644 --- a/common/inc/internal/se_version.h +++ b/common/inc/internal/se_version.h @@ -31,25 +31,25 @@ #ifndef _SE_VERSION_H_ #define _SE_VERSION_H_ -#define STRFILEVER "2.18.101.1" +#define STRFILEVER "2.19.100.3" #define SGX_MAJOR_VERSION 2 -#define SGX_MINOR_VERSION 18 -#define SGX_REVISION_VERSION 101 +#define SGX_MINOR_VERSION 19 +#define SGX_REVISION_VERSION 100 #define MAKE_VERSION_UINT(major,minor,rev) (((uint64_t)major)<<32 | ((uint64_t)minor) << 16 | rev) #define VERSION_UINT MAKE_VERSION_UINT(SGX_MAJOR_VERSION, SGX_MINOR_VERSION, SGX_REVISION_VERSION) -#define COPYRIGHT "Copyright (C) 2022 Intel Corporation" +#define COPYRIGHT "Copyright (C) 2023 Intel Corporation" -#define UAE_SERVICE_VERSION "2.3.217.1" -#define URTS_VERSION "2.0.101.1" -#define ENCLAVE_COMMON_VERSION "1.2.101.1" -#define LAUNCH_VERSION "1.0.119.1" -#define EPID_VERSION "1.0.119.1" -#define QUOTE_EX_VERSION "1.1.119.1" +#define UAE_SERVICE_VERSION "2.3.218.3" +#define URTS_VERSION "2.0.102.3" +#define ENCLAVE_COMMON_VERSION "1.2.102.3" +#define LAUNCH_VERSION "1.0.120.3" +#define EPID_VERSION "1.0.120.3" +#define QUOTE_EX_VERSION "1.1.120.3" -#define PCE_VERSION "1.17.100.2" -#define LE_VERSION "1.17.100.2" -#define QE_VERSION "1.17.100.2" -#define PVE_VERSION "1.17.100.2" +#define PCE_VERSION "1.19.100.1" +#define LE_VERSION "1.19.100.1" +#define QE_VERSION "1.19.100.1" +#define PVE_VERSION "1.19.100.1" #endif diff --git a/download_prebuilt.sh b/download_prebuilt.sh index 50050baac..76e528685 100755 --- a/download_prebuilt.sh +++ b/download_prebuilt.sh @@ -33,11 +33,11 @@ top_dir=`dirname $0` out_dir=$top_dir -optlib_name=optimized_libs_2.18.1.tar.gz -ae_file_name=prebuilt_ae_2.18.1.tar.gz +optlib_name=optimized_libs_2.19.tar.gz +ae_file_name=prebuilt_ae_2.19.tar.gz binutils_file_name=as.ld.objdump.r4.tar.gz -checksum_file=SHA256SUM_prebuilt_2.18.1.cfg -server_url_path=https://download.01.org/intel-sgx/sgx-linux/2.18.1 +checksum_file=SHA256SUM_prebuilt_2.19.cfg +server_url_path=https://download.01.org/intel-sgx/sgx-linux/2.19 server_optlib_url=$server_url_path/$optlib_name server_ae_url=$server_url_path/$ae_file_name server_binutils_url=$server_url_path/$binutils_file_name diff --git a/external/dcap_source b/external/dcap_source index 85cf8bdd3..71557c7d1 160000 --- a/external/dcap_source +++ b/external/dcap_source @@ -1 +1 @@ -Subproject commit 85cf8bdd393ab273a308be3f41d2f7cc25c0ec0c +Subproject commit 71557c7d1d869b6bd6f95566c051cbd098549509 diff --git a/external/ippcp_internal/Makefile b/external/ippcp_internal/Makefile index 74695903c..faea09734 100644 --- a/external/ippcp_internal/Makefile +++ b/external/ippcp_internal/Makefile @@ -61,17 +61,12 @@ else ifeq ($(MITIGATION-CVE-2020-0551), CF) endif OUT_DIR = lib/linux/$(ARCH)/$(SUB_DIR)/ -PATCH_LOG = $(shell cd ./$(IPP_SOURCE) && git log --oneline --grep='IPP crypto for SGX.' | cut -d' ' -f 5) -CHECK_PATCHED := - CHECK_SOURCE := -# For reproducibility build in docker, the code should be +# For reproducibility build in docker, the code should be # prepared before build. So skip the code check to avoid -# triggering network request +# triggering network request ifneq ($(origin NIX_STORE), environment) -ifneq ($(PATCH_LOG), SGX.) -CHECK_SOURCE:= ipp_source -endif +CHECK_SOURCE:= $(IPP_SOURCE)/build endif .PHONY: all build_ipp @@ -87,16 +82,16 @@ all: build_ipp build_ipp: $(CHECK_SOURCE) cd $(IPP_SOURCE) && $(PRE_CONFIG) cmake CMakeLists.txt $(IPP_CONFIG) && cd build && make ippcp_s -.PHONY: ipp_source -ipp_source: +$(IPP_SOURCE)/build: ifeq ($(shell git rev-parse --is-inside-work-tree), true) git submodule update -f --init --recursive --remote -- $(IPP_SOURCE) else $(RM) -rf $(IPP_SOURCE) git clone -b ippcp_2021.3 https://github.com/intel/ipp-crypto.git --depth 1 $(IPP_SOURCE) endif - cd $(IPP_SOURCE) && git am ../0001-IPP-crypto-for-SGX.patch + cd $(IPP_SOURCE) && git apply ../0001-IPP-crypto-for-SGX.patch + mkdir -p $(IPP_SOURCE)/build .PHONY: clean clean: - $(RM) -rf ipp-crypto/build + $(RM) -rf ipp-crypto/build/* diff --git a/external/sgx-emm/Makefile b/external/sgx-emm/Makefile index 7ff929043..ab644aa92 100644 --- a/external/sgx-emm/Makefile +++ b/external/sgx-emm/Makefile @@ -35,6 +35,8 @@ CPPFLAGS += -I$(EMM_DIR)/include \ -Wno-missing-braces \ -Wno-unused-parameter +EMMFLAGS := -mno-sse + C_Files := $(EMM_DIR)/bit_array.c \ $(EMM_DIR)/ema.c \ $(EMM_DIR)/emalloc.c \ @@ -60,7 +62,7 @@ $(LIB_NAME): $(CHECK_SOURCE) $(OBJS) $(AR) rcs $@ $(OBJS) $(OBJS): %.o: %.c - $(CC) -c $(COMMON_FLAGS) $(ENCLAVE_CFLAGS) $(CPPFLAGS) $< -o $@ + $(CC) -c $(COMMON_FLAGS) $(ENCLAVE_CFLAGS) $(CPPFLAGS) $(EMMFLAGS) $< -o $@ $(BUILD_DIR): @$(MKDIR) $@ @@ -70,7 +72,7 @@ ifeq ($(shell git rev-parse --is-inside-work-tree 2> /dev/null), true) git submodule update -f --init --recursive -- $(EMM_DIR) else $(RM) -rf $(EMM_DIR) - git clone -b sgx-emm-1.0.0 https://github.com/intel/sgx-emm.git --depth 1 $(EMM_DIR) + git clone -b sgx-emm-1.0.1 https://github.com/intel/sgx-emm.git --depth 1 $(EMM_DIR) endif clean: diff --git a/external/sgx-emm/emm_src b/external/sgx-emm/emm_src index 41a3ead0e..222b9d8cd 160000 --- a/external/sgx-emm/emm_src +++ b/external/sgx-emm/emm_src @@ -1 +1 @@ -Subproject commit 41a3ead0e350f255d82eb0f79a9f356816ea19ed +Subproject commit 222b9d8cd246809cc8da041241824b0d0469000f diff --git a/external/sgx-emm/ut/stub.c b/external/sgx-emm/ut/stub.c index d2839623a..8fe080d52 100644 --- a/external/sgx-emm/ut/stub.c +++ b/external/sgx-emm/ut/stub.c @@ -1,23 +1,31 @@ -/** +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. * - * INTEL CONFIDENTIAL - * Copyright(c) 2011-2017 Intel Corporation All Rights Reserved. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * The source code contained or described herein and all documents related to - * the source code ("Material") are owned by Intel Corporation or its suppliers - * or licensors. Title to the Material remains with Intel Corporation or its - * suppliers and licensors. The Material contains trade secrets and proprietary - * and confidential information of Intel or its suppliers and licensors. The - * Material is protected by worldwide copyright and trade secret laws and treaty - * provisions. No part of the Material may be used, copied, reproduced, modified, - * published, uploaded, posted, transmitted, distributed, or disclosed in any - * way without Intel's prior express written permission. + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. * - * No license under any patent, copyright, trade secret or other intellectual - * property right is granted to or conferred upon you by disclosure or delivery - * of the Materials, either expressly, by implication, inducement, estoppel or - * otherwise. Any license under such intellectual property rights must be - * express and approved by Intel(R) in writing. + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ diff --git a/external/sgxssl/prepare_sgxssl.sh b/external/sgxssl/prepare_sgxssl.sh index 7c9872ec9..4e2d9c919 100755 --- a/external/sgxssl/prepare_sgxssl.sh +++ b/external/sgxssl/prepare_sgxssl.sh @@ -32,16 +32,16 @@ top_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" openssl_out_dir=$top_dir/openssl_source -openssl_ver=1.1.1q +openssl_ver=1.1.1t openssl_ver_name=openssl-$openssl_ver sgxssl_github_archive=https://github.com/intel/intel-sgx-ssl/archive -sgxssl_file_name=lin_2.18_1.1.1q +sgxssl_file_name=lin_2.19_1.1.1t build_script=$top_dir/Linux/build_openssl.sh server_url_path=https://www.openssl.org/source full_openssl_url=$server_url_path/old/1.1.1/$openssl_ver_name.tar.gz -sgxssl_chksum=6c33d2178b6b01bdbb1f97804ae14aec13544b0cb45902a0906c20ef7b4032bc -openssl_chksum=d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca +sgxssl_chksum=bff5a9059911846e27447acb402c4690346abf46da8e1c26b66d406e8abb1588 +openssl_chksum=8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b rm -f check_sum_sgxssl.txt check_sum_openssl.txt if [ ! -f $build_script ]; then wget $sgxssl_github_archive/$sgxssl_file_name.zip -P $top_dir || exit 1 diff --git a/linux/installer/common/libsgx-headers/BOMs/libsgx-headers.txt b/linux/installer/common/libsgx-headers/BOMs/libsgx-headers.txt index a77cbcc3f..aede29d2c 100644 --- a/linux/installer/common/libsgx-headers/BOMs/libsgx-headers.txt +++ b/linux/installer/common/libsgx-headers/BOMs/libsgx-headers.txt @@ -4,10 +4,12 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /common/inc/sgx_eid.h /include/sgx_eid.h 0 main STP /common/inc/sgx_error.h /include/sgx_error.h 0 main STP /common/inc/sgx_report.h /include/sgx_report.h main STP +/common/inc/sgx_report2.h /include/sgx_report2.h main STP /common/inc/sgx_key.h /include/sgx_key.h 0 main STP /common/inc/sgx_quote.h /include/sgx_quote.h 0 main STP /common/inc/sgx_urts.h /include/sgx_urts.h 0 main STP /external/dcap_source/QuoteGeneration/quote_wrapper/common/inc/sgx_ql_lib_common.h /include/sgx_ql_lib_common.h 0 main STP /external/dcap_source/QuoteGeneration/quote_wrapper/common/inc/sgx_quote_3.h /include/sgx_quote_3.h 0 main STP +/external/dcap_source/QuoteGeneration/quote_wrapper/common/inc/sgx_quote_4.h /include/sgx_quote_4.h 0 main STP /external/dcap_source/QuoteGeneration/quote_wrapper/common/inc/sgx_ql_quote.h /include/sgx_ql_quote.h 0 main STP /external/dcap_source/QuoteGeneration/pce_wrapper/inc/sgx_pce.h /include/sgx_pce.h 0 main STP diff --git a/linux/installer/common/psw-dcap/Makefile b/linux/installer/common/psw-dcap/Makefile index 14f4c1894..a85c8b825 100644 --- a/linux/installer/common/psw-dcap/Makefile +++ b/linux/installer/common/psw-dcap/Makefile @@ -218,7 +218,7 @@ install_$(AESM_SERVICE_PACKAGE): $(foreach PKG,$(AESM_SERVICE_PKGS),post_$(PKG)) cd $(shell readlink -m $(DESTDIR)/$(AESM_PCE_PACKAGE)/$(SGX_INSTALL_PATH)/$(AESM_SERVICE_PACKAGE)/aesm) && \ ln -fs $(shell readlink -m $(USR_LIB_PATH)/libsgx_pce.signed.so.$(PCE_MAJOR_VER)) && \ ln -fs $(shell readlink -m $(USR_LIB_PATH)/libsgx_pce.signed.so) && \ - ln -fs liburts_internal.so libsgx_urts.so + ln -fs liburts_internal.so libsgx_urts.so.$(URTS_MAJOR_VER) PHONY+=install_$(DCAP_PCCS_PACKAGE) install_$(DCAP_PCCS_PACKAGE): pre_$(DCAP_PCCS_PACKAGE) | $(PACKAGE_ROOT_PATH) diff --git a/linux/installer/common/psw/Makefile b/linux/installer/common/psw/Makefile index 1486ee1fa..e574b6740 100644 --- a/linux/installer/common/psw/Makefile +++ b/linux/installer/common/psw/Makefile @@ -46,7 +46,7 @@ ECL_VER=1.0.0 LCH_VER=1.0.0 EPID_VER=1.0.0 QEX_VER=1.0.0 -URTS_VER:= 2.0.0.0 +URTS_VER:=2.0.0.0 QE3L_VER:=1.0.0 default: diff --git a/linux/installer/common/psw/createTarball.sh b/linux/installer/common/psw/createTarball.sh index 934390f3f..d43cde5ff 100755 --- a/linux/installer/common/psw/createTarball.sh +++ b/linux/installer/common/psw/createTarball.sh @@ -69,10 +69,12 @@ ECL_VER=$(awk '/ENCLAVE_COMMON_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/inter LCH_VER=$(awk '/LAUNCH_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') EPID_VER=$(awk '/EPID_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') QEX_VER=$(awk '/QUOTE_EX_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') +URTS_VERSION=$(awk '/URTS_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') pushd ${INSTALL_PATH} &> /dev/null sed -i "s/ECL_VER=.*/ECL_VER=${ECL_VER}/" Makefile sed -i "s/LCH_VER=.*/LCH_VER=${LCH_VER}/" Makefile sed -i "s/EPID_VER=.*/EPID_VER=${EPID_VER}/" Makefile sed -i "s/QEX_VER=.*/QEX_VER=${QEX_VER}/" Makefile +sed -i "s/URTS_VER=.*/URTS_VER=${URTS_VERSION}/" Makefile tar -zcvf ${TARBALL_NAME} * popd &> /dev/null diff --git a/linux/installer/common/sdk/BOMs/sdk_base.txt b/linux/installer/common/sdk/BOMs/sdk_base.txt index 70005fe05..068339596 100644 --- a/linux/installer/common/sdk/BOMs/sdk_base.txt +++ b/linux/installer/common/sdk/BOMs/sdk_base.txt @@ -41,9 +41,6 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /common/inc/sgx_secure_align.h /package/include/./sgx_secure_align.h 0 main STP /common/inc/sgx_secure_align_api.h /package/include/./sgx_secure_align_api.h 0 main STP /common/inc/sgx_rsrv_mem_mngr.h /package/include/sgx_rsrv_mem_mngr.h 0 main STP -/common/inc/sgx_utls.h /package/include/sgx_utls.h 0 main STP -/common/inc/sgx_ttls.h /package/include/sgx_ttls.h 0 main STP -/common/inc/sgx_ttls.edl /package/include/sgx_ttls.edl 0 main STP /common/inc/stdc++/exception /package/include/stdc++/exception 0 main STP /common/inc/stdc++/linux/exception /package/include/stdc++/linux/exception 0 main STP /common/inc/stdc++/linux/typeinfo /package/include/stdc++/linux/typeinfo 0 main STP @@ -294,6 +291,9 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /SampleCode/SampleAttestedTLS/server/enc/server_enc.config.xml /package/SampleCode/SampleAttestedTLS/server/enc/server_enc.config.xml 0 main STP /SampleCode/SampleAttestedTLS/server/host/host.cpp /package/SampleCode/SampleAttestedTLS/server/host/host.cpp 0 main STP /SampleCode/SampleAttestedTLS/server/host/Makefile /package/SampleCode/SampleAttestedTLS/server/host/Makefile 0 main STP +/SampleCode/SampleAttestedTLS/server_tdx/Makefile /package/SampleCode/SampleAttestedTLS/server_tdx/Makefile 0 main STP +/SampleCode/SampleAttestedTLS/server_tdx/openssl_server.cpp /package/SampleCode/SampleAttestedTLS/server_tdx/openssl_server.cpp 0 main STP +/SampleCode/SampleAttestedTLS/server_tdx/server.cpp /package/SampleCode/SampleAttestedTLS/server_tdx/server.cpp 0 main STP /SampleCode/SampleAttestedTLS/client/Makefile /package/SampleCode/SampleAttestedTLS/client/Makefile 0 main STP /SampleCode/SampleAttestedTLS/client/tls_client.edl /package/SampleCode/SampleAttestedTLS/client/tls_client.edl 0 main STP /SampleCode/SampleAttestedTLS/client/enc/client_enc.config.xml /package/SampleCode/SampleAttestedTLS/client/enc/client_enc.config.xml 0 main STP diff --git a/linux/installer/common/sgx-aesm-service/Makefile b/linux/installer/common/sgx-aesm-service/Makefile index 71face180..384ec9f55 100644 --- a/linux/installer/common/sgx-aesm-service/Makefile +++ b/linux/installer/common/sgx-aesm-service/Makefile @@ -57,6 +57,7 @@ PVE_VER=1.0.0 LE_VER=1.0.0 PCE_VER=1.0.0 QE3_VER=1.0.0 +URTS_VER:=2.0.0 SPLIT_VERSION=$(word $2,$(subst ., ,$1)) default: @@ -99,7 +100,7 @@ install: $(PACKAGES) cd $(shell readlink -m $(DESTDIR)/$(AESM_PCE_PACKAGE_NAME)/$(AESM_SERVICE_PACKAGE_PATH)/$(AESM_SERVICE_PACKAGE_NAME)/aesm) && \ ln -fs $(USR_LIB_PATH)/libsgx_pce.signed.so.$(call SPLIT_VERSION,$(PCE_VER),1) && \ ln -fs $(USR_LIB_PATH)/libsgx_pce.signed.so && \ - ln -fs liburts_internal.so libsgx_urts.so + ln -fs liburts_internal.so libsgx_urts.so.$(call SPLIT_VERSION,$(URTS_VER),1) $(PACKAGES): install -d $(shell readlink -m $(DESTDIR)/$@) diff --git a/linux/installer/common/sgx-aesm-service/createTarball.sh b/linux/installer/common/sgx-aesm-service/createTarball.sh index 55d05809c..c4a0512cb 100755 --- a/linux/installer/common/sgx-aesm-service/createTarball.sh +++ b/linux/installer/common/sgx-aesm-service/createTarball.sh @@ -67,12 +67,14 @@ QE_VERSION=$(awk '/QE_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_ve PVE_VERSION=$(awk '/PVE_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') LE_VERSION=$(awk '/LE_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') PCE_VERSION=$(awk '/PCE_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') +URTS_VERSION=$(awk '/URTS_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') QE3_VERSION=$(awk '/QE3_VERSION/ {print $3}' ${ROOT_DIR}/external/dcap_source/QuoteGeneration/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') pushd ${INSTALL_PATH} &> /dev/null sed -i "s/QE_VER=.*/QE_VER=${QE_VERSION}/" Makefile sed -i "s/PVE_VER=.*/PVE_VER=${PVE_VERSION}/" Makefile sed -i "s/LE_VER=.*/LE_VER=${LE_VERSION}/" Makefile sed -i "s/PCE_VER=.*/PCE_VER=${PCE_VERSION}/" Makefile +sed -i "s/URTS_VER=.*/URTS_VER=${URTS_VERSION}/" Makefile sed -i "s/QE3_VER=.*/QE3_VER=${QE3_VERSION}/" Makefile tar -zcvf ${TARBALL_NAME} * popd &> /dev/null diff --git a/linux/installer/deb/sgx-aesm-service/sgx-aesm-service-1.0/debian/control b/linux/installer/deb/sgx-aesm-service/sgx-aesm-service-1.0/debian/control index 49948db45..3d4d83136 100644 --- a/linux/installer/deb/sgx-aesm-service/sgx-aesm-service-1.0/debian/control +++ b/linux/installer/deb/sgx-aesm-service/sgx-aesm-service-1.0/debian/control @@ -37,12 +37,12 @@ Description: Unified Quote Plugin for Intel(R) Software Guard Extensions AESM Se Package: libsgx-aesm-ecdsa-plugin Architecture: amd64 -Depends: ${shlibs:Depends}, ${misc:Depends}, sgx-aesm-service(>= @dep_version@), libsgx-qe3-logic(>= 1.15), libsgx-aesm-pce-plugin(>= @dep_version@) +Depends: ${shlibs:Depends}, ${misc:Depends}, sgx-aesm-service(>= @dep_version@), libsgx-qe3-logic(>= 1.16), libsgx-aesm-pce-plugin(>= @dep_version@) Description: ECDSA Quote Plugin for Intel(R) Software Guard Extensions AESM Service Package: libsgx-aesm-pce-plugin Architecture: amd64 -Depends: ${shlibs:Depends}, ${misc:Depends}, sgx-aesm-service(>= @dep_version@), libsgx-pce-logic(>= 1.15), libsgx-ae-pce(>= @dep_version@) +Depends: ${shlibs:Depends}, ${misc:Depends}, sgx-aesm-service(>= @dep_version@), libsgx-pce-logic(>= 1.16), libsgx-ae-pce(>= @dep_version@) Description: PCE Plugin for Intel(R) Software Guard Extensions AESM Service Package: libsgx-ae-pce diff --git a/linux/installer/rpm/sgx-aesm-service/libsgx-aesm-ecdsa-plugin.spec b/linux/installer/rpm/sgx-aesm-service/libsgx-aesm-ecdsa-plugin.spec index 51bd9a2c8..202f73e8d 100644 --- a/linux/installer/rpm/sgx-aesm-service/libsgx-aesm-ecdsa-plugin.spec +++ b/linux/installer/rpm/sgx-aesm-service/libsgx-aesm-ecdsa-plugin.spec @@ -38,7 +38,7 @@ Version: @version@ Release: 1%{?dist} Summary: ECDSA Quote Plugin for Intel(R) Software Guard Extensions AESM Service Group: Development/System -Requires: sgx-aesm-service >= %{version}-%{release} libsgx-qe3-logic >= 1.15 libsgx-aesm-pce-plugin >= %{version}-%{release} +Requires: sgx-aesm-service >= %{version}-%{release} libsgx-qe3-logic >= 1.16 libsgx-aesm-pce-plugin >= %{version}-%{release} License: BSD License URL: https://github.com/intel/linux-sgx diff --git a/linux/installer/rpm/sgx-aesm-service/libsgx-aesm-pce-plugin.spec b/linux/installer/rpm/sgx-aesm-service/libsgx-aesm-pce-plugin.spec index b2233f6c4..22490064a 100644 --- a/linux/installer/rpm/sgx-aesm-service/libsgx-aesm-pce-plugin.spec +++ b/linux/installer/rpm/sgx-aesm-service/libsgx-aesm-pce-plugin.spec @@ -38,7 +38,7 @@ Version: @version@ Release: 1%{?dist} Summary: PCE Plugin for Intel(R) Software Guard Extensions AESM Service Group: Development/System -Requires: sgx-aesm-service >= %{version}-%{release} libsgx-pce-logic >= 1.15 +Requires: sgx-aesm-service >= %{version}-%{release} libsgx-pce-logic >= 1.16 License: BSD License URL: https://github.com/intel/linux-sgx diff --git a/linux/reproducibility/build_and_launch_docker.sh b/linux/reproducibility/build_and_launch_docker.sh index 086e9ab00..816ab0fef 100755 --- a/linux/reproducibility/build_and_launch_docker.sh +++ b/linux/reproducibility/build_and_launch_docker.sh @@ -75,8 +75,8 @@ mount_dir="/linux-sgx" sdk_installer="" sgx_src="" -default_sdk_installer=sgx_linux_x64_sdk_reproducible_2.18.100.1.bin -default_sdk_installer_url=https://download.01.org/intel-sgx/sgx-linux/2.18/distro/nix_reproducibility/$default_sdk_installer +default_sdk_installer=sgx_linux_x64_sdk_reproducible_2.19.100.1.bin +default_sdk_installer_url=https://download.01.org/intel-sgx/sgx-linux/2.19/distro/nix_reproducibility/$default_sdk_installer usage() @@ -177,7 +177,7 @@ prepare_sgx_src() if [ "$sgx_src" != "" ]; then mkdir -p "$sgx_repo" && cp -a "$sgx_src/." "$sgx_repo" else - git clone -b sgx_2.18_reproducible https://github.com/intel/linux-sgx.git $sgx_repo + git clone -b sgx_2.19_reproducible https://github.com/intel/linux-sgx.git $sgx_repo fi cd "$sgx_repo" && make preparation diff --git a/psw/ae/aesm_service/config/network/aesmd.conf b/psw/ae/aesm_service/config/network/aesmd.conf index 6f8a3823c..e96acb581 100644 --- a/psw/ae/aesm_service/config/network/aesmd.conf +++ b/psw/ae/aesm_service/config/network/aesmd.conf @@ -9,3 +9,5 @@ #default quoting type = ecdsa_256 #default quoting type = epid_linkable #default quoting type = epid_unlinkable +#qpl log level = error +#qpl log level = info \ No newline at end of file diff --git a/psw/ae/aesm_service/source/CMakeLists.txt b/psw/ae/aesm_service/source/CMakeLists.txt index 07577d60a..a77d53fb8 100644 --- a/psw/ae/aesm_service/source/CMakeLists.txt +++ b/psw/ae/aesm_service/source/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + # [proj-begin] cmake_minimum_required(VERSION 3.0.0) project(ModularAESM VERSION 0.1.0) diff --git a/psw/ae/aesm_service/source/bundles/CMakeLists.txt b/psw/ae/aesm_service/source/bundles/CMakeLists.txt index 18e188c8a..e6ef3e8ec 100644 --- a/psw/ae/aesm_service/source/bundles/CMakeLists.txt +++ b/psw/ae/aesm_service/source/bundles/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + BUNDLELIST(SUBDIRS ${CMAKE_CURRENT_SOURCE_DIR}) FOREACH(subdir ${SUBDIRS}) diff --git a/psw/ae/aesm_service/source/bundles/ecdsa_quote_service_bundle/CMakeLists.txt b/psw/ae/aesm_service/source/bundles/ecdsa_quote_service_bundle/CMakeLists.txt index 72064c8b9..2ac14e279 100644 --- a/psw/ae/aesm_service/source/bundles/ecdsa_quote_service_bundle/CMakeLists.txt +++ b/psw/ae/aesm_service/source/bundles/ecdsa_quote_service_bundle/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + set(qe3_logic "${CMAKE_SOURCE_DIR}/../../../../external/dcap_source/QuoteGeneration/build/linux/libsgx_qe3_logic.so") get_filename_component(bundle ${CMAKE_CURRENT_SOURCE_DIR} NAME) aux_source_directory(. _src) diff --git a/psw/ae/aesm_service/source/bundles/ecdsa_quote_service_bundle/ecdsa_quote_service_bundle.cpp b/psw/ae/aesm_service/source/bundles/ecdsa_quote_service_bundle/ecdsa_quote_service_bundle.cpp index afc3b3630..3c2649132 100644 --- a/psw/ae/aesm_service/source/bundles/ecdsa_quote_service_bundle/ecdsa_quote_service_bundle.cpp +++ b/psw/ae/aesm_service/source/bundles/ecdsa_quote_service_bundle/ecdsa_quote_service_bundle.cpp @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #include #include @@ -8,6 +39,7 @@ #include #include #include "aesm_logic.h" +#include "aesm_config.h" #include "sgx_quote_3.h" #include "sgx_ql_quote.h" #include "sgx_ql_core_wrapper.h" @@ -21,7 +53,7 @@ static AESMLogicMutex ecdsa_quote_mutex; extern const sgx_ql_att_key_id_t g_default_ecdsa_p256_att_key_id; extern "C" void* get_qpl_handle(); -typedef quote3_error_t(*sgx_ql_set_logging_callback_t)(sgx_ql_logging_callback_t logger); +typedef quote3_error_t(*sgx_ql_set_logging_callback_t)(sgx_ql_logging_callback_t logger, sgx_ql_log_level_t loglevel); void sgx_ql_logging_callback(sgx_ql_log_level_t level, const char* message) { @@ -169,6 +201,14 @@ static aesm_error_t quote3_error_to_aesm_error(quote3_error_t input) ret = AESM_KEY_CERTIFICATION_ERROR; break; + case SGX_QL_NETWORK_ERROR: + ret = AESM_NETWORK_ERROR; + break; + + case SGX_QL_MESSAGE_ERROR: + ret = AESM_MSG_ERROR; + break; + default: ret = AESM_UNEXPECTED_ERROR; break; @@ -277,11 +317,12 @@ class EcdsaQuoteServiceImp : public IQuoteProviderService // Set logging callback for default quote provider library void* handle = get_qpl_handle(); if (handle != NULL) { + aesm_config_infos_t info = {0}; char *error; sgx_ql_set_logging_callback_t ql_set_logging_callback = (sgx_ql_set_logging_callback_t)dlsym(handle, "sgx_ql_set_logging_callback"); - if ((error = dlerror()) == NULL && ql_set_logging_callback != NULL) { + if ((error = dlerror()) == NULL && ql_set_logging_callback != NULL && read_aesm_config(info)) { // Set logging function detected - ql_set_logging_callback(sgx_ql_logging_callback); + ql_set_logging_callback(sgx_ql_logging_callback, (sgx_ql_log_level_t)info.qpl_log_level); } else { AESM_LOG_ERROR("Failed to set logging callback for the quote provider library."); diff --git a/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/CMakeLists.txt b/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/CMakeLists.txt index 1dd922833..5479249d7 100644 --- a/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/CMakeLists.txt +++ b/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + set(Edger8rOutputPVE "${CMAKE_CURRENT_BINARY_DIR}/provision_enclave_u.c") set(Edger8rOutputQE "${CMAKE_CURRENT_BINARY_DIR}/quoting_enclave_u.c") get_filename_component(bundle ${CMAKE_CURRENT_SOURCE_DIR} NAME) diff --git a/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/epid_quote_service_bundle.cpp b/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/epid_quote_service_bundle.cpp index 0f5b9cdc7..c7db8d38d 100644 --- a/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/epid_quote_service_bundle.cpp +++ b/psw/ae/aesm_service/source/bundles/epid_quote_service_bundle/epid_quote_service_bundle.cpp @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #include #include #include diff --git a/psw/ae/aesm_service/source/bundles/le_launch_service_bundle/CMakeLists.txt b/psw/ae/aesm_service/source/bundles/le_launch_service_bundle/CMakeLists.txt index 9f3aba893..3267c1b8a 100644 --- a/psw/ae/aesm_service/source/bundles/le_launch_service_bundle/CMakeLists.txt +++ b/psw/ae/aesm_service/source/bundles/le_launch_service_bundle/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + if(REF_LE) set(Edger8rOutputLE "${CMAKE_CURRENT_BINARY_DIR}/ref_le_u.c") set(Edger8rEDLLE "${PROJECT_SOURCE_DIR}/../../ref_le/ref_le.edl") diff --git a/psw/ae/aesm_service/source/bundles/le_launch_service_bundle/le_launch_service_bundle.cpp b/psw/ae/aesm_service/source/bundles/le_launch_service_bundle/le_launch_service_bundle.cpp index a6da7e924..8faa23c43 100644 --- a/psw/ae/aesm_service/source/bundles/le_launch_service_bundle/le_launch_service_bundle.cpp +++ b/psw/ae/aesm_service/source/bundles/le_launch_service_bundle/le_launch_service_bundle.cpp @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #include #include "uae_service_internal.h" diff --git a/psw/ae/aesm_service/source/bundles/linux_network_service_bundle/CMakeLists.txt b/psw/ae/aesm_service/source/bundles/linux_network_service_bundle/CMakeLists.txt index e16422aa0..63fc1f1a8 100644 --- a/psw/ae/aesm_service/source/bundles/linux_network_service_bundle/CMakeLists.txt +++ b/psw/ae/aesm_service/source/bundles/linux_network_service_bundle/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + find_package(CURL REQUIRED) if(CURL_FOUND) message ("CURL found") diff --git a/psw/ae/aesm_service/source/bundles/linux_network_service_bundle/linux_network_service_bundle.cpp b/psw/ae/aesm_service/source/bundles/linux_network_service_bundle/linux_network_service_bundle.cpp index 8d2d9ef0f..d28a759c5 100644 --- a/psw/ae/aesm_service/source/bundles/linux_network_service_bundle/linux_network_service_bundle.cpp +++ b/psw/ae/aesm_service/source/bundles/linux_network_service_bundle/linux_network_service_bundle.cpp @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #include #include diff --git a/psw/ae/aesm_service/source/bundles/pce_service_bundle/CMakeLists.txt b/psw/ae/aesm_service/source/bundles/pce_service_bundle/CMakeLists.txt index d447a6673..f899d5fdc 100644 --- a/psw/ae/aesm_service/source/bundles/pce_service_bundle/CMakeLists.txt +++ b/psw/ae/aesm_service/source/bundles/pce_service_bundle/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + set(pce_logic "${CMAKE_SOURCE_DIR}/../../../../external/dcap_source/QuoteGeneration/build/linux/libsgx_pce_logic.so") get_filename_component(bundle ${CMAKE_CURRENT_SOURCE_DIR} NAME) aux_source_directory(. _srcs) diff --git a/psw/ae/aesm_service/source/bundles/pce_service_bundle/pce_service_bundle.cpp b/psw/ae/aesm_service/source/bundles/pce_service_bundle/pce_service_bundle.cpp index 493421f51..6978272b1 100644 --- a/psw/ae/aesm_service/source/bundles/pce_service_bundle/pce_service_bundle.cpp +++ b/psw/ae/aesm_service/source/bundles/pce_service_bundle/pce_service_bundle.cpp @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #include #include diff --git a/psw/ae/aesm_service/source/bundles/quote_ex_service_bundle/CMakeLists.txt b/psw/ae/aesm_service/source/bundles/quote_ex_service_bundle/CMakeLists.txt index fba4102a6..98cb4e286 100644 --- a/psw/ae/aesm_service/source/bundles/quote_ex_service_bundle/CMakeLists.txt +++ b/psw/ae/aesm_service/source/bundles/quote_ex_service_bundle/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + get_filename_component(bundle ${CMAKE_CURRENT_SOURCE_DIR} NAME) aux_source_directory(. _srcs) CreateBundle(${bundle} ${_srcs}) diff --git a/psw/ae/aesm_service/source/bundles/quote_ex_service_bundle/quote_ex_service_bundle.cpp b/psw/ae/aesm_service/source/bundles/quote_ex_service_bundle/quote_ex_service_bundle.cpp index f642046c6..e5bc3dedd 100644 --- a/psw/ae/aesm_service/source/bundles/quote_ex_service_bundle/quote_ex_service_bundle.cpp +++ b/psw/ae/aesm_service/source/bundles/quote_ex_service_bundle/quote_ex_service_bundle.cpp @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #include #include #include diff --git a/psw/ae/aesm_service/source/common/aesm_config.h b/psw/ae/aesm_service/source/common/aesm_config.h index 6684edc9e..25d7266f1 100644 --- a/psw/ae/aesm_service/source/common/aesm_config.h +++ b/psw/ae/aesm_service/source/common/aesm_config.h @@ -38,6 +38,7 @@ typedef struct _aesm_config_infos_t{ uint32_t quoting_type; char white_list_url[MAX_PATH]; char aesm_proxy[MAX_PATH]; + uint32_t qpl_log_level; }aesm_config_infos_t; #endif diff --git a/psw/ae/aesm_service/source/core/CMakeLists.txt b/psw/ae/aesm_service/source/core/CMakeLists.txt index 878ba1dba..c782215e9 100644 --- a/psw/ae/aesm_service/source/core/CMakeLists.txt +++ b/psw/ae/aesm_service/source/core/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + aux_source_directory(. _srcs) #Disable CET diff --git a/psw/ae/aesm_service/source/core/ipc/CMakeLists.txt b/psw/ae/aesm_service/source/core/ipc/CMakeLists.txt index f233595d4..47c0efafb 100644 --- a/psw/ae/aesm_service/source/core/ipc/CMakeLists.txt +++ b/psw/ae/aesm_service/source/core/ipc/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + aux_source_directory(. IPC_LIB_SRCS) PROTOBUF_GENERATE_CPP(PROTO_SRCS PROTO_HDRS messages.proto) # Print path to generated files diff --git a/psw/ae/aesm_service/source/interfaces/epid_quote_service.h b/psw/ae/aesm_service/source/interfaces/epid_quote_service.h index 4bf488409..a1b69b086 100644 --- a/psw/ae/aesm_service/source/interfaces/epid_quote_service.h +++ b/psw/ae/aesm_service/source/interfaces/epid_quote_service.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef EPID_QUOTE_SERVICE_EXPORT_H #define EPID_QUOTE_SERVICE_EXPORT_H #include "quote_service.h" diff --git a/psw/ae/aesm_service/source/interfaces/get_att_key_id.h b/psw/ae/aesm_service/source/interfaces/get_att_key_id.h index 48796b9b2..9ce3dc06f 100644 --- a/psw/ae/aesm_service/source/interfaces/get_att_key_id.h +++ b/psw/ae/aesm_service/source/interfaces/get_att_key_id.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef GET_ATT_KEY_ID_H #define GET_ATT_KEY_ID_H #include "aesm_error.h" diff --git a/psw/ae/aesm_service/source/interfaces/launch_service.h b/psw/ae/aesm_service/source/interfaces/launch_service.h index af8118cab..0695d6b56 100644 --- a/psw/ae/aesm_service/source/interfaces/launch_service.h +++ b/psw/ae/aesm_service/source/interfaces/launch_service.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef LAUNCH_SERVICE_EXPORT_H #define LAUNCH_SERVICE_EXPORT_H #include "service.h" diff --git a/psw/ae/aesm_service/source/interfaces/network_service.h b/psw/ae/aesm_service/source/interfaces/network_service.h index c4cea044d..a6ba6568f 100644 --- a/psw/ae/aesm_service/source/interfaces/network_service.h +++ b/psw/ae/aesm_service/source/interfaces/network_service.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef NETWORK_SERVICE_EXPORT_H #define NETWORK_SERVICE_EXPORT_H #include "service.h" diff --git a/psw/ae/aesm_service/source/interfaces/pce_service.h b/psw/ae/aesm_service/source/interfaces/pce_service.h index f0acd9210..329f23fed 100644 --- a/psw/ae/aesm_service/source/interfaces/pce_service.h +++ b/psw/ae/aesm_service/source/interfaces/pce_service.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef PCE_SERVICE_EXPORT_H #define PCE_SERVICE_EXPORT_H #include "service.h" diff --git a/psw/ae/aesm_service/source/interfaces/quote_ex_service.h b/psw/ae/aesm_service/source/interfaces/quote_ex_service.h index 1c30cdffc..06b36a15a 100644 --- a/psw/ae/aesm_service/source/interfaces/quote_ex_service.h +++ b/psw/ae/aesm_service/source/interfaces/quote_ex_service.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef QUOTE_EX_SERVICE_EXPORT_H #define QUOTE_EX_SERVICE_EXPORT_H #include "service.h" diff --git a/psw/ae/aesm_service/source/interfaces/quote_provider_service.h b/psw/ae/aesm_service/source/interfaces/quote_provider_service.h index cfb20edb7..f6972f6e7 100644 --- a/psw/ae/aesm_service/source/interfaces/quote_provider_service.h +++ b/psw/ae/aesm_service/source/interfaces/quote_provider_service.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef QUOTE_PROVIDER_SERVICE_EXPORT_H #define QUOTE_PROVIDER_SERVICE_EXPORT_H #include "quote_ex_service.h" diff --git a/psw/ae/aesm_service/source/interfaces/quote_proxy_service.h b/psw/ae/aesm_service/source/interfaces/quote_proxy_service.h index 1d01f68ca..43c268267 100644 --- a/psw/ae/aesm_service/source/interfaces/quote_proxy_service.h +++ b/psw/ae/aesm_service/source/interfaces/quote_proxy_service.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef QUOTE_PROXY_SERVICE_EXPORT_H #define QUOTE_PROXY_SERVICE_EXPORT_H #include "quote_ex_service.h" diff --git a/psw/ae/aesm_service/source/interfaces/quote_service.h b/psw/ae/aesm_service/source/interfaces/quote_service.h index ccc90a8eb..ec11adcab 100644 --- a/psw/ae/aesm_service/source/interfaces/quote_service.h +++ b/psw/ae/aesm_service/source/interfaces/quote_service.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef QUOTE_SERVICE_EXPORT_H #define QUOTE_SERVICE_EXPORT_H #include "service.h" diff --git a/psw/ae/aesm_service/source/interfaces/select_att_key_id.h b/psw/ae/aesm_service/source/interfaces/select_att_key_id.h index 0383ec64b..fab251a96 100644 --- a/psw/ae/aesm_service/source/interfaces/select_att_key_id.h +++ b/psw/ae/aesm_service/source/interfaces/select_att_key_id.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef SELECT_ATT_KEY_ID_H #define SELECT_ATT_KEY_ID_H #include diff --git a/psw/ae/aesm_service/source/interfaces/service.h b/psw/ae/aesm_service/source/interfaces/service.h index 371da4dc2..2c5a90a88 100644 --- a/psw/ae/aesm_service/source/interfaces/service.h +++ b/psw/ae/aesm_service/source/interfaces/service.h @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef SERVICE_EXPORT_H #define SERVICE_EXPORT_H #include "aeerror.h" diff --git a/psw/ae/aesm_service/source/oal/CMakeLists.txt b/psw/ae/aesm_service/source/oal/CMakeLists.txt index 959435cb6..077d3a4a3 100644 --- a/psw/ae/aesm_service/source/oal/CMakeLists.txt +++ b/psw/ae/aesm_service/source/oal/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + if(WIN32) aux_source_directory(windows OAL_LIB_SRCS) else() diff --git a/psw/ae/aesm_service/source/qcnl/CMakeLists.txt b/psw/ae/aesm_service/source/qcnl/CMakeLists.txt index 6ed7ad163..f4c59a2af 100644 --- a/psw/ae/aesm_service/source/qcnl/CMakeLists.txt +++ b/psw/ae/aesm_service/source/qcnl/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + find_package(CURL REQUIRED) if(CURL_FOUND) message ("CURL found") diff --git a/psw/ae/aesm_service/source/qpl/CMakeLists.txt b/psw/ae/aesm_service/source/qpl/CMakeLists.txt index 0eb240381..d57c58f61 100644 --- a/psw/ae/aesm_service/source/qpl/CMakeLists.txt +++ b/psw/ae/aesm_service/source/qpl/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + aux_source_directory(${PROJECT_SOURCE_DIR}/../../../../external/dcap_source/QuoteGeneration/qpl _srcs) aux_source_directory(${PROJECT_SOURCE_DIR}/../../../../external/dcap_source/QuoteGeneration/qpl/linux _srcs) diff --git a/psw/ae/aesm_service/source/utils/CMakeLists.txt b/psw/ae/aesm_service/source/utils/CMakeLists.txt index 77aac373f..2f83b4142 100644 --- a/psw/ae/aesm_service/source/utils/CMakeLists.txt +++ b/psw/ae/aesm_service/source/utils/CMakeLists.txt @@ -1,3 +1,34 @@ +# +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + find_package(OpenSSL REQUIRED) if(OPENSSL_FOUND) message ("OpenSSL found") diff --git a/psw/ae/aesm_service/source/utils/aesm_config.cpp b/psw/ae/aesm_service/source/utils/aesm_config.cpp index 2f1f61039..60ba58334 100644 --- a/psw/ae/aesm_service/source/utils/aesm_config.cpp +++ b/psw/ae/aesm_service/source/utils/aesm_config.cpp @@ -51,6 +51,7 @@ enum _config_value_t{ config_aesm_proxy_url, config_aesm_proxy_type, config_aesm_quoting_type, + config_qpl_log_level, config_value_nums }; @@ -63,7 +64,8 @@ struct _config_patterns_t{ {config_white_list_url, "^[[:blank:]]*whitelist[[:blank:]]*url[[:blank:]]*=" URL_PATTERN OPTION_COMMENT "$"}, //matching line in format: whilelist url = .... {config_aesm_proxy_url,"^[[:blank:]]*aesm[[:blank:]]*proxy[[:blank:]]*=" URL_PATTERN OPTION_COMMENT "$"}, //matching line in format: aesm proxy = ... {config_aesm_proxy_type, "^[[:blank:]]*proxy[[:blank:]]*type[[:blank:]]*=[[:blank:]]([^[:blank:]]+)[[:blank:]]*" OPTION_COMMENT "$"},//matching line in format: proxy type = [direct|default|manual] - {config_aesm_quoting_type, "^[[:blank:]]*default[[:blank:]]*quoting[[:blank:]]*type[[:blank:]]*=[[:blank:]]([^[:blank:]]+)[[:blank:]]*" OPTION_COMMENT "$"}//matching line in format: default quoting type = [ecdsa_256|epid_unlinkable|epid_linkable] + {config_aesm_quoting_type, "^[[:blank:]]*default[[:blank:]]*quoting[[:blank:]]*type[[:blank:]]*=[[:blank:]]([^[:blank:]]+)[[:blank:]]*" OPTION_COMMENT "$"},//matching line in format: default quoting type = [ecdsa_256|epid_unlinkable|epid_linkable] + {config_qpl_log_level, "^[[:blank:]]*qpl[[:blank:]]*log[[:blank:]]*level[[:blank:]]*=[[:blank:]]([^[:blank:]]+)[[:blank:]]*" OPTION_COMMENT "$"},//matching line in format: qpl log level = [error|info] }; #define NUM_CONFIG_PATTERNS (sizeof(config_patterns)/sizeof(config_patterns[0])) @@ -120,6 +122,12 @@ static const char *quoting_type_name[]={ }; #define NUM_QUOTING_TYPE (sizeof(quoting_type_name)/sizeof(quoting_type_name[0])) +static const char *qpl_log_level_name[]={ + "error", + "info", +}; +#define NUM_QPL_LOG_LEVEL (sizeof(qpl_log_level_name)/sizeof(qpl_log_level_name[0])) + //function to decode proxy type from string to integer value static uint32_t read_aesm_proxy_type(const char *string, uint32_t len) { @@ -146,6 +154,19 @@ static uint32_t read_aesm_quoting_type(const char *string, uint32_t len) return (uint32_t)NUM_QUOTING_TYPE; } +//function to decode qpl log level from string to integer value +static uint32_t read_qpl_log_level(const char *string, uint32_t len) +{ + uint32_t i; + for(i=0;i1 0 0x1 - 0xD + 0xE 1 0 1 diff --git a/psw/ae/pve/config.xml b/psw/ae/pve/config.xml index 1f53a3a54..a0e0abfea 100644 --- a/psw/ae/pve/config.xml +++ b/psw/ae/pve/config.xml @@ -3,7 +3,7 @@ 1 0 0x1 - 0xD + 0xE 1 0 1 diff --git a/psw/ae/qe/config.xml b/psw/ae/qe/config.xml index 9224e3945..04c1e0873 100644 --- a/psw/ae/qe/config.xml +++ b/psw/ae/qe/config.xml @@ -3,7 +3,7 @@ 0 0 0x1 - 0xD + 0xE 1 0 1 diff --git a/psw/urts/loader.cpp b/psw/urts/loader.cpp index 84d18257d..b0d8c623c 100644 --- a/psw/urts/loader.cpp +++ b/psw/urts/loader.cpp @@ -77,7 +77,8 @@ const char * layout_id_str[] = { "THREAD_GROUP_DYN", "RSRV_MIN", "RSRV_INIT", - "RSRV_MAX" + "RSRV_MAX", + "USER_REGION" }; // enclave creator instance diff --git a/sdk/debugger_interface/linux/gdb-sgx-plugin/gdb_sgx_plugin.py b/sdk/debugger_interface/linux/gdb-sgx-plugin/gdb_sgx_plugin.py old mode 100755 new mode 100644 index baf5aaa1e..672edfdc7 --- a/sdk/debugger_interface/linux/gdb-sgx-plugin/gdb_sgx_plugin.py +++ b/sdk/debugger_interface/linux/gdb-sgx-plugin/gdb_sgx_plugin.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python # # Copyright (C) 2011-2021 Intel Corporation. All rights reserved. # diff --git a/sdk/debugger_interface/linux/gdb-sgx-plugin/load_symbol_cmd.py b/sdk/debugger_interface/linux/gdb-sgx-plugin/load_symbol_cmd.py old mode 100755 new mode 100644 index 7b4fe7b81..5d4d9b0a5 --- a/sdk/debugger_interface/linux/gdb-sgx-plugin/load_symbol_cmd.py +++ b/sdk/debugger_interface/linux/gdb-sgx-plugin/load_symbol_cmd.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python # # Copyright (C) 2011-2021 Intel Corporation. All rights reserved. # diff --git a/sdk/debugger_interface/linux/gdb-sgx-plugin/printers.py b/sdk/debugger_interface/linux/gdb-sgx-plugin/printers.py index b4436de8c..98356d35e 100644 --- a/sdk/debugger_interface/linux/gdb-sgx-plugin/printers.py +++ b/sdk/debugger_interface/linux/gdb-sgx-plugin/printers.py @@ -1,35 +1,3 @@ -#!/usr/bin/env python -# -# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# * Neither the name of Intel Corporation nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# - #===----------------------------------------------------------------------===## # # Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. diff --git a/sdk/debugger_interface/linux/gdb-sgx-plugin/readelf.py b/sdk/debugger_interface/linux/gdb-sgx-plugin/readelf.py old mode 100755 new mode 100644 index c43bf2aaa..39c83e368 --- a/sdk/debugger_interface/linux/gdb-sgx-plugin/readelf.py +++ b/sdk/debugger_interface/linux/gdb-sgx-plugin/readelf.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python # # Copyright (C) 2011-2021 Intel Corporation. All rights reserved. # diff --git a/sdk/debugger_interface/linux/gdb-sgx-plugin/sgx-gdb b/sdk/debugger_interface/linux/gdb-sgx-plugin/sgx-gdb index 643cdccce..382dbcb64 100755 --- a/sdk/debugger_interface/linux/gdb-sgx-plugin/sgx-gdb +++ b/sdk/debugger_interface/linux/gdb-sgx-plugin/sgx-gdb @@ -1,6 +1,6 @@ #!/usr/bin/env bash # -# Copyright (C) 2011-2019 Intel Corporation. All rights reserved. +# Copyright (C) 2011-2021 Intel Corporation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions diff --git a/sdk/debugger_interface/linux/gdb-sgx-plugin/sgx_emmt.py b/sdk/debugger_interface/linux/gdb-sgx-plugin/sgx_emmt.py old mode 100755 new mode 100644 index 7e70d60a6..3ed221400 --- a/sdk/debugger_interface/linux/gdb-sgx-plugin/sgx_emmt.py +++ b/sdk/debugger_interface/linux/gdb-sgx-plugin/sgx_emmt.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python # # Copyright (C) 2011-2021 Intel Corporation. All rights reserved. # diff --git a/sdk/protected_code_loader/crypto/pcl_crypto.cpp b/sdk/protected_code_loader/crypto/pcl_crypto.cpp index 0f500fbe2..027fbc1c6 100644 --- a/sdk/protected_code_loader/crypto/pcl_crypto.cpp +++ b/sdk/protected_code_loader/crypto/pcl_crypto.cpp @@ -178,6 +178,7 @@ int pcl_cmac( unsigned char iv[PCL_COUNTER_SIZE] = { 0 }; unsigned char aux[PCL_AES_BLOCK_LEN] = { 0 }; unsigned char k1[PCL_AES_BLOCK_LEN] = { 0 }; + unsigned char k2[PCL_AES_BLOCK_LEN] = { 0 }; AES_KEY wide_key = {.rd_key={},.rounds=0}; pcl_vpaes_set_encrypt_key((const unsigned char *)p_key, PCL_AES_BLOCK_LEN_BITS, &wide_key); @@ -187,7 +188,10 @@ int pcl_cmac( // Use result to generate K1: make_kn(k1, aux, PCL_AES_BLOCK_LEN); - + + // Generate k2: + make_kn(k2, k1, PCL_AES_BLOCK_LEN); + // Digest message except for last block: pcl_memset(iv, 0, PCL_COUNTER_SIZE); while(src_len > PCL_AES_BLOCK_LEN) @@ -196,11 +200,33 @@ int pcl_cmac( src_len -= PCL_AES_BLOCK_LEN; p_src += PCL_AES_BLOCK_LEN; } - - - // XOR K1 with last block of message: - for (int i = 0; i < PCL_AES_BLOCK_LEN; i++)aux[i] = p_src[i] ^ k1[i]; - + + if (src_len == PCL_AES_BLOCK_LEN) + { + // last block is complete + // XOR K1 with last block of message: + for (int i = 0; i < PCL_AES_BLOCK_LEN; i++) + aux[i] = p_src[i] ^ k1[i]; + } + else + { + // last block is not complete + // copy last block + uint8_t temp[PCL_AES_BLOCK_LEN] = {0}; + if (src_len > 0) + { + for (int i = 0; i < src_len; i++) + { + temp[i] = p_src[i]; + } + } + temp[src_len] = 0x80; + for (int i = 0; i < PCL_AES_BLOCK_LEN; i++) + { + aux[i] = temp[i] ^ k2[i]; + } + } + // Apply AES-CBC encrypt on result and IV pcl_vpaes_cbc_encrypt(aux, (uint8_t*)p_mac, PCL_AES_BLOCK_LEN, &wide_key, iv, 1); return 0; diff --git a/sdk/protected_code_loader/unseal/sim/pcl_t_instructions.cpp b/sdk/protected_code_loader/unseal/sim/pcl_t_instructions.cpp index 94a87e905..715be0436 100644 --- a/sdk/protected_code_loader/unseal/sim/pcl_t_instructions.cpp +++ b/sdk/protected_code_loader/unseal/sim/pcl_t_instructions.cpp @@ -112,6 +112,16 @@ egetkey_status_t pcl_check_isv_svn(sgx_key_request_t* kr, secs_t* secs) return EGETKEY_SUCCESS; } +egetkey_status_t pcl_check_config_svn(sgx_key_request_t* kr, secs_t* secs) +{ + if (kr->config_svn > secs->config_svn) + { + return EGETKEY_INVALID_ISVSVN; + } + return EGETKEY_SUCCESS; +} + + egetkey_status_t pcl_egetkey(sgx_key_request_t* kr, sgx_key_128bit_t okey) { // check alignment of KEYREQUEST @@ -140,6 +150,7 @@ egetkey_status_t pcl_egetkey(sgx_key_request_t* kr, sgx_key_128bit_t okey) secs_t* cur_secs = g_global_data_sim.secs_ptr; sgx_attributes_t tmp_attr; + sgx_misc_select_t tmp_misc; derivation_data_t dd; pcl_memset(&dd, 0, sizeof(dd)); @@ -151,6 +162,8 @@ egetkey_status_t pcl_egetkey(sgx_key_request_t* kr, sgx_key_128bit_t okey) tmp_attr.flags = kr->attribute_mask.flags | SGX_FLAGS_INITTED | SGX_FLAGS_DEBUG; tmp_attr.flags &= cur_secs->attributes.flags; tmp_attr.xfrm = kr->attribute_mask.xfrm & cur_secs->attributes.xfrm; + // Compute MISCSELECT fields to be included in the key. + tmp_misc = kr->misc_mask & cur_secs->misc_select; // HW supports CPUSVN to be set as 0. // To be consistent with HW behaviour, we replace the cpusvn as DEFAULT_CPUSVN if the input cpusvn is 0. if(pcl_consttime_memequal(&kr->cpu_svn, &dd.ddpk.cpu_svn, sizeof(sgx_cpu_svn_t))) @@ -167,8 +180,12 @@ egetkey_status_t pcl_egetkey(sgx_key_request_t* kr, sgx_key_128bit_t okey) if(EGETKEY_SUCCESS != esa)return esa; esa = pcl_check_cpu_svn(kr); if(EGETKEY_SUCCESS != esa)return esa; + esa = pcl_check_config_svn(kr, cur_secs); + if(EGETKEY_SUCCESS != esa)return esa; + // assemble derivation data dd.size = sizeof(dd_seal_key_t); + dd.ddsk.key_policy = kr->key_policy; if (kr->key_policy & SGX_KEYPOLICY_MRENCLAVE) { pcl_memcpy(&dd.ddsk.mrenclave, &cur_secs->mr_enclave, sizeof(sgx_measurement_t)); } @@ -179,13 +196,16 @@ egetkey_status_t pcl_egetkey(sgx_key_request_t* kr, sgx_key_128bit_t okey) pcl_memcpy(&dd.ddsk.tmp_attr, &tmp_attr, sizeof(sgx_attributes_t)); pcl_memcpy(&dd.ddsk.attribute_mask, &kr->attribute_mask, sizeof(sgx_attributes_t)); + dd.ddsk.tmp_misc = tmp_misc; + dd.ddsk.misc_mask = ~kr->misc_mask; pcl_memcpy(dd.ddsk.csr_owner_epoch, (void*)SIMU_OWNER_EPOCH_MSR, sizeof(se_owner_epoch_t)); pcl_memcpy(&dd.ddsk.cpu_svn,&kr->cpu_svn,sizeof(sgx_cpu_svn_t)); dd.ddsk.isv_svn = kr->isv_svn; - dd.ddsk.isv_prod_id = cur_secs->isv_prod_id; + if (!(kr->key_policy & SGX_KEYPOLICY_NOISVPRODID)) { + dd.ddsk.isv_prod_id = cur_secs->isv_prod_id; + } pcl_memcpy(&dd.ddsk.key_id, &kr->key_id, sizeof(sgx_key_id_t)); - /* PCL UNUSED START default: return EGETKEY_INVALID_KEYNAME; diff --git a/sdk/sign_tool/SignTool/manage_metadata.cpp b/sdk/sign_tool/SignTool/manage_metadata.cpp index 5d2023a0d..db209f4da 100644 --- a/sdk/sign_tool/SignTool/manage_metadata.cpp +++ b/sdk/sign_tool/SignTool/manage_metadata.cpp @@ -601,40 +601,46 @@ bool CMetadata::check_xml_parameter(const xml_parameter_t *parameter) uint64_t CMetadata::calculate_rts_bk_overhead() { - uint64_t ema_overhead = sizeof(struct ema_t_); - uint64_t bit_array_overhead = sizeof(struct bit_array_); + se_trace(SE_TRACE_DEBUG, "ema_overhead: %lld, bit_array_overhead: %lld\n", sizeof(struct ema_t_), sizeof(struct bit_array_)); + + // alignment value according to sgx-emm emalloc.c + const uint32_t ema_align = 0x10; + const uint32_t page_count_align = 0x80; + + uint64_t ema_overhead = ROUND_TO(sizeof(struct ema_t_), ema_align); + uint64_t bit_array_overhead = ROUND_TO(sizeof(struct bit_array_), ema_align); // MIN heap uint32_t page_count = (uint32_t)(m_create_param.heap_min_size >> SE_PAGE_SHIFT); - uint64_t heap_node_overhead = ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + uint64_t heap_node_overhead = ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); if(m_create_param.heap_init_size > m_create_param.heap_min_size) { // INIT heap page_count = (uint32_t)((m_create_param.heap_init_size - m_create_param.heap_min_size) >> SE_PAGE_SHIFT); - heap_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + heap_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); } if(m_create_param.heap_max_size > m_create_param.heap_init_size) { page_count = (uint32_t)((m_create_param.heap_max_size - m_create_param.heap_init_size) >> SE_PAGE_SHIFT); - heap_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + heap_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); } page_count = (uint32_t)(m_create_param.rsrv_min_size >> SE_PAGE_SHIFT); - uint64_t rsrv_node_overhead = ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + uint64_t rsrv_node_overhead = ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); if(m_create_param.rsrv_init_size > m_create_param.rsrv_min_size) { // INIT RSRV page_count = (uint32_t)((m_create_param.rsrv_init_size - m_create_param.rsrv_min_size) >> SE_PAGE_SHIFT); - rsrv_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + rsrv_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); } if(m_create_param.rsrv_max_size > m_create_param.rsrv_init_size) { page_count = (uint32_t)((m_create_param.rsrv_max_size - m_create_param.rsrv_init_size) >> SE_PAGE_SHIFT); - rsrv_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + rsrv_node_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); } // guard page | stack | guard page | TCS | SSA | guard page | TLS @@ -644,13 +650,13 @@ uint64_t CMetadata::calculate_rts_bk_overhead() // stack page_count = (uint32_t)(m_create_param.stack_min_size >> SE_PAGE_SHIFT); - non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); removed_ctx_overhead += ema_overhead; if(m_create_param.stack_max_size > m_create_param.stack_min_size) { page_count = (uint32_t)((m_create_param.stack_max_size - m_create_param.stack_min_size) >> SE_PAGE_SHIFT); - non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); removed_ctx_overhead += ema_overhead; } @@ -660,12 +666,12 @@ uint64_t CMetadata::calculate_rts_bk_overhead() // tcs page_count = TCS_SIZE >> SE_PAGE_SHIFT; - non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); removed_ctx_overhead += ema_overhead; // ssa page_count = m_metadata->ssa_frame_size * SSA_NUM; - non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); removed_ctx_overhead += ema_overhead; // guard page @@ -679,7 +685,7 @@ uint64_t CMetadata::calculate_rts_bk_overhead() { page_count += (uint32_t)(ROUND_TO_PAGE(section->virtual_size()) >> SE_PAGE_SHIFT); } - non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, 8) >> 3); + non_removed_ctx_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(page_count, page_count_align) >> 3); removed_ctx_overhead += ema_overhead; uint32_t tcs_min_pool = 0; /* Number of static threads (EADD) */ @@ -730,7 +736,7 @@ uint64_t CMetadata::calculate_rts_bk_overhead() std::vector sections = m_parser->get_sections(); for (auto s : sections) { uint32_t p_count = (uint32_t)(ROUND_TO_PAGE(s->virtual_size()) >> SE_PAGE_SHIFT); - total_sections_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(p_count, 8) >> 3); + total_sections_overhead += ema_overhead + bit_array_overhead + (ROUND_TO(p_count, page_count_align) >> 3); } return heap_node_overhead + @@ -1181,10 +1187,41 @@ bool CMetadata::build_layout_table() // SGX2 metadata required if ((meta_versions & 2u) == 2u) { - // 0x20000 comes from initial emalloc reserve size (0x10000 bytes), - // plus two guard pages (0x8000 bytes each) - uint64_t rts_bk_overhead = calculate_rts_bk_overhead() + 0x20000; - uint64_t user_region_size = ROUND_TO_PAGE(rts_bk_overhead); + // 0x10000 due to the requirement from sgx-emm's min_block_size + uint64_t aligned_overhead = ROUND_TO(calculate_rts_bk_overhead(), 0x10000); + se_trace(SE_TRACE_DEBUG, "raw overhead: 0x%016llX\n", aligned_overhead); + + uint64_t units_of_block_size = aligned_overhead >> 16; + uint8_t reserve_cnt = 0; + while (units_of_block_size > 0) + { + ++reserve_cnt; + units_of_block_size >>= 1; + } + + if (reserve_cnt >= 30) + { + // There's a limit in emalloc.c that max_emalloc_size is 2^28 bytes. So when + // reservation count reaches 30, we reach that limit. + se_trace(SE_TRACE_ERROR, "Exceed RTS bookkeeping limit\n"); + return false; + } + + se_trace(SE_TRACE_DEBUG, "ema reservation time: %d\n", reserve_cnt); + + // The memory reservation implementation in sgx-emm emalloc.c works like this: + // The initial reserve size is 16 pages (0x10000 bytes) and will double the size + // each time a new reservation is needed. That is, we will have these reservation + // sizes: 0x100000B for the 1st reserve, 0x200000B for the 2nd, 0x40000B for the 3rd. + // Therefore, if our rts ema overhead needs one reservation, we need 0x10000B, if it + // needs two reservation, we need 0x10000+0x20000=0x30000B, if it needs three, we + // need 0x10000+0x20000+0x40000=0x70000. + // Therefore, if we scale down 0x10000, we will have this pattern: 1, 3, 7, 15, ... + // which can be described as 2 ^ (number of reservation time) - 1. + // The memory reservation in emalloc.c also reserve two guard pages around the target + // memory region in each reservation, so we need an extra 0x10000B each time. + // Therefore, the total overhead should be (2^reserve_cnt - 1 + reserve_cnt) * 0x10000B. + uint64_t user_region_size = ((1 << reserve_cnt) - 1 + reserve_cnt) << 16; se_trace(SE_TRACE_ERROR, "RTS bookkeeping overhead: 0x%016llX\n", user_region_size); if (m_create_param.user_region_size > 0) @@ -1195,6 +1232,8 @@ bool CMetadata::build_layout_table() uint64_t extra_overhead = (m_create_param.user_region_size >> 15); user_region_size += ROUND_TO_PAGE(extra_overhead); } + se_trace(SE_TRACE_ERROR, "Total user region size: 0x%016llX\n", user_region_size); + memset(&layout, 0, sizeof(layout)); layout.entry.id = LAYOUT_ID_USER_REGION; layout.entry.page_count = (uint32_t)(user_region_size >> SE_PAGE_SHIFT); diff --git a/sdk/simulation/uinst/Makefile b/sdk/simulation/uinst/Makefile index be671b0f5..45bb3fec4 100644 --- a/sdk/simulation/uinst/Makefile +++ b/sdk/simulation/uinst/Makefile @@ -43,7 +43,7 @@ CPPFLAGS += -I$(COMMON_DIR)/inc/ \ -I$(COMMON_DIR)/inc/internal \ -I$(SIM_DIR)/assembly/ \ -I$(SIM_DIR)/assembly/linux \ - -I$(SIM_DIR)/tinst/ \ + -I$(SIM_DIR)/tinst/ \ -I$(LINUX_PSW_DIR)/urts \ -I$(LINUX_PSW_DIR)/urts/linux diff --git a/sdk/simulation/uinst/u_instructions.cpp b/sdk/simulation/uinst/u_instructions.cpp index 278442a74..26e5fa438 100644 --- a/sdk/simulation/uinst/u_instructions.cpp +++ b/sdk/simulation/uinst/u_instructions.cpp @@ -278,6 +278,7 @@ uintptr_t _EINIT(secs_t* secs, enclave_css_t *css, token_t *launch) return SGX_ERROR_INVALID_ATTRIBUTE; } + // From SDM, ISVFAMILYID and ISVEXTPRODID are both included in the secs->reserved4 isv_ext_id_t* isv_ext_id = reinterpret_cast(this_secs->reserved4); if (!(this_secs->attributes.flags & SGX_FLAGS_KSS)) { diff --git a/sdk/switchless/sgx_uswitchless/sl_urts_loader_untrusted.cpp b/sdk/switchless/sgx_uswitchless/sl_urts_loader_untrusted.cpp index 011104284..7739078e7 100644 --- a/sdk/switchless/sgx_uswitchless/sl_urts_loader_untrusted.cpp +++ b/sdk/switchless/sgx_uswitchless/sl_urts_loader_untrusted.cpp @@ -1,3 +1,34 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #include "sl_urts_loader.h" #include "uswitchless.h" #include "sgx_switchless_itf.h" diff --git a/sdk/tlibc/gen/spinlock.c b/sdk/tlibc/gen/spinlock.c index b0bc40847..a856bca9b 100644 --- a/sdk/tlibc/gen/spinlock.c +++ b/sdk/tlibc/gen/spinlock.c @@ -58,15 +58,23 @@ static inline int _InterlockedExchange(int volatile * dst, int val) } +#define MIN_BACKOFF 2 +#define MAX_BACKOFF 1024 uint32_t sgx_spin_lock(sgx_spinlock_t *lock) { while(_InterlockedExchange((volatile int *)lock, 1) != 0) { - while (*lock) { - /* tell cpu we are spinning */ - _mm_pause(); - } + int b = MIN_BACKOFF; + do + { /* tell cpu we are spinning */ + for (int i=0; i < b; i++) { + _mm_pause(); + } + b <<= 1; + if (b > MAX_BACKOFF) { + b = MAX_BACKOFF; + } + } while (*lock); } - return (0); } diff --git a/sdk/tlibthread/sethread_spinlock.cpp b/sdk/tlibthread/sethread_spinlock.cpp index fb3826162..8edab9e6c 100644 --- a/sdk/tlibthread/sethread_spinlock.cpp +++ b/sdk/tlibthread/sethread_spinlock.cpp @@ -38,60 +38,6 @@ #include "sethread_internal.h" #include "sethread_spinlock.h" -//copied from sgx_spinlock - -static inline void _mm_pause(void) /* definition requires -ffreestanding */ -{ - __asm __volatile( - "pause" - ); -} - -static inline int _InterlockedExchange(int volatile * dst, int val) -{ - int res; - - __asm __volatile( - "lock xchg %2, %1;" - "mov %2, %0" - : "=m" (res) - : "m" (*dst), - "r" (val) - : "memory" - ); - - return (res); - -} - -#define MIN_BACKOFF 2 -#define MAX_BACKOFF 1024 -static uint32_t spin_lock(sgx_spinlock_t *lock) -{ - while(_InterlockedExchange((volatile int *)lock, 1) != 0) { - int b = MIN_BACKOFF; - do - { /* tell cpu we are spinning */ - for (int i=0; i < b; i++) - _mm_pause(); - b = b << 1; - if (b > MAX_BACKOFF) b = MAX_BACKOFF; - - } while (*lock); - } - - return (0); -} - - -static uint32_t spin_unlock(sgx_spinlock_t *lock) -{ - *lock = 0; - - return (0); -} - - int sgx_thread_spin_init(sgx_thread_spinlock_t *mutex) { CHECK_PARAMETER(mutex); @@ -107,14 +53,14 @@ int sgx_thread_spin_destroy(sgx_thread_spinlock_t *mutex) { CHECK_PARAMETER(mutex); - spin_lock(&mutex->m_lock); + SPIN_LOCK(&mutex->m_lock); if (mutex->m_owner != SGX_THREAD_T_NULL) { - spin_unlock(&mutex->m_lock); + SPIN_UNLOCK(&mutex->m_lock); return EBUSY; } mutex->m_refcount = 0; - spin_unlock(&mutex->m_lock); + SPIN_UNLOCK(&mutex->m_lock); return 0; } @@ -125,22 +71,22 @@ int sgx_thread_spin_trylock(sgx_thread_spinlock_t *mutex) sgx_thread_t self = (sgx_thread_t)get_thread_data(); - spin_lock(&mutex->m_lock); + SPIN_LOCK(&mutex->m_lock); if (mutex->m_owner == self) { mutex->m_refcount++; - spin_unlock(&mutex->m_lock); + SPIN_UNLOCK(&mutex->m_lock); return 0; } if (mutex->m_owner == SGX_THREAD_T_NULL) { mutex->m_owner = self; mutex->m_refcount++; - spin_unlock(&mutex->m_lock); + SPIN_UNLOCK(&mutex->m_lock); return 0; } - spin_unlock(&mutex->m_lock); + SPIN_UNLOCK(&mutex->m_lock); return EBUSY; } @@ -150,16 +96,16 @@ int sgx_thread_spin_unlock(sgx_thread_spinlock_t *mutex) sgx_thread_t self = (sgx_thread_t)get_thread_data(); - spin_lock(&mutex->m_lock); + SPIN_LOCK(&mutex->m_lock); /* if the mutux is not locked by anyone */ if(mutex->m_owner == SGX_THREAD_T_NULL) { - spin_unlock(&mutex->m_lock); + SPIN_UNLOCK(&mutex->m_lock); return EPERM; } /* if the mutex is locked by another thread */ if (mutex->m_owner != self) { - spin_unlock(&mutex->m_lock); + SPIN_UNLOCK(&mutex->m_lock); return EPERM; } @@ -168,6 +114,6 @@ int sgx_thread_spin_unlock(sgx_thread_spinlock_t *mutex) mutex->m_owner = SGX_THREAD_T_NULL; } - spin_unlock(&mutex->m_lock); + SPIN_UNLOCK(&mutex->m_lock); return 0; } diff --git a/sdk/trts/init_enclave.cpp b/sdk/trts/init_enclave.cpp index 616f23d3c..4297e858f 100644 --- a/sdk/trts/init_enclave.cpp +++ b/sdk/trts/init_enclave.cpp @@ -62,7 +62,6 @@ uint64_t g_enclave_size __attribute__((section(RELRO_SECTION_NAME))) = 0; const volatile global_data_t g_global_data __attribute__((section(".niprod"))) = {VERSION_UINT, 1, 2, 3, 4, 5, 6, 0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 0}, 0}, {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, 0, 0, {{{0, 0, 0, 0, 0, 0, 0}}}, 0, 0, 0}; - // Make sure to access this with atomics or the {get,set}_enclave_state assembly wrappers. uint32_t g_enclave_state __attribute__((section(".nipd"))) = ENCLAVE_INIT_NOT_STARTED;