使用 CMake 编译原因 SGX_ERROR_UNEXPECTED?
using CMake to complie cause SGX_ERROR_UNEXPECTED?
最近在学习intel sgx sdk
今天我在我的代码中发现了一个问题,并且在 intel DOC 或 WEB 中找不到任何解释。
在某些情况下,当我调用 sgx_create_enclave 时,代码将 return SGX_ERROR_UNEXPECTED。我认为我的 CMakeLists.txt(我使用 cmake 来编译我项目中不受信任的部分)有问题,因为当我使用 sdk 示例中的模板 Makefile 进行编译时,代码 运行 正确。更多细节吹:
代码将 运行 在这些情况下成功:
* compile with Makefile
* compile with cmake and comment out app.cpp:21
代码在这种情况下会return错误:
* compile with cmake and do not comment out app.cpp:21
此处提供代码(我已删除所有不必要的代码): https://github.com/chilogen/workspace/tree/master/error/SimpleEnclave
app.cpp
#include "enclave_u.h"
#include <sgx_urts.h>
#include <sgx_uae_service.h>
#include <sgx_ukey_exchange.h>
#include <iostream>
using namespace std;
class testClass {
public:
sgx_launch_token_t _token = {0};
sgx_enclave_id_t _eid;
sgx_ra_context_t _ctx;
void init_enclave();
bool request(uint8_t *src, uint32_t srcLen, uint8_t *cmac);
//will set _ctx here
//void do_attestation();
}x;
bool testClass::request(uint8_t *src, uint32_t srcLen, uint8_t *cmac) {
sgx_status_t retval,status;
status = ecall_calcmac(_eid, &retval,&_ctx, SGX_RA_KEY_SK, src, srcLen, cmac);
return true;
}
void testClass::init_enclave(){
sgx_enclave_id_t global_eid;
sgx_launch_token_t token={0};
sgx_status_t ret;
int updated=0;
ret=sgx_create_enclave("enclave.signed.so",SGX_DEBUG_FLAG, \
&token,&updated,&global_eid,NULL);
if(ret!=SGX_SUCCESS){
std::cout<<"error init enclavedsfdsf\n";
printf("%08x\n",ret);
exit(1);
}
}
int main(){
x.init_enclave();
return 0;
}
CMakeLists.txt
include_directories (/opt/intel/sgxsdk/include)
link_directories (/opt/intel/sgxsdk/lib64)
add_library (enclave_untrusted enclave_u.c)
add_executable (app app.cpp)
target_link_libraries (app enclave_untrusted sgx_ukey_exchange sgx_urts sgx_uae_service pthread)
Makefile(我认为这是重要的部分,如果你对 intel sgx 不太了解,那么你仍然可以检查 CMakeLists.txt 和 Makefile 之间的区别)
## 新交所 SDK 设置
SGX_SDK ?= /opt/intel/sgxsdk
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
######## App Settings ########
App_Include_Paths := -I$(SGX_SDK)/include
App_Link_Flags := -L /opt/intel/sgxsdk/lib64 -lsgx_urts -lsgx_ukey_exchange -lsgx_uae_service -pthread
.PHONY: all
all: app
######## App Objects ########
enclave_u.c: $(SGX_EDGER8R) enclave.edl
@$(SGX_EDGER8R) --untrusted enclave.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
enclave_u.o: enclave_u.c
@$(CC) $(App_Include_Paths) -c $< -o $@
@echo "CC <= $<"
app.o: app.cpp
@$(CXX) $(App_Include_Paths) -c $< -o $@
@echo "CXX <= $<"
app: app.o enclave_u.o
@$(CXX) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
.PHONY: clean
clean:
@rm -f *.o app
更新:compile.sh
gcc -c -I /opt/intel/sgxsdk/include/ -o enclave_u.o enclave_u.c
g++ -c app.cpp -o app.o -I /opt/intel/sgxsdk/include/
g++ -o app app.o enclave_u.o -L /opt/intel/sgxsdk/lib64 -lsgx_urts -lsgx_ukey_exchange -lsgx_uae_service -pthread
所以,我的代码(或CMakeLists.txt)有什么问题,我该怎么办?
如果你能给我一些想法,我将非常感激。
尝试使用基于目标 API 而不是基于目录:
add_library (enclave_untrusted enclave_u.c)
add_executable (app app.cpp)
target_include_directories (enclave_untrusted PUBLIC /opt/intel/sgxsdk/include)
target_link_libraries (enclave_untrusted PUBLIC
"/opt/intel/sgxsdk/lib64/libsgx_urts.a"
"/opt/intel/sgxsdk/lib64/libsgx_ukey_exchange.a"
"/opt/intel/sgxsdk/lib64/libsgx_uae_service.a"
)
target_link_libraries (app PRIVATE enclave_untrusted pthread)
但我建议使用适当的 CMake 库,例如 SGX-CMake
问题还是很奇怪。我可以使用 SGX-CMAKE 修复此处的示例,但今天早上它似乎不适用于我的项目。然而,经过多次尝试(我不知道哪个是关键),它现在适用于我的项目。我会继续寻找所有这些背后的关键,如果找到的话,我会在这里更新。
目前,如果有人需要,我会上传上面示例的CMakeLists.txt。
list(APPEND CMAKE_MODULE_PATH ${PATH_TO_FindSGX.cmake_FILE})
find_package(SGX REQUIRED)
set(CMAKE_C_FLAGS "-fpie -fPIC -fstack-protector -g -O2")
set(CMAKE_CXX_FLAGS "-fpie -fPIC -fstack-protector -g -std=c++11 -O2 -DDEBUG -UNDEBUG -UEDEBUG")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
set(EDL_SEARCH_PATHS .)
set(E_SRCS enclave.c)
set(LDS Enclave_debug.lds)
add_enclave_library(enclave SRCS ${E_SRCS} EDL enclave.edl EDL_SEARCH_PATHS
${EDL_SEARCH_PATHS} LDSCRIPT ${LDS})
enclave_sign(enclave KEY Enclave_private.pem CONFIG Enclave.config.xml)
set(SRCS app.cpp)
add_untrusted_executable(app SRCS ${SRCS} EDL enclave.edl EDL_SEARCH_PATHS
${EDL_SEARCH_PATHS})
最近在学习intel sgx sdk
今天我在我的代码中发现了一个问题,并且在 intel DOC 或 WEB 中找不到任何解释。
在某些情况下,当我调用 sgx_create_enclave 时,代码将 return SGX_ERROR_UNEXPECTED。我认为我的 CMakeLists.txt(我使用 cmake 来编译我项目中不受信任的部分)有问题,因为当我使用 sdk 示例中的模板 Makefile 进行编译时,代码 运行 正确。更多细节吹:
代码将 运行 在这些情况下成功:
* compile with Makefile
* compile with cmake and comment out app.cpp:21
代码在这种情况下会return错误:
* compile with cmake and do not comment out app.cpp:21
此处提供代码(我已删除所有不必要的代码): https://github.com/chilogen/workspace/tree/master/error/SimpleEnclave
app.cpp
#include "enclave_u.h"
#include <sgx_urts.h>
#include <sgx_uae_service.h>
#include <sgx_ukey_exchange.h>
#include <iostream>
using namespace std;
class testClass {
public:
sgx_launch_token_t _token = {0};
sgx_enclave_id_t _eid;
sgx_ra_context_t _ctx;
void init_enclave();
bool request(uint8_t *src, uint32_t srcLen, uint8_t *cmac);
//will set _ctx here
//void do_attestation();
}x;
bool testClass::request(uint8_t *src, uint32_t srcLen, uint8_t *cmac) {
sgx_status_t retval,status;
status = ecall_calcmac(_eid, &retval,&_ctx, SGX_RA_KEY_SK, src, srcLen, cmac);
return true;
}
void testClass::init_enclave(){
sgx_enclave_id_t global_eid;
sgx_launch_token_t token={0};
sgx_status_t ret;
int updated=0;
ret=sgx_create_enclave("enclave.signed.so",SGX_DEBUG_FLAG, \
&token,&updated,&global_eid,NULL);
if(ret!=SGX_SUCCESS){
std::cout<<"error init enclavedsfdsf\n";
printf("%08x\n",ret);
exit(1);
}
}
int main(){
x.init_enclave();
return 0;
}
CMakeLists.txt
include_directories (/opt/intel/sgxsdk/include)
link_directories (/opt/intel/sgxsdk/lib64)
add_library (enclave_untrusted enclave_u.c)
add_executable (app app.cpp)
target_link_libraries (app enclave_untrusted sgx_ukey_exchange sgx_urts sgx_uae_service pthread)
Makefile(我认为这是重要的部分,如果你对 intel sgx 不太了解,那么你仍然可以检查 CMakeLists.txt 和 Makefile 之间的区别)
## 新交所 SDK 设置SGX_SDK ?= /opt/intel/sgxsdk
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
######## App Settings ########
App_Include_Paths := -I$(SGX_SDK)/include
App_Link_Flags := -L /opt/intel/sgxsdk/lib64 -lsgx_urts -lsgx_ukey_exchange -lsgx_uae_service -pthread
.PHONY: all
all: app
######## App Objects ########
enclave_u.c: $(SGX_EDGER8R) enclave.edl
@$(SGX_EDGER8R) --untrusted enclave.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
enclave_u.o: enclave_u.c
@$(CC) $(App_Include_Paths) -c $< -o $@
@echo "CC <= $<"
app.o: app.cpp
@$(CXX) $(App_Include_Paths) -c $< -o $@
@echo "CXX <= $<"
app: app.o enclave_u.o
@$(CXX) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
.PHONY: clean
clean:
@rm -f *.o app
更新:compile.sh
gcc -c -I /opt/intel/sgxsdk/include/ -o enclave_u.o enclave_u.c
g++ -c app.cpp -o app.o -I /opt/intel/sgxsdk/include/
g++ -o app app.o enclave_u.o -L /opt/intel/sgxsdk/lib64 -lsgx_urts -lsgx_ukey_exchange -lsgx_uae_service -pthread
所以,我的代码(或CMakeLists.txt)有什么问题,我该怎么办?
如果你能给我一些想法,我将非常感激。
尝试使用基于目标 API 而不是基于目录:
add_library (enclave_untrusted enclave_u.c)
add_executable (app app.cpp)
target_include_directories (enclave_untrusted PUBLIC /opt/intel/sgxsdk/include)
target_link_libraries (enclave_untrusted PUBLIC
"/opt/intel/sgxsdk/lib64/libsgx_urts.a"
"/opt/intel/sgxsdk/lib64/libsgx_ukey_exchange.a"
"/opt/intel/sgxsdk/lib64/libsgx_uae_service.a"
)
target_link_libraries (app PRIVATE enclave_untrusted pthread)
但我建议使用适当的 CMake 库,例如 SGX-CMake
问题还是很奇怪。我可以使用 SGX-CMAKE 修复此处的示例,但今天早上它似乎不适用于我的项目。然而,经过多次尝试(我不知道哪个是关键),它现在适用于我的项目。我会继续寻找所有这些背后的关键,如果找到的话,我会在这里更新。
目前,如果有人需要,我会上传上面示例的CMakeLists.txt。
list(APPEND CMAKE_MODULE_PATH ${PATH_TO_FindSGX.cmake_FILE})
find_package(SGX REQUIRED)
set(CMAKE_C_FLAGS "-fpie -fPIC -fstack-protector -g -O2")
set(CMAKE_CXX_FLAGS "-fpie -fPIC -fstack-protector -g -std=c++11 -O2 -DDEBUG -UNDEBUG -UEDEBUG")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
set(EDL_SEARCH_PATHS .)
set(E_SRCS enclave.c)
set(LDS Enclave_debug.lds)
add_enclave_library(enclave SRCS ${E_SRCS} EDL enclave.edl EDL_SEARCH_PATHS
${EDL_SEARCH_PATHS} LDSCRIPT ${LDS})
enclave_sign(enclave KEY Enclave_private.pem CONFIG Enclave.config.xml)
set(SRCS app.cpp)
add_untrusted_executable(app SRCS ${SRCS} EDL enclave.edl EDL_SEARCH_PATHS
${EDL_SEARCH_PATHS})