Skip to content

Commit

Permalink
Change flags order in CXX call, revert to focal
Browse files Browse the repository at this point in the history
  • Loading branch information
@delneg
delneg committed Mar 15, 2024
1 parent ef75b56 commit db45498
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 6 deletions.
2 changes: 1 addition & 1 deletion docker/deb.Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
############ Install Intel SGX SDK & SGX PSW
FROM ghcr.io/sigmagmbh/sgx:2.23-jammy-554238b as base
FROM ghcr.io/sigmagmbh/sgx:2.23-focal-77382c8 as base
RUN wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -
RUN apt-get update

Expand Down
15 changes: 10 additions & 5 deletions sgxvm/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ ENCLAVE_HOME ?= $(HOME)/.swisstronik-enclave
Trts_Library_Name = sgx_trts
Service_Library_Name = sgx_tservice
Enclave_build_feature = hardware_mode
# Enable the security flags
Enclave_Security_Link_Flags := -Wl,-z,relro,-z,now,-z,noexecstack

# ENCLAVE SETTINGS
ifneq ($(SGX_MODE), HW)
Expand Down Expand Up @@ -75,11 +77,14 @@ endef

define compile_unsigned_enclave
@echo "Compile into unsinged enclave"
@$(CXX) $(CURDIR)/Enclave_t.o -o $(CURDIR)/enclave.unsigned.so -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L/opt/intel/sgxsdk/lib64 \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -lsgx_dcap_tvl -l$(Service_Library_Name) -lsgx_tcrypto -lsgx_tprotected_fs -lpthread \
-L$(CURDIR)/sgx-artifacts/lib -lenclave -Wl,--end-group -Wl,--version-script=$(CURDIR)/Enclave.lds -Wl,-z,relro,-z,now,-z,noexecstack -Wl,-Bstatic -Wl,-Bsymbolic \
-Wl,--no-undefined -Wl,-pie,-eenclave_entry -Wl,--export-dynamic -Wl,--gc-sections -Wl,--defsym,__ImageBase=0
@$(CXX) $(CURDIR)/Enclave_t.o -o $(CURDIR)/enclave.unsigned.so $(Enclave_Security_Link_Flags) -fPIC \
-Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L/opt/intel/sgxsdk/lib64 \
-Wl,--whole-archive -lsgx_dcap_tvl -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Service_Library_Name) -lsgx_tcrypto -lsgx_tprotected_fs -lpthread -L$(CURDIR)/sgx-artifacts/lib -lenclave -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--gc-sections -Wl,--defsym,__ImageBase=0 \
-Wl,--version-script=$(CURDIR)/Enclave.lds
endef

define sign_enclave
Expand Down

0 comments on commit db45498

Please sign in to comment.