From 738fb0fad9753da2483c1cb35382fa429f8a6abf Mon Sep 17 00:00:00 2001
From: Italo Sampaio <100376888+italo-sampaio@users.noreply.github.com>
Date: Mon, 25 Nov 2024 09:36:28 -0300
Subject: [PATCH] Adds MRENCLAVE and digest information to SGX build scripts
 (#223)

---
 build-dist-sgx           |  8 ++++++++
 firmware/build/build-sgx | 17 +++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/build-dist-sgx b/build-dist-sgx
index 31052197..a450cbe6 100755
--- a/build-dist-sgx
+++ b/build-dist-sgx
@@ -52,6 +52,14 @@ $ROOT_DIR/firmware/build/build-sgx $CHECKPOINT $DIFFICULTY $NETWORK > /dev/null
 cp $ROOT_DIR/firmware/src/sgx/bin/hsmsgx $HSM_DIR/
 cp $ROOT_DIR/firmware/src/sgx/bin/hsmsgx_enclave.signed $HSM_DIR/
 
+HOST_HASH=$(sha256sum $ROOT_DIR/firmware/src/sgx/bin/hsmsgx | cut -d ' ' -f 1)
+ENCLAVE_HASH=$($ROOT_DIR/firmware/build/extract-mrenclave $ROOT_DIR/firmware/src/sgx/bin/hsmsgx_enclave.signed)
+echo "$HSM_DIR/hsmsgx:"
+echo $HOST_HASH
+echo
+echo "$HSM_DIR/hsmsgx_enclave.signed"
+echo "$ENCLAVE_HASH"
+
 echo
 echo -e "\e[32mBuild complete.\e[0m"
 
diff --git a/firmware/build/build-sgx b/firmware/build/build-sgx
index cbe70d31..f71c86b1 100755
--- a/firmware/build/build-sgx
+++ b/firmware/build/build-sgx
@@ -40,3 +40,20 @@ BUILD_CMD="\$SGX_ENVSETUP && make clean $BUILD_TARGET CHECKPOINT=$1 TARGET_DIFFI
 DOCKER_USER="$(id -u):$(id -g)"
 
 docker run -t --rm --user $DOCKER_USER -w /hsm2/firmware/src/sgx -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"
+
+if [[ $? -ne 0 ]]; then
+    echo "Build failed"
+    exit 1
+fi
+
+HOST_BIN=$HSM_ROOT/firmware/src/sgx/bin/hsmsgx
+ENCLAVE_BIN=$HSM_ROOT/firmware/src/sgx/bin/hsmsgx_enclave.signed
+
+echo "*******************"
+echo "Build successful."
+echo "$(realpath $HOST_BIN --relative-to=$HSM_ROOT):"
+sha256sum $HOST_BIN | cut -d ' ' -f 1
+echo ""
+echo "$(realpath $ENCLAVE_BIN --relative-to=$HSM_ROOT):"
+$BUILD_ROOT/extract-mrenclave $ENCLAVE_BIN
+echo "*******************"