Skip to content

Commit

Permalink
Merge pull request #441 from skalenetwork/feature/438-ubuntu-22
Browse files Browse the repository at this point in the history
Feature/438 ubuntu 22
  • Loading branch information
olehnikolaiev authored Nov 20, 2024
2 parents d027078 + 10bbcf6 commit 7b23e69
Show file tree
Hide file tree
Showing 22 changed files with 89 additions and 72 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/dockerimage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
run: cat /proc/cpuinfo | grep avx512
- name: Login to docker
run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
- uses: actions/checkout@v1
- uses: actions/checkout@v2
- name: submodule update
run: git submodule update --init --recursive
- name: build and deploy test image
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dockerimagebase.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
run: cat /proc/cpuinfo | grep avx512
- name: Login to docker
run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
- uses: actions/checkout@v1
- uses: actions/checkout@v2
- name: submodule update
run: git submodule update --init --recursive
- name: Build the Docker image
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dockerimageintelsubmission.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
run: cat /proc/cpuinfo | grep avx512
- name: Login to docker
run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
- uses: actions/checkout@v1
- uses: actions/checkout@v2
- name: submodule update
run: git submodule update --init --recursive
- name: build and deploy docker image
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dockerimagerelease.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
run: cat /proc/cpuinfo | grep avx512
- name: Login to docker
run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
- uses: actions/checkout@v1
- uses: actions/checkout@v2
- name: Submodule update
run: git submodule update --init --recursive
- name: Create dir for signing enclave
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dockerimagesim.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
run: ls /dev/urandom
- name: Login to docker
run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
- uses: actions/checkout@v1
- uses: actions/checkout@v2
- name: submodule update
run: git submodule update --init --recursive
- name: Build and publish container for testing
Expand Down
7 changes: 2 additions & 5 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,14 @@ RUN apt update && apt install -y curl secure-delete python3-pip
RUN pip3 install --upgrade pip
RUN pip3 install requests torpy




RUN touch /var/hwmode
RUN ./autoconf.bash
RUN ./configure
RUN ./configure --enable-sgx
RUN bash -c "make -j$(nproc)"
RUN ccache -sz
RUN mkdir -p /usr/src/sdk/sgx_data
COPY docker/start.sh ./
COPY docker/check_firewall.py ./
RUN rm -rf /usr/src/sdk/sgx-sdk-build/
RUN rm /opt/intel/sgxsdk/lib64/*_sim.so
RUN rm /opt/intel/sgxsdk/lib64/*_sim.so
ENTRYPOINT ["/usr/src/sdk/start.sh"]
73 changes: 36 additions & 37 deletions DockerfileBase
Original file line number Diff line number Diff line change
@@ -1,35 +1,37 @@
FROM ubuntu:20.04
FROM ubuntu:22.04

RUN apt-get update && apt-get install software-properties-common -y && \
add-apt-repository ppa:ubuntu-toolchain-r/test && \
apt-get update && apt-get install -y \
autoconf \
automake \
build-essential \
cmake \
curl \
debhelper \
git \
libcurl4-openssl-dev \
libprotobuf-dev \
libssl-dev \
libtool \
lsb-release \
ocaml \
ocamlbuild \
protobuf-compiler \
python-is-python3 \
automake \
autoconf \
libtool \
wget \
libcurl4 \
make \
unzip \
python-is-python3 \
libssl-dev \
git \
cmake \
perl \
pkgconf
libcurl4-openssl-dev \
protobuf-compiler \
libprotobuf-dev \
debhelper \
reprepro \
unzip \
pkgconf \
libboost-dev \
libboost-system-dev \
libboost-thread-dev \
lsb-release \
libsystemd0

# RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb && \
# dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb
RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb && \
dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb

RUN git clone -b sgx_2.19 --depth 1 https://github.com/intel/linux-sgx
RUN git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx

RUN cd linux-sgx && make preparation

Expand All @@ -54,26 +56,23 @@ WORKDIR /usr/src/sdk

RUN apt update && \
apt install -yq apt-utils && \
apt install -yq --no-install-recommends vim telnet git ca-certificates perl \
reprepro libboost-all-dev alien uuid-dev libxml2-dev ccache \
yasm flex bison libprocps-dev ccache texinfo \
graphviz doxygen libgnutls28-dev libgcrypt20-dev \
libboost-dev libboost-system-dev libboost-thread-dev lsb-release libsystemd0 && \
# glibc-tools
apt install -yq --no-install-recommends vim telnet ca-certificates perl \
alien uuid-dev libxml2-dev ccache \
yasm libprocps-dev texinfo \
graphviz doxygen libgnutls28-dev libgcrypt20-dev && \
ln -s /usr/bin/ccache /usr/local/bin/clang && \
ln -s /usr/bin/ccache /usr/local/bin/clang++ && \
ln -s /usr/bin/ccache /usr/local/bin/gcc && \
ln -s /usr/bin/ccache /usr/local/bin/g++ && \
ln -s /usr/bin/ccache /usr/local/bin/cc && \
ln -s /usr/bin/ccache /usr/local/bin/c++

RUN cd scripts && ./build_deps.py && \
wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz && \
cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && \
make install && \
cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
cd /usr/src/sdk && \
./autoconf.bash && \
./configure && \
bash -c "make -j$(nproc)"
WORKDIR /usr/src/sdk/scripts
RUN ./build_deps.py
RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz
WORKDIR dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b
RUN cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && make install
WORKDIR /usr/src/sdk/scripts
RUN rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b
WORKDIR /usr/src/sdk
RUN ./autoconf.bash
1 change: 0 additions & 1 deletion DockerfileRelease
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ RUN apt update && apt install -y curl secure-delete python3-pip
RUN pip3 install --upgrade pip
RUN pip3 install requests torpy


RUN touch /var/hwmode
RUN ./autoconf.bash
RUN ./configure --with-sgx-build=release
Expand Down
2 changes: 0 additions & 2 deletions DockerfileSimulation
Original file line number Diff line number Diff line change
@@ -1,11 +1,9 @@
FROM skalenetwork/sgxwallet_base:latest


RUN apt update && apt install -y curl secure-delete python3-pip
RUN pip3 install --upgrade pip
RUN pip3 install requests torpy


RUN ccache -sz

COPY . /usr/src/sdk
Expand Down
4 changes: 2 additions & 2 deletions Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl
#AM_CPPFLAGS += -g -Og


AM_CFLAGS = -DUSER_SPACE -O2 -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
AM_CFLAGS = -DUSER_SPACE -O2 -rdynamic -Wl,--no-as-needed -DSGXWALLET_VERSION="$(WALLET_VERSION)"
AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -DSGXWALLET_VERSION="$(WALLET_VERSION)"


AM_CPPFLAGS += -DSGXWALLET_VERSION="$(WALLET_VERSION)" -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls \
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ leave the enclave unencrypted.
The server provides an initial registration service to issue client certificates to the clients.
The administrator manually approves each registration.

**sgxwallet** has been tested on **Ubuntu Linux 18.04**.
**sgxwallet** has been tested on **Ubuntu Linux 20.04**.

## An important note about production readiness

Expand Down
4 changes: 2 additions & 2 deletions docs/building.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,13 @@ Below is a sequence of commands that builds SDK and installs it into /opt/intel


```bash
git clone -b sgx_2.13 --depth 1 https://github.com/intel/linux-sgx
git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx
cd linux-sgx
make preparation
sudo make sdk_install_pkg_no_mitigation
sudo make psw_install_pkg
cd /opt/intel
sudo sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin'
sudo make psw_install_pkg
sudo cp /linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin .
sudo ./sgx_linux_x64_psw*.bin --no-start-aesm
```
Expand Down
12 changes: 6 additions & 6 deletions docs/enabling-sgx.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ This repo includes the **_sgx_enable_** utility. To enable SGX run:
sudo ./sgx_enable
```

Note: if you are not using Ubuntu 18.04 (Not recommended!), you may need
Note: if you are not using Ubuntu 20.04 (Not recommended!), you may need
to rebuild the sgx-software-enable utility before use by typing:

```bash
Expand All @@ -39,19 +39,19 @@ make
Install make and gcc if you do not have it:

```bash
apt-get install build-essential
apt-get install build-essential
```

Run the following command:

```bash
cd scripts; sudo ./sgx_linux_x64_driver_2.11.0_0373e2e.bin; cd ..
cd scripts; sudo ./sgx_linux_x64_driver_2.11.b6f5b4a.bin; cd ..
```

Alternatively, other driver versions may be downloaded from Intel.
Please note that version `2.11.0_0373e2e` is what is currently supported.
Please note that version `2.11.b6f5b4a` is what is currently supported.

Reboot you machine after driver install. Do `ls /dev/isgx` to check that `isgx` device is properly installed.
Reboot you machine after driver install. Do `ls /dev/isgx` to check that `isgx` device is properly installed.
If you do not see the `isgx` device, you need to troubleshoot your driver installation.

If driver installation fails, you can also try installing driver from the
Expand All @@ -65,7 +65,7 @@ And then follow instructions in README.md

## Troubleshooting Installation

- If the message `intel_sgx: SGX is not enabled` appears in `/var/log/syslog`
- If the message `intel_sgx: SGX is not enabled` appears in `/var/log/syslog`
Intel SGX needs to be enabled in BIOS.

- If you are running in Intel SGX hardware mode, make sure you have device
Expand Down
4 changes: 3 additions & 1 deletion jsonrpc/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -66,9 +66,10 @@ cd ../..

git clone https://github.com/curl/curl.git
cd curl
git checkout curl-8_2_1
mkdir -p build
cd build
cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DOPENSSL_ROOT_DIR=$OPENSSL_SRC -DBUILD_CURL_EXE=OFF -DBUILD_TESTING=OFF -DCMAKE_USE_LIBSSH2=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_LDAP=ON -DCURL_STATICLIB=ON -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE ..
cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DOPENSSL_ROOT_DIR=$OPENSSL_SRC -DBUILD_CURL_EXE=OFF -DBUILD_TESTING=OFF -DCURL_USE_LIBSSH2=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_LDAP=ON -DCURL_STATICLIB=ON -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE ..
echo " " >> lib/curl_config.h
echo "#define HAVE_POSIX_STRERROR_R 1" >> lib/curl_config.h
echo " " >> lib/curl_config.h
Expand Down Expand Up @@ -116,6 +117,7 @@ cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_T
-DWITH_COVERAGE=NO \
-DARGTABLE_INCLUDE_DIR=../../argtable2/src \
-DARGTABLE_LIBRARY=$INSTALL_ROOT/lib/libargtable2${DEBUG_D}.a \
-DCURL_INCLUDE_DIR=$INSTALL_ROOT/include \
-DJSONCPP_INCLUDE_DIR=$INSTALL_ROOT/include \
..
make
Expand Down
4 changes: 2 additions & 2 deletions scripts/build_deps.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@
# @date 2018
#

import sys
import os
import subprocess

os.chdir("..")
topDir = os.getcwd()
print("Starting build")
Expand Down Expand Up @@ -94,7 +94,7 @@
print("Install Linux SDK");

os.chdir(SCRIPTS_DIR)
assert subprocess.call(["bash", "-c", "./sgx_linux_x64_sdk_2.19.100.3.bin --prefix=" + topDir + "/sgx-sdk-build"]) == 0
assert subprocess.call(["bash", "-c", "./sgx_linux_x64_sdk_2.25.100.3.bin --prefix=" + topDir + "/sgx-sdk-build"]) == 0

print("Make GMP");

Expand Down
27 changes: 24 additions & 3 deletions scripts/install_packages.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,26 @@
#!/bin/bash
sudo apt update
sudo apt install -y build-essential make gcc g++ yasm python flex bison automake
sudo apt install -y ccache cmake ccache autoconf texinfo libgcrypt20-dev libgnutls28-dev libtool pkg-config glibc-tools
sudo apt install -y ocaml ocamlbuild
sudo apt install -y build-essential \
ocaml \
ocamlbuild \
automake \
autoconf \
libtool \
wget \
python-is-python3 \
libssl-dev \
git \
cmake \
perl \
libcurl4-openssl-dev \
protobuf-compiler \
libprotobuf-dev \
debhelper \
reprepro \
unzip \
pkgconf \
libboost-dev \
libboost-system-dev \
libboost-thread-dev \
lsb-release \
libsystemd0
Binary file removed scripts/sgx_linux_x64_driver_2.11.54c9c4c.bin
Binary file not shown.
Binary file added scripts/sgx_linux_x64_driver_2.11.b6f5b4a.bin
Binary file not shown.
Binary file removed scripts/sgx_linux_x64_sdk_2.19.100.3.bin
Binary file not shown.
Binary file added scripts/sgx_linux_x64_sdk_2.25.100.3.bin
Binary file not shown.
9 changes: 5 additions & 4 deletions secure_enclave/secure_enclave.c
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
return (void *) nptr;
}

volatile uint64_t counter;
volatile uint64_t counter = 0;

void get_global_random(unsigned char *_randBuff, uint64_t _size) {
char errString[BUF_LEN];
Expand All @@ -220,10 +220,11 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
CHECK_STATE(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS);
CHECK_STATE(sgx_sha256_update(globalRandom, 32, shaStateHandle) == SGX_SUCCESS);
CHECK_STATE(sgx_sha256_update(&counter, sizeof(counter), shaStateHandle) == SGX_SUCCESS);
CHECK_STATE(sgx_sha256_get_hash(shaStateHandle, (sgx_sha256_hash_t *)globalRandom) == SGX_SUCCESS);
unsigned char tmpBuffer[32];
CHECK_STATE(sgx_sha256_get_hash(shaStateHandle, (sgx_sha256_hash_t *)tmpBuffer) == SGX_SUCCESS);
CHECK_STATE(sgx_sha256_close(shaStateHandle) == SGX_SUCCESS);

memcpy(_randBuff, globalRandom, _size);
memcpy(_randBuff, tmpBuffer, _size);
}

void sealHexSEK(int *errStatus, char *errString,
Expand Down

0 comments on commit 7b23e69

Please sign in to comment.