# There's no concept of debuginfo for SGX enclaves %define debug_package %{nil} # The enclave code must be built with very specific build # flags, that are different from what is used to build # native code. Thus we cannot globally set the CFLAGS etc # Although a few native binaries are built in this package, # they are not shipped, merely used as local build tools %undefine _auto_set_build_flags # By default we will aim to ship the pre-built signed # enclaves which have a reproducible build process. # If wanting to experiment with custom patches, turn # this off, and only the unsigned enclaves will be # packaged. %define with_prebuilt_enclaves 1 # By default we will aim to verify the reproduced # enclave build against the prebuilt enclave, even # if we're not ultimately shipping the prebuilt. %define with_prebuilt_verification 1 # Set to 1 to validate that each .o file matches the # recorded .o from the SGX reproducible build. This # aids in debugging where reproducibility failures lie # so should be left on when validating prebuilt enclaves. %define with_prebuilt_obj_hashes 1 ############################################################ # # Note about the approach to bundling... # # The linux-sgx project build system is written with the assumption # that a monolithic repo is being used with all dependencies # present at specific versions and in particular locations. # # Fully untangling this is impractical/unsustainable, because the # build system in fact has circular dependencies between what might # otherwise look like independent projects. ie linux-sgx depends # on headers from dcap, but dcap depends on headers from linux-sgx. # In addition, some of the 3rd party projects that are consumed are # patched with SGX enclave specific changes. # # For enclave builds, there will be no ability to share existing # binaries built for native Fedora, as everything must be built # for the enclave environment, with its own C runtime. Thus trying # to unbundle has little benefit for enclave related dependencies. # # This package is thus written such # # * All the SGX related projects provided by Intel are bundled. # * SGX enclave code is built with bundled 3rd party projects. # * Native OS code is built with system packages for non-SGX # related dependencies. # # None of the native code that is built in this package is # actually shipped. It is merely building tools to assist in # building the enclaves. ############################################################ # # Note about the approach to toolchains... # # The pre-built signed enclaves provided by Intel have a # reproducible build process. This has a dependency on # specific versions of gcc, binutils & nasm, along with # requirements for the build configuration of these. There # is also a (surprising) dependency on precise versions of # glibc headers & kernel headers for the enclave code. The # enclaves don't link to glibc, nor make linux syscalls. # These headers are needed to get a handful of typedefs. # The precise versions are none the less required, because # GCC generates static varibles in ASM when names that # include counters derived from the set of declarations # parsed in the headers :-( # # The enclave code also cannot use the standard Fedora # compiler/linker flags, because these all affect the # ability to have reproducible builds. The SGX build system # though does include various hardening flags in its own # Makefiles to mitigate risks directly applicable to the # enclaves. # # The native OS (non-enclave) code is built using the regular # Fedora GCC toolchain, along with standard compiler/linker # flags. ############################################################ # # A note about versions # # When rebasing to new linux-sgx releases, bump all the following # versions based on what the new release depends on (see various # git submodule tags and code files). # %define linux_sgx_version 2.25 # From SGX git submodule %define dcap_version 1.22 # From DCAP git submodule %define dcap_qvl_version 1.21 # From DCAP git submodule %define dcap_qvs_version 1.1.0-2885 # From SGX external/sgxssl/prepare_sgxssl.sh %define sgx_ssl_version 3.0_Rev4 # From SGX git submodule %define ipp_crypto_version 2021.12.1 # From SGX git submodule %define sgx_emm_version 1.0.3 # From SGX external/sgxssl/prepare_sgxssl.sh %define openssl_version 3.0.14 # From SGX git submodule %define libcbor_version 0.10.2 # From DCAP git submodule %define jwt_cpp_version 0.6.0 # From SGX external/epid-sdk/CHANGELOG.md %define epid_version 6.0.0 # From SGX external/rdrand/src/configure.ac %define rdrand_version 1.1 %define vtune_version 2018 # Reproducible build toolchain versions. These match the NixOS # toolchain packages listed in linux/reproducibility/Dockerfile. # These almost never change, but must match exactly otherwise # the .o file contents will not be reproducible %define sgx_gcc_version 9.5.0 %define sgx_binutils_version 2.40 %define sgx_nasm_version 2.16.01 %define sgx_glibc_headers_version 2.38 %define sgx_kernel_headers_version 5.17 # The "_alt" versions are a bit of a face-palm bug in the # 2.25 release of linux-sgx, with ippcrypto build process # # https://github.com/intel/linux-sgx/issues/1045 %define sgx_glibc_headers_alt_version 2.34 # The enclaves in prebuilt_dcap_N.M.tar.gz are not guaranteed # to all be built from the latest linux-sgx release. Intel only # re-builds & re-signs enclaves which have had functional changes # in the latest release. # # Look in README.txt for the prebuilt_dcap_N.M.tar.gz files to # see what linux-sgx release Intel built each enclave from. In this # package we only intend to build & distribute enclaves which match # our SGX/DCAP versions. If not all enclaves were built with this # release, we'll retain one or more "compat" packages to build and # distribute any enclaves from the older release(s). # # If version below doesn't match current SGX version # then we don't build / ship the enclave in question & # must modify repack.sh to strip the binary from the # tarball %define enclave_pce_version 2.25 %define enclave_ide_version 2.25 %define enclave_qe3_version 2.25 %define enclave_tdqe_version 2.25 %define enclave_qve_version 2.25 # If setting any of these to 0, modify repack.sh to strip # the binary from the prebuilt_dcap tarball # Provisioning Certification Enclave. Required. ECDSA quote signing %define with_enclave_pce 1 # ID Enclave. Required. Hardware identification %define with_enclave_ide 1 # Quoting Enclave. Required for non-TDX usage. ECDSA quote generation %define with_enclave_qe3 1 # Quoting Enclave. Required for TDX usage. ECDSA quote generation %define with_enclave_tdqe 1 # Quote Verification Enclave. Optional. ECDSA quote verification # # XXX Disabled as it links to an openssl build that has crypto # algorithms that haven't been approved by legal & thus it is # currently unknown if we can ship such code. See also comments # against Patch0202/Patch0203 later %define with_enclave_qve 0 # For all enabled enclaves, determine if the prebuilt signed # enclave matches this release. If not, we don't need to try # to reproduce, as a parallel built previous release will be # reproducing and shipping it %define _with_enclave_pce %{expr:"%{enclave_pce_version}" == "%{version}" ? %{with_enclave_pce} : 0} %define _with_enclave_ide %{expr:"%{enclave_ide_version}" == "%{version}" ? %{with_enclave_ide} : 0} %define _with_enclave_qe3 %{expr:"%{enclave_qe3_version}" == "%{version}" ? %{with_enclave_qe3} : 0} %define _with_enclave_tdqe %{expr:"%{enclave_tdqe_version}" == "%{version}" ? %{with_enclave_tdqe} : 0} %define _with_enclave_qve %{expr:"%{enclave_qve_version}" == "%{version}" ? %{with_enclave_qve} : 0} Name: linux-sgx-enclaves-reproducible2.25 Version: %{linux_sgx_version} Release: 1%{?dist} Summary: Intel Linux SGX SDK and Platform Software # The entire source code is BSD, except some third party projects are # under other licenses listed in License.txt. License: BSD-3-Clause AND Apache-2.0 AND MIT AND OpenSSL AND ISC AND BSD-2-Clause AND GPL-2.0-only AND SMLNJ AND NCSA AND Apache-1.0 AND FSFAP AND BSD-4-Clause-UC AND FSFUL AND Zlib AND (Apache-2.0 OR GPL-2.0-or-later) AND EPL-1.0 AND MS-PL AND BSD-4-Clause AND MIT-0 URL: https://github.com/intel/linux-sgx ############################################################ # SGX related projects SourceN for N in (0..9) Source0: https://github.com/intel/linux-sgx/archive/refs/tags/sgx_%{linux_sgx_version}_reproducible.tar.gz#/linux-sgx-%{linux_sgx_version}-reproducible.tar.gz Source1: https://github.com/intel/SGXDataCenterAttestationPrimitives/archive/refs/tags/dcap_%{dcap_version}_reproducible.tar.gz Provides: bundled(dcap) = %{dcap_version} # repack.sh purges AE's that we're not shipping & 'prebuilt/' (openssl / OPA binaries) Source2: https://download.01.org/intel-sgx/sgx-dcap/%{dcap_version}/linux/prebuilt_dcap_%{dcap_version}-repacked.tar.gz Source3: https://github.com/intel/intel-sgx-ssl/archive/refs/tags/%{sgx_ssl_version}.tar.gz#/intel-sgx-ssl-%{sgx_ssl_version}.tar.gz Provides: bundled(sgxssl) = %{sgx_ssl_version} Source4: https://github.com/intel/ipp-crypto/archive/refs/tags/ippcp_%{ipp_crypto_version}.tar.gz Provides: bundled(ipp-crypto) = %{ipp_crypto_version} Source5: https://github.com/intel/sgx-emm/archive/refs/tags/sgx-emm-%{sgx_emm_version}.tar.gz Provides: bundled(sgx-emm) = %{sgx_emm_version} Source6: https://github.com/intel/SGX-TDX-DCAP-QuoteVerificationLibrary/archive/refs/heads/DCAP/%{dcap_qvl_version}.tar.gz#/dcap-qvl-%{dcap_qvl_version}.tar.gz Provides: bundled(dcap-qvl} = %{dcap_qvl_version} Source7: https://github.com/intel/SGX-TDX-DCAP-QuoteVerificationService/archive/refs/tags/v%{dcap_qvs_version}.tar.gz#/dcap-qvs-%{dcap_qvs_version}.tar.gz Provides: bundled(dcap-qvs} = %{dcap_qvs_version} ############################################################ # 3rd party projects SourceN for N in (10..19) Source10: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz Provides: bundled(openssl) = %{openssl_version} Source11: https://github.com/PJK/libcbor/archive/refs/tags/v%{libcbor_version}.tar.gz#/libcbor-%{libcbor_version}.tar.gz Provides: bundled(libcbor) = %{libcbor_version} # NB, Fedora has cpp-jwt which is NOT the same library ! Source12: https://github.com/Thalhammer/jwt-cpp/archive/refs/tags/v%{jwt_cpp_version}.tar.gz#/jwt-cpp-%{jwt_cpp_version}.tar.gz Provides: bundled(jwt-cpp) = %{jwt_cpp_version} ############################################################ # Misc distro build helper files SourceN in (30..49) Source30: mungeelf.c Source31: sgx-asm-pp-wrap.py Source32: verify-ae.sh ############################################################ # Record of hashes of .o & .a files from reproducible build Source40: build-ippcp-plain.sha256 Source41: build-ippcp-cf.sha256 Source42: build-ippcp-load.sha256 Source43: build-sdk-plain.sha256 Source44: build-sdk-cf.sha256 Source45: build-sdk-load.sha256 Source46: build-ae.sha256 ############################################################ # External projects that have been copied in tarballs as bundles # In external/epid-sdk/ Provides: bundled(epid-sdk) = %{epid_version} # In external/rdrand/ Provides: bundled(RdRand) = %{rdrand_version} # In external/vtune/ Provides: bundled(vtune) = %{vtune_version} ############################################################ # Distro integration patches # 0000-0099 -> against linux-sgx.git Patch0000: 0000-Use-distro-libcrypto-and-tinyxml2-for-signtool.patch Patch0001: 0001-Use-distro-provided-openssl-instead-of-prebuilt-copy.patch # https://github.com/intel/linux-sgx/pull/1055 Patch0002: 0002-Improve-make-debuggability.patch Patch0003: 0003-Avoid-cloning-ippcp-git-repo-during-build.patch Patch0004: 0004-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch # https://github.com/intel/linux-sgx/pull/1062 Patch0005: 0005-Enable-pointing-enclave-build-to-alternative-glibc-h.patch # https://github.com/intel/linux-sgx/pull/1061 Patch0006: 0006-Set-dynamic-linker-interpretor-path.patch # https://github.com/intel/linux-sgx/pull/1056 Patch0007: 0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch # 0100-0199 -> against SGXDataCenterAttestationPrimitives.git # https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/435 Patch0100: 0100-Set-dynamic-linker-interpretor-path.patch Patch0101: 0101-Rewrite-filenames-used-by-cpp-library-asserts.patch # https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/433 Patch0102: 0102-Don-t-hide-QvE-build-commands.patch # https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/436 Patch0103: 0103-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch # 0200-0299 -> against intel-sgx-ssl.git Patch0200: 0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch Patch0201: 0201-Workaround-missing-output-directory.patch # XXX these 2 changes break reproducibility of openssl and thus # of qve enclave. # # We apply them for the general "sdk" build of sgxssl, but # skip them in the qve build of sgxssl. This means we cannot # enable qve builds in Fedora infra though, until we can # determine whether disabling various ciphers in Fedora is still # a legal requirement, or we can build un-hacked openssl. Patch0202: 0202-Disable-various-EC-crypto-features.patch Patch0203: 0203-Disable-sm2-and-sm4-crypto-algorithms.patch # 0300-0399 -> against ipp-crypto.git Patch0300: 0300-Drop-min-openssl-from-3.0.8-to-3.0.7.patch BuildRequires: sgx-srpm-macros # Toolchain components / dependencies affecting build reproducibility BuildRequires: sgx-compat-gcc%{sgx_gcc_version} = %{sgx_gcc_version} BuildRequires: sgx-compat-binutils%{sgx_binutils_version} = %{sgx_binutils_version} BuildRequires: sgx-compat-nasm%{sgx_nasm_version} = %{sgx_nasm_version} BuildRequires: sgx-compat-glibc-headers%{sgx_glibc_headers_version} = %{sgx_glibc_headers_version} BuildRequires: sgx-compat-kernel-headers%{sgx_kernel_headers_version} = %{sgx_kernel_headers_version} # See earlier comment about linux-sgx bug BuildRequires: sgx-compat-glibc-headers%{sgx_glibc_headers_alt_version} = %{sgx_glibc_headers_alt_version} # Toolchain components / dependencies NOT affecting reproducibility BuildRequires: autoconf BuildRequires: automake BuildRequires: binutils BuildRequires: libtool BuildRequires: make BuildRequires: cmake BuildRequires: ocaml BuildRequires: ocaml-ocamlbuild BuildRequires: openssl-devel BuildRequires: libcurl-devel BuildRequires: python3-devel BuildRequires: perl-generators BuildRequires: perl-interpreter BuildRequires: perl-devel BuildRequires: perl(FindBin) BuildRequires: perl(lib) BuildRequires: perl(IPC::Cmd) BuildRequires: python-unversioned-command BuildRequires: tinyxml2-devel # SGX is a technology that only exists in Intel x86 CPUs ExclusiveArch: x86_64 %description The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. # We always provide the unsigned enclaves, but only # provide signed version if it was signed in this # release. %global do_package() \ %if %2 \ %package -n sgx-enclave-reproducible-%1-unsigned \ Summary: SGX %1 enclave (unsigned, reproducible) \ \ Provides: sgx-enclave(%1:unsigned) = %3 \ Provides: sgx-enclave(%1:unsigned:reproducible) = %3 \ \ %description -n sgx-enclave-reproducible-%1-unsigned \ This package contains the unsigned SGX %1 enclave \ created using a reproducible build process to match \ the prebuilt, signed enclaves. \ \ \ %if %{with_prebuilt_enclaves} \ %package -n sgx-enclave-reproducible-%1-signed \ Summary: SGX %1 enclave (signed, reproducible, prebuilt) \ \ Provides: sgx-enclave(%1:signed) = %3 \ Provides: sgx-enclave(%1:signed:reproducible) = %3 \ Provides: sgx-enclave(%1:signed:prebuilt) = %3 \ \ %description -n sgx-enclave-reproducible-%1-signed \ This package contains the signed SGX %1 enclave, \ prebuilt by Intel, verified with a reproducible \ build process. \ %endif \ %endif %do_package pce %{_with_enclave_pce} %{linux_sgx_version} %do_package ide %{_with_enclave_ide} %{dcap_version} %do_package qe3 %{_with_enclave_qe3} %{dcap_version} %do_package tdqe %{_with_enclave_tdqe} %{dcap_version} %do_package qve %{_with_enclave_qve} %{dcap_version} %prep %setup -n linux-sgx-sgx_%{linux_sgx_version}_reproducible %autopatch -m 0 -M 99 -p1 ############################################################ # # 'make preparation' is required first build step, and would # pull in many git submodules, apply patches for various # things, download pre-built enclaves, etc. # # What follows simulates 'make preparation' with functionally # equivalent actions to get the source tree setup in the # expected manner for performing the build # ############################################################ # Will use system package instead rm -rf external/{CppMicroServices,tinyxml2} # Don't intend to package these optional bits since none of # the required enclaves need this, and thus we can cut down # on bundling some 3rd party code rm -rf external/{dnnl,openmp,protobuf} sdk/sample_libcrypto ############################################################ # dcap ( cd external/dcap_source tar zxf %{SOURCE1} --strip 1 %autopatch -m 100 -M 199 -p1 ( mkdir QuoteVerification/sgxssl cd QuoteVerification/sgxssl tar zxf %{SOURCE3} --strip 1 %autopatch -m 200 -M 299 -p1 cp %{SOURCE10} openssl_source/ ) ( cd QuoteVerification/QVL tar zxf %{SOURCE6} --strip 1 ) ( cd QuoteVerification/QuoteVerificationService tar zxf %{SOURCE7} --strip 1 ) ( cd external/jwt-cpp tar zxf %{SOURCE12} --strip 1 patch -p1 < ../0001-Add-a-macro-to-disable-time-support-in-jwt-for-SGX.patch ) ) ############################################################ # sgxssl ( cd external/sgxssl tar zxf %{SOURCE3} --strip 1 %autopatch -m 200 -M 299 -p1 cp %{SOURCE10} openssl_source/ ) ############################################################ # ippcrypto ( cd external/ippcp_internal/ipp-crypto tar zxf %{SOURCE4} --strip 1 %autopatch -m 300 -M 399 -p1 ) ############################################################ # sgx-emm ( cd external/sgx-emm/emm_src tar zxf %{SOURCE5} --strip 1 ) ./external/sgx-emm/create_symlink.sh ############################################################ # libcbor ( cd external/cbor/libcbor tar zxf %{SOURCE11} --strip 1 cd .. cp -a libcbor sgx_libcbor cd libcbor patch -p1 < ../raw_cbor.patch cd .. cd sgx_libcbor patch -p1 < ../sgx_cbor.patch ) ############################################################ # prebuilt enclaves # repack.sh strips pre-built enclaves we don't ship, but # the build process still looks for them, so pretend # everything exists mkdir -p psw/ae/data/prebuilt/ touch psw/ae/data/prebuilt/libsgx_{le,qe,pve}.signed.so ( cd external/dcap_source/QuoteGeneration tar zxf %{SOURCE2} # prebuilt_dcap tarball includes a copy of pce from the prebuilt_ae tarball # Since we don't ship obsolete enclaves, we don't skip the prebuilt_ae # tarball and just borrow the pce from prebuilt_dcap if test -f psw/ae/data/prebuilt/libsgx_pce.signed.so then mv psw/ae/data/prebuilt/libsgx_pce.signed.so ../../../psw/ae/data/prebuilt/libsgx_pce.signed.so fi # Again just pretend everything exists to placate build touch psw/ae/data/prebuilt/libsgx_{id_enclave,qe3,tdqe,qve}.signed.so # the header files need to be up 1 level # # XXX these headers shouldn't really be needed, since DCAP # already unpacks & builds openssl as a side effect of # sgxssl. Somewhere the headers from that build are discarded # and QuoteVerification makefiles are set to look at these # pre-built headers instead. This is a bug in DCAP that needs # fixing and sending upstream mkdir -p ../prebuilt/openssl/inc mv prebuilt/openssl/inc/* ../prebuilt/openssl/inc/ ) find -name '*.a' -o -name '*.o' > prebuilt.txt if test -s prebuilt.txt then echo "ERROR: Found pre-built files in source tree." echo "ERROR: The following files must be removed from the source archives:" cat prebuilt.txt exit 1 fi %build ############################################################ # First, build the SDK # Jan 1st, 1980 export SOURCE_DATE_EPOCH="315532800" # Doesn't have to point anywhere real. The mere existance # of the env var triggers 'Makefile' logic that we need export NIX_STORE=/does/not/exist # We need this helper to munge ipp-crypto files built # with NASM, since they end up with absolute file # paths in, rather than relative paths seen with GCC gcc -Wall -Wextra -o mungeelf %{SOURCE30} mungeelf="$PWD/mungeelf" export SGX_MUNGE_ASM_OBJ="$mungeelf $PWD /linux-sgx/sgx" echo "Munging with $SGX_MUNGE_ASM_OBJ" mkdir _bin ( cd _bin for i in c++ cpp g++ gcc gcc-ar gcc-nm gcc-ranlib do ln -s %{_bindir}/%{sgx_triplet}-$i-%{sgx_gcc_version} $i done ln -s %{_bindir}/%{sgx_triplet}-gcc-%{sgx_gcc_version} cc for i in addr2line c++filt dwp elfedit gprof ar as ld ld.bfd ld.gold nm objcopy objdump ranlib strip strings size do ln -s %{_bindir}/%{sgx_triplet}-$i-%{sgx_binutils_version} $i done for i in nasm ndisasm do ln -s %{_bindir}/%{sgx_triplet}-$i-%{sgx_nasm_version} $i done ) TOOLS_BIN="$PWD/_bin" %global check_ipp_objs() \ grep -v -E 'CompilerId.o' %1 | grep -v libippcp.a | sed -e 's,/linux-sgx/sgx/,,' > want.sha256 \ grep -v -E 'CompilerId.o' %2 | grep -v libippcp.a > got.sha256 \ diff want.sha256 got.sha256 # Sanity check reproducibility thus far for easier debugging %if %{with_prebuilt_obj_hashes} cp %{SOURCE40} want-ippcp.sha256 cp %{SOURCE41} want-ippcpCF.sha256 cp %{SOURCE42} want-ippcpLOAD.sha256 %endif GCC_HEADERS="%{_libdir}/%{sgx_triplet}/gcc/x86_64-pc-linux-gnu/%{sgx_gcc_version}/include" GCC_FIXED_HEADERS="%{_libdir}/%{sgx_triplet}/gcc/x86_64-pc-linux-gnu/%{sgx_gcc_version}/include-fixed" GLIBC_HEADERS="%{sgx_includedir}/glibc-%{sgx_glibc_headers_version}" KERNEL_HEADERS="%{sgx_includedir}/kernel-%{sgx_kernel_headers_version}" # Bugtastic - ipp is compiled with outdated toolchain/headers GLIBC_ALT_HEADERS="%{sgx_includedir}/glibc-%{sgx_glibc_headers_alt_version}" export ENCLAVE_SYSTEM_INCLUDES="-isystem$GCC_HEADERS -isystem$GCC_FIXED_HEADERS -isystem$GLIBC_ALT_HEADERS -isystem$KERNEL_HEADERS" # IPP Crypto needs to be pre-built for the SDK. # Note, that the 'make clean' doesn't delete the # output '.a' files we need, only the '.o' files # So when complete we have 3 builds of IPP Crypto # in external/ippcp_internal/lib/linux/intel64/ for mitigation in '' LOAD CF do %__make %{?_smp_mflags} \ -C external/ippcp_internal \ clean PATH="$TOOLS_BIN:$PATH" \ %__make %{?_smp_mflags} \ -C external/ippcp_internal \ MITIGATION-CVE-2020-0551=$mitigation \ PRE_CONFIG= \ ASM_NASM="python %{SOURCE31} python $PWD/build-scripts/sgx-asm-pp.py --assembler=nasm --MITIGATION-CVE-2020-0551=$mitigation" %if %{with_prebuilt_obj_hashes} find external/ippcp_internal/ -name '*.o' -o -name '*.a' | sort | xargs sha256sum > build-ippcp${mitigation}.sha256 %check_ipp_objs want-ippcp${mitigation}.sha256 build-ippcp${mitigation}.sha256 %endif done # Stop us finding the .o files again later %__make %{?_smp_mflags} \ -C external/ippcp_internal \ clean # Sanity check reproducibility thus far for easier debugging # Exclude dirs that aren't related to code in the enclaves # or which we're not building locally. %define ignore_objs_external (external/(protobuf|mbedtls|openmp|rdrand|vtune)|(CMakeLTOTest)) %define ignore_objs_sdk sdk/(simulation|utls|ttls/(lib)?tdx|switchless|sign_tool|sample_libcrypto|edger8r|debugger_interface|encrypt_enclave) %define ignore_objs_misc mempool.o|libunwind.a|libcpprt.a %define ignore_archives libirc.a|libimf.a|libsvml.a|libsgx_dcap_tvl.a|libcrypto.a %define ignore ((%ignore_objs_external)|(%ignore_objs_sdk)|(%ignore_objs_misc)|(%ignore_archives)) %global check_sdk_objs() \ grep -v -E '%ignore' %1 > want.sha256 \ grep -v -E '%ignore' %2 > got.sha256 \ diff want.sha256 got.sha256 %if %{with_prebuilt_obj_hashes} cp %{SOURCE43} want-sdk.sha256 cp %{SOURCE44} want-sdkCF.sha256 cp %{SOURCE45} want-sdkLOAD.sha256 %endif export ENCLAVE_SYSTEM_INCLUDES="-isystem$GCC_HEADERS -isystem$GCC_FIXED_HEADERS -isystem$GLIBC_HEADERS -isystem$KERNEL_HEADERS" # Now we can build the actual SDK for mitigation in LOAD CF '' do %__make %{?_smp_mflags} -j1 \ -C sdk/ V=1 VERBOSE=1 \ MITIGATION-CVE-2020-0551=$mitigation \ clean %__make %{?_smp_mflags} \ -C external/dcap_source/QuoteVerification/dcap_tvl \ MITIGATION-CVE-2020-0551=$mitigation \ clean # Pre-build with current toolchain, since this # is a native app, and ocaml tools in Fedora # pass GCC -specs that assume current toolchain # and fail with old SGX binutils %__make %{?_smp_mflags} -j1 \ -C sdk/ edger8r V=1 VERBOSE=1 \ MITIGATION-CVE-2020-0551=$mitigation PATH="$TOOLS_BIN:$PATH" \ %__make %{?_smp_mflags} -j1 \ -C sdk/ V=1 VERBOSE=1 \ MITIGATION-CVE-2020-0551=$mitigation %if %{with_prebuilt_obj_hashes} find sdk external -name '*.o' -o -name '*.a' | sort | xargs sha256sum > got-sdk${mitigation}.sha256 %endif PATH="$TOOLS_BIN:$PATH" \ %__make %{?_smp_mflags} \ -C external/dcap_source/QuoteVerification/dcap_tvl \ MITIGATION-CVE-2020-0551=$mitigation %if %{with_prebuilt_obj_hashes} find external/dcap_source/QuoteVerification/dcap_tvl \ -name '*.o' -o -name '*.a' | sort | xargs sha256sum >> got-sdk${mitigation}.sha256 %check_sdk_objs want-sdk${mitigation}.sha256 got-sdk${mitigation}.sha256 %endif done ############################################################ # Second, install the SDK into a temporary tree, since this # dir tree is needed by the next build phase. %define vroot build/vroot ./linux/installer/bin/build-installpkg.sh sdk cve-2020-0551 ./linux/installer/bin/sgx_linux_x64_sdk_*.bin --prefix=%{vroot} ############################################################ # Third, build the AEs (Architectural Enclaves). These unsigned # AE builds will be validated against the pre-built Intel signed # AEs, to prove that the latter corresponds to the source we have. # XXX -j1 due to race condition setting up sgxssl headers with QvE %global do_build() \ %if %1 \ PATH="$TOOLS_BIN:$PATH" \\\ %make_build -C %2 \\\ ENCLAVE_SYSTEM_INCLUDES="$ENCLAVE_SYSTEM_INCLUDES" \\\ SGX_SDK=$(pwd)/%{vroot}/sgxsdk \\\ %3 -j1 \ \ %if %{with_prebuilt_obj_hashes} \ find %2 -name '*.o' -o -name '*.a' | sort | xargs sha256sum > build-got.sha256 \ grep %2 %{SOURCE46} | sed -e 's,/linux-sgx/sgx/,,' > build-want.sha256 \ diff build-want.sha256 build-got.sha256 \ %endif \ %endif %do_build %{_with_enclave_pce} psw/ae/pce pce.so %do_build %{_with_enclave_ide} external/dcap_source/QuoteGeneration/quote_wrapper/quote/id_enclave/linux id_enclave.so %do_build %{_with_enclave_qe3} external/dcap_source/QuoteGeneration/quote_wrapper/quote/enclave/linux qe3.so %do_build %{_with_enclave_tdqe} external/dcap_source/QuoteGeneration/quote_wrapper/tdx_quote/enclave/linux tdqe.so %do_build %{_with_enclave_qve} external/dcap_source/QuoteVerification/QvE qve.so %if %{_with_enclave_qve} %if %{with_prebuilt_obj_hashes} find external/dcap_source/QuoteVerification/sgxssl -name '*.o' | grep -v libcrypto-lib-cversion.o | sort | xargs sha256sum > build-got.sha256 grep external/dcap_source/QuoteVerification/sgxssl %{SOURCE46} | grep -v libcrypto-lib-cversion.o | grep -v '\.a' | sed -e 's,/linux-sgx/sgx/,,' > build-want.sha256 diff build-want.sha256 build-got.sha256 %endif %endif %install ############################################################ # Install phase # # There's nothing useful like 'make install' to install # everything in the right place :-( %__install -d %{buildroot}%{sgx_libdir} # @arg1: boolean condition for whether to ship this enclave # @arg2: base name of the enclave # @arg3: directory containing locally built enclave # @arg4: directory containing pre-bult enclave # @arg5: symbol name that defines the enclave SO version %global do_install() \ %if %1 \ %__install -m 0755 %3/%2.so %{buildroot}%{sgx_libdir}/libsgx_%2.so \ %if %{with_prebuilt_enclaves} \ version="$(grep %5 $version_file | awk '{print $3}' | sed -e 's/"//g')" \ libname="libsgx_%2.signed.so" \ libnameso="$libname.$(echo $version | awk -F . '{print $1}')" \ libnamever="$libname.$version" \ %__install -m 0755 %4/$libname %{buildroot}%{sgx_libdir}/$libnamever \ ln -s $libnamever %{buildroot}%{sgx_libdir}/$libnameso \ ln -s $libnameso %{buildroot}%{sgx_libdir}/$libname \ %endif \ %endif version_file=common/inc/internal/se_version.h %do_install %{_with_enclave_pce} pce psw/ae/pce psw/ae/data/prebuilt PCE_VERSION version_file=external/dcap_source/QuoteGeneration/common/inc/internal/se_version.h %do_install %{_with_enclave_ide} id_enclave external/dcap_source/QuoteGeneration/quote_wrapper/quote/id_enclave/linux external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt IDE_VERSION %do_install %{_with_enclave_qe3} qe3 external/dcap_source/QuoteGeneration/quote_wrapper/quote/enclave/linux external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt QE3_VERSION %do_install %{_with_enclave_tdqe} tdqe external/dcap_source/QuoteGeneration/quote_wrapper/tdx_quote/enclave/linux external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt TDQE_VERSION %do_install %{_with_enclave_qve} qve external/dcap_source/QuoteVerification/QvE external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt QVE_VERSION %check ############################################################ # Check phase # # We already validated the intermediate compiled .o files match the # reference .o files from Intel's reproducible build. # # Now we have final validation that the installed pre-built signed # enclaves provided by Intel match the unsigned enclaves we've just # built. # # This is absolute gating proof that we're shipping the complete & # corresponding source. This burden of proof is greater than that # required by the License, but is required given the unusual practice # of shipping pre-built binaries which packaging policy would # ordinarily deny. %if %{with_prebuilt_verification} verify=%{SOURCE32} psw=./psw/ae dcap=./external/dcap_source qgen=$dcap/QuoteGeneration/quote_wrapper qgenpsw=$dcap/QuoteGeneration/psw/ae qver=$dcap/QuoteVerification/QvE %if %{_with_enclave_pce} $verify $psw/data/prebuilt/libsgx_pce.signed.so $psw/pce/pce.so $psw/pce/config.xml %endif %if %{_with_enclave_ide} $verify $qgenpsw/data/prebuilt/libsgx_id_enclave.signed.so $qgen/quote/id_enclave/linux/id_enclave.so $qgen/quote/id_enclave/linux/config.xml %endif %if %{_with_enclave_qe3} $verify $qgenpsw/data/prebuilt/libsgx_qe3.signed.so $qgen/quote/enclave/linux//qe3.so $qgen/quote/enclave/linux/config.xml %endif %if %{_with_enclave_tdqe} $verify $qgenpsw/data/prebuilt/libsgx_tdqe.signed.so $qgen/tdx_quote/enclave/linux/tdqe.so $qgen/tdx_quote/enclave/linux/config.xml %endif %if %{_with_enclave_qve} $verify $qgenpsw/data/prebuilt/libsgx_qve.signed.so $qver/qve.so $qver/Enclave/linux/config.xml %endif %endif %global do_files() \ %if %3 \ %files -n sgx-enclave-reproducible-%1-unsigned \ %{sgx_libdir}/libsgx_%2.so \ \ %if %{with_prebuilt_enclaves} \ %files -n sgx-enclave-reproducible-%1-signed \ %{sgx_libdir}/libsgx_%2.signed.so* \ %endif \ %endif %do_files pce pce %{_with_enclave_pce} %do_files ide id_enclave %{_with_enclave_ide} %do_files qe3 qe3 %{_with_enclave_qe3} %do_files tdqe tdqe %{_with_enclave_tdqe} %do_files qve qve %{_with_enclave_qve} %changelog * Wed Jul 17 2024 Daniel P. Berrangé - 2.22-1 - Initial packaging