diff --git a/wallfacer 2.0/Docker/Dockerfile b/wallfacer 2.0/Docker/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..f7ee1381f5755b8985e24ac78347431cec2f0b41
--- /dev/null
+++ b/wallfacer 2.0/Docker/Dockerfile
@@ -0,0 +1,164 @@
+# Copyright (C) 2020 Intel Corporation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Intel Corporation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+
+FROM ubuntu:18.04 as builder
+
+RUN apt-get update && apt-get install -y \
+ autoconf \
+ automake \
+ build-essential \
+ cmake \
+ curl \
+ debhelper \
+ git \
+ libcurl4-openssl-dev \
+ libprotobuf-dev \
+ libssl-dev \
+ libtool \
+ lsb-release \
+ ocaml \
+ ocamlbuild \
+ protobuf-compiler \
+ python3 \
+ reprepro \
+ wget
+RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1
+
+# We assume this docker file is invoked with root at the top of linux-sgx repo, see shell scripts for example.
+WORKDIR /linux-sgx
+COPY . .
+
+# RUN make sdk_install_pkg_no_mitigation
+RUN make preperation
+WORKDIR /opt/intel
+RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin'
+
+ENV SGX_SDK=/opt/intel/sgxsdk
+WORKDIR /linux-sgx
+RUN make psw_install_pkg
+
+ENV BUILD_PLATFORM="docker"
+RUN make deb_local_repo
+
+FROM ubuntu:18.04 as aesm
+RUN apt-get update && apt-get install -y \
+ libcurl4 \
+ libprotobuf10 \
+ libssl1.1 \
+ make \
+ module-init-tools
+
+WORKDIR /installer
+COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./
+RUN ./sgx_linux_x64_psw*.bin --no-start-aesm
+WORKDIR /opt/intel/sgxpsw/aesm/
+ENV LD_LIBRARY_PATH=.
+CMD ./aesm_service --no-daemon
+
+FROM ubuntu:18.04 as aesm_deb
+RUN apt-get update && apt-get install -y \
+ libcurl4 \
+ libprotobuf10 \
+ libssl1.1 \
+ make \
+ module-init-tools
+
+WORKDIR /deb_local_repo
+
+COPY --from=builder /linux-sgx/linux/installer/deb/sgx_debian_local_repo/ ./
+RUN echo "deb [trusted=yes arch=amd64] file:///deb_local_repo bionic main">>/etc/apt/sources.list
+RUN apt-get update
+RUN apt-get install -y libsgx-aesm-launch-plugin libsgx-aesm-quote-ex-plugin
+
+WORKDIR /opt/intel/sgx-aesm-service/aesm/
+ENV LD_LIBRARY_PATH=.
+CMD ./aesm_service --no-daemon
+
+
+FROM ubuntu:18.04 as sample
+RUN apt-get update && apt-get install -y \
+ g++ \
+ libcurl4-openssl-dev \
+ libprotobuf-dev \
+ libssl-dev \
+ make \
+ module-init-tools
+
+WORKDIR /opt/intel
+COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./
+RUN ./sgx_linux_x64_psw*.bin --no-start-aesm
+RUN sh -c 'echo yes | ./sgx_linux_x64_sdk_*.bin'
+
+WORKDIR /opt/intel/sgxsdk/SampleCode/SampleEnclave
+RUN SGX_DEBUG=0 SGX_MODE=HW SGX_PRERELEASE=1 make
+
+RUN adduser -q --disabled-password --gecos "" --no-create-home sgxuser
+USER sgxuser
+
+CMD ./app
+
+
+FROM ubuntu:18.04 as sample_deb
+RUN apt-get update && apt-get install -y \
+ g++ \
+ libcurl4-openssl-dev \
+ libprotobuf-dev \
+ libssl-dev \
+ make \
+ module-init-tools
+
+WORKDIR /deb_local_repo
+
+COPY --from=builder /linux-sgx/linux/installer/deb/sgx_debian_local_repo/ ./
+RUN echo "deb [trusted=yes arch=amd64] file:///deb_local_repo bionic main">>/etc/apt/sources.list
+RUN apt-get update
+RUN apt-get install -y libsgx-urts
+
+WORKDIR /opt/intel
+COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./
+RUN sh -c 'echo yes | ./sgx_linux_x64_sdk_*.bin'
+
+#WORKDIR /opt/intel/sgxsdk/SampleCode/SampleEnclave
+#RUN SGX_DEBUG=0 SGX_MODE=HW SGX_PRERELEASE=1 make
+
+#RUN adduser -q --disabled-password --gecos "" --no-create-home sgxuser
+#USER sgxuser
+
+# 安装secGear
+WORKDIR /opt
+RUN git clone https://gitee.com/jinghaikun2024/secGear
+
+# 编译运行
+WORKDIR /opt/secGear
+RUN source /opt/intel/sgxsdk/environment && source environment
+RUN mkdir debug && cd debug && cmake .. && make && sudo make install
+RUN ./examples/helloworld/host/secgear_helloworld
+
+CMD ./app
diff --git a/wallfacer 2.0/Docker/build_and_run.sh b/wallfacer 2.0/Docker/build_and_run.sh
new file mode 100644
index 0000000000000000000000000000000000000000..641171e4560524669b57e9f3d95df6f6701cc56a
--- /dev/null
+++ b/wallfacer 2.0/Docker/build_and_run.sh
@@ -0,0 +1,2 @@
+docker build -f ./Dockerfile -t wallfacer:2.0
+docker run --device=/dev/isgx -v aesmd-socket: var/run/aesmd -v /opt/intel:/opt/intel -it wallfacer:v2.0
\ No newline at end of file
diff --git a/wallfacer 2.0/nested/CMakeLists.txt b/wallfacer 2.0/nested/CMakeLists.txt
new file mode 100644
index 0000000000000000000000000000000000000000..bb0a41d62bce19085b9e5a3606e843a2b4afbc07
--- /dev/null
+++ b/wallfacer 2.0/nested/CMakeLists.txt
@@ -0,0 +1,38 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+project(Nested CXX)
+
+set(CMAKE_CXX_STANDARD 11)
+
+set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+
+#set edl name
+set(EDL_FILE nested.edl)
+set(CODEGEN codegen)
+
+if(CC_GP)
+ set(CODETYPE trustzone)
+ set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0)
+ add_definitions(-DPATH="/data/${UUID}.sec")
+endif()
+
+if(CC_SGX)
+ set(CODETYPE sgx)
+ add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
+endif()
+
+if(CC_PL)
+ set(CODETYPE penglai)
+ add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF")
+endif()
+
+add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
+add_subdirectory(${CURRENT_ROOT_PATH}/host)
diff --git a/wallfacer 2.0/nested/enclave/CMakeLists.txt b/wallfacer 2.0/nested/enclave/CMakeLists.txt
new file mode 100644
index 0000000000000000000000000000000000000000..d4e0e9878245317694c0bea14e39fa9dd3db0907
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/CMakeLists.txt
@@ -0,0 +1,219 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+#set auto code prefix
+set(PREFIX nested)
+
+#set sign key
+set(PEM Enclave_private.pem)
+
+#set sign tool
+set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh)
+
+#set enclave src code
+set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/nested.cpp)
+
+#set log level
+set(PRINT_LEVEL 3)
+add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL})
+
+if(CC_GP)
+ #set signed output
+ set(OUTPUT ${UUID}.sec)
+ #set whilelist. default: /vendor/bin/teec_hello
+ set(WHITE_LIST_0 /vendor/bin/helloworld)
+ set(WHITE_LIST_OWNER root)
+ set(WHITE_LIST_1 /vendor/bin/secgear_helloworld)
+ set(WHITELIST WHITE_LIST_0 WHITE_LIST_1)
+
+ set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+ add_custom_command(OUTPUT ${AUTO_FILES}
+ DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+ COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
+endif()
+
+if(CC_SGX)
+ set(OUTPUT enclave.signed.so)
+ set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c)
+ add_custom_command(OUTPUT ${AUTO_FILES}
+ DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+ COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include)
+endif()
+
+if(CC_PL)
+ set(OUTPUT penglai-ELF)
+ set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+ add_custom_command(OUTPUT ${AUTO_FILES}
+ DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+ COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai)
+endif()
+
+set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \
+ -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \
+ -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \
+ -Wno-error=unused-but-set-variable -Wno-error=format-truncation=")
+
+set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles")
+
+if(CC_GP)
+
+ set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ")
+ set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC")
+ set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s")
+
+ set(ITRUSTEE_TEEDIR ${SDK_PATH}/)
+ set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc)
+
+ if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+ link_directories(${CMAKE_BINARY_DIR}/lib/)
+ endif()
+
+ add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES})
+
+ target_include_directories( ${PREFIX} PRIVATE
+ ${CMAKE_CURRENT_BINARY_DIR}
+ ${CMAKE_BINARY_DIR}/inc
+ ${LOCAL_ROOT_PATH}/inc/host_inc
+ ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+ ${LOCAL_ROOT_PATH}/inc/enclave_inc
+ ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp
+ ${ITRUSTEE_TEEDIR}/include/TA
+ ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext
+ ${ITRUSTEE_LIBC}/arch/aarch64
+ ${ITRUSTEE_LIBC}/
+ ${ITRUSTEE_LIBC}/arch/arm/bits
+ ${ITRUSTEE_LIBC}/arch/generic
+ ${ITRUSTEE_LIBC}/arch/arm
+ ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee)
+
+ if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+ target_link_directories(${PREFIX} PRIVATE
+ ${CMAKE_BINARY_DIR}/lib/)
+ endif()
+
+ foreach(WHITE_LIST ${WHITELIST})
+ add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}")
+ endforeach(WHITE_LIST)
+ add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}")
+
+ target_link_libraries(${PREFIX} -lsecgear_tee)
+
+ #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example #
+ # add_custom_command(TARGET ${PREFIX}
+ # POST_BUILD
+ # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT})
+
+ # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}
+ # DESTINATION /data
+ # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
+endif()
+
+if(CC_SGX)
+ set(SGX_DIR ${SDK_PATH})
+ set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden")
+ set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s")
+ set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64)
+
+ if(CC_SIM)
+ set(Trts_Library_Name sgx_trts_sim)
+ set(Service_Library_Name sgx_tservice_sim)
+ else()
+ set(Trts_Library_Name sgx_trts)
+ set(Service_Library_Name sgx_tservice)
+ endif()
+
+ set(Crypto_Library_Name sgx_tcrypto)
+
+ set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \
+ -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds")
+
+ if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+ link_directories(${LINK_LIBRARY_PATH})
+ endif()
+
+ add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES})
+
+ target_include_directories(${PREFIX} PRIVATE
+ ${CMAKE_CURRENT_BINARY_DIR}
+ ${SGX_DIR}/include/tlibc
+ ${SGX_DIR}/include/libcxx
+ ${SGX_DIR}/include
+ ${LOCAL_ROOT_PATH}/inc/host_inc
+ ${LOCAL_ROOT_PATH}/inc/host_inc/sgx)
+
+ if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+ target_link_directories(${PREFIX} PRIVATE
+ ${LINK_LIBRARY_PATH})
+ endif()
+
+ target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive
+ -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group)
+ add_custom_command(TARGET ${PREFIX}
+ POST_BUILD
+ COMMAND umask 0177
+ COMMAND openssl genrsa -3 -out ${PEM} 3072
+ COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml)
+endif()
+
+if(NOT DEFINED CC_PL)
+ set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE)
+endif()
+
+if(CC_PL)
+ set(SDK_LIB_DIR ${SDK_PATH}/lib)
+ set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include)
+ set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a)
+ set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib)
+ set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a)
+ set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a)
+ set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a)
+
+ set(SOURCE_C_OBJS "")
+ foreach(SOURCE_FILE ${SOURCE_FILES})
+ STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE})
+ set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o)
+ add_custom_command(
+ OUTPUT ${SOURCE_OBJ}
+ DEPENDS ${SOURCE_FILES}
+ COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc
+ -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc
+ -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE}
+ COMMENT "generate SOURCE_OBJ"
+ )
+ list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ})
+ endforeach()
+
+ set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o)
+ add_custom_command(
+ OUTPUT ${APP_C_OBJ}
+ DEPENDS ${AUTO_FILES}
+ COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc
+ -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc
+ -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c
+ COMMENT "generate APP_C_OBJ"
+ )
+
+ add_custom_command(
+ OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
+ DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB}
+ COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc
+ -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB}
+ ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds
+ COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
+ COMMENT "generate penglai-ELF"
+ )
+ add_custom_target(
+ ${OUTPUT} ALL
+ DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
+ COMMENT "makefile target penglai-ELF"
+ )
+
+endif()
diff --git a/wallfacer 2.0/nested/enclave/Enclave.config.xml b/wallfacer 2.0/nested/enclave/Enclave.config.xml
new file mode 100644
index 0000000000000000000000000000000000000000..e94c9bc50a61ebb552322ca5975510ac4b806c79
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/Enclave.config.xml
@@ -0,0 +1,12 @@
+
+ 0
+ 0
+ 0x40000
+ 0x100000
+ 10
+ 1
+
+ 0
+ 0
+ 0xFFFFFFFF
+
diff --git a/wallfacer 2.0/nested/enclave/Enclave.lds b/wallfacer 2.0/nested/enclave/Enclave.lds
new file mode 100644
index 0000000000000000000000000000000000000000..ab77e6478ef3c3448356e80b9884a8a533dd32c6
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/Enclave.lds
@@ -0,0 +1,11 @@
+enclave.so
+{
+ global:
+ g_global_data_sim;
+ g_global_data;
+ enclave_entry;
+ g_peak_heap_used;
+ local:
+ *;
+};
+
diff --git a/wallfacer 2.0/nested/enclave/config_cloud.ini b/wallfacer 2.0/nested/enclave/config_cloud.ini
new file mode 100644
index 0000000000000000000000000000000000000000..8c70225ecd3f2e7de449e89cbe338b81e1f06db9
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/config_cloud.ini
@@ -0,0 +1,60 @@
+[signSecPrivateCfg]
+;;;
+;private key length for signing TA:
+;[fixed value]
+;256 ECDSA Alg
+;2048/4096 RSA Alg
+secSignKeyLen = 4096
+;;;
+;[fixed value]
+;0 means SHA256 hash type
+;1 means SHA512 hash type
+secHashType = 0
+;;;
+; [fixed value]
+;0 means padding type is pkcs1v15
+;1 means padding type is PSS
+;[fixed value]
+secPaddingType = 1
+;;;
+;[fixed value]
+;RSA alg
+;ECDSA alg
+;SM2 alg
+secSignAlg = RSA
+;;;
+;public key for encrypt TA
+secEncryptKey = rsa_public_key_cloud.pem
+;;;
+;public key length
+secEncryptKeyLen = 3072
+
+[signSecPublicCfg]
+;;;
+;[fixed value]
+; sec sign key type
+;0 means debug
+;1 means release
+secReleaseType = 1
+;;;
+;0 means TA not installed by OTRP
+;1 means TA installed by OTRP
+secOtrpFlag = 0
+;;;
+;0 means not sign
+;1 means signed by local private
+;2 means signed using native sign tool;
+;3 means signed by CI
+;[fixed value]
+secSignType = 1
+;;;
+;server address for signing TA
+secSignServerIp =
+;;;
+;private key for signing TA
+;[private key owned by yourself]
+secSignKey = /home/TA_cert/private_key.pem
+;;;
+;config file
+;[signed config file by Huawei]
+configPath = /home/TA_cert/secgear-app1/config
diff --git a/wallfacer 2.0/nested/enclave/manifest.txt b/wallfacer 2.0/nested/enclave/manifest.txt
new file mode 100644
index 0000000000000000000000000000000000000000..d78354e6c0e101a126d65a116c4e98765f852db7
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/manifest.txt
@@ -0,0 +1,7 @@
+gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0
+gpd.ta.service_name: rsa-demo
+gpd.ta.singleInstance: true
+gpd.ta.multiSession: false
+gpd.ta.instanceKeepAlive: false
+gpd.ta.dataSize: 819200
+gpd.ta.stackSize: 40960
diff --git a/wallfacer 2.0/nested/enclave/nested.cpp b/wallfacer 2.0/nested/enclave/nested.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..89ba0cba5aafe0a56e03df1de72eaae6dfe4c4e4
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/nested.cpp
@@ -0,0 +1,243 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include
+#include
+#include
+#include "nested_t.h"
+
+#define TA_HELLO_WORLD "secgear hello world!"
+#define BUF_MAX 32
+
+
+#define ADD 1
+#define SUB 2
+#define MUL 3
+#define DIV 4
+#define EXP 5
+#define SEND 6
+#define RECIEVE 7
+
+//内部飞地定义
+class subEnclave {
+ private:
+ int subEnlaveID;
+ int tag;
+ double result;
+ double rev;
+ public:
+ subEnclave();
+ int setID(int);
+ int setTag(int);
+ double add(double, double);
+ double sub(double, double);
+ double mul(double, double);
+ double div(double, double);
+ double exp(double);
+ int get_tag();
+ int get_id();
+ friend int send(subEnclave &, subEnclave &);
+ friend int recieve(subEnclave &, subEnclave &);
+ ~subEnclave();
+};
+
+subEnclave::subEnclave() {
+ subEnlaveID = 0;
+ tag = 0;
+ result = 0;
+ rev = 0;
+ //cout << "create subenclave success" << endl;
+
+}
+
+subEnclave vec[100];
+
+int subEnclave::setID(int ID) {
+ this->subEnlaveID = ID;
+ return 0;
+}
+
+int subEnclave::setTag(int tag) {
+ this->tag = tag;
+ return 0;
+}
+
+double subEnclave::add(double a = 20, double b = 10) {
+ result = a + b;
+ return result;
+}
+
+double subEnclave::sub(double a = 20, double b = 10) {
+ result = a - b;
+ return result;
+}
+
+double subEnclave::mul(double a = 20, double b = 10) {
+ result = a * b;
+ return result;
+}
+
+double subEnclave::div(double a = 20, double b = 10) {
+ result = a / b;
+ return result;
+}
+
+double subEnclave::exp(double x = 7) {
+ result = x * x + 2 * x + 1;
+ return result;
+}
+
+int subEnclave::get_tag() {
+ return tag;
+}
+
+int subEnclave::get_id() {
+ return subEnlaveID;
+}
+
+int send(subEnclave &a, subEnclave &b) {
+ b.rev = a.result;
+ return 0;
+}
+
+int recieve(subEnclave &a, subEnclave &b) {
+ a.rev = b.result;
+ return 0;
+}
+
+subEnclave::~subEnclave() {
+ //cout << "destroy subenclave success" << endl;
+ print_destroy();
+}
+
+//////////////////////////////////////////////
+
+
+//std::vector vec;
+
+
+
+// create
+int createSubEnclave(int id)
+{
+
+ vec[id].setID(id);
+ print_create();
+ //vec.push_back(se[i]);
+ return 0;
+}
+
+// destroy
+int destroySubEnclave()
+{
+ print_destroy();
+ //vec.push_back(se[i]);
+ return 0;
+}
+
+/*
+int isExist(int ID,int num)
+{
+ int sub = -1;
+
+ for (int i = 0; i < size; i++) {
+ if (ID == arr[i].get_id()) {
+ sub = i;
+ break;
+ }
+ }
+
+ for (int i = 0; i < num; i++) {
+ if (ID == vec[i].get_id()) {
+ sub = i;
+ break;
+ }
+ }
+}
+*/
+
+//飞地内计算(ecall)
+int compute(int tag, int size, int sub, double* result) {
+ int ID[2];
+ int sub1;
+ vec[sub].setTag(tag);
+ if (tag == ADD) {
+ // cout << "result:" << arr[sub].add() << endl;
+ print_res(vec[sub].add());
+ result[0] = vec[sub].add();
+ } else if (tag == SUB) {
+ //cout << "result:" << arr[sub].sub() << endl;
+ print_res(vec[sub].sub());
+ result[0] = vec[sub].sub();
+ } else if (tag == MUL) {
+ //cout << "result:" << arr[sub].mul() << endl;
+ print_res(vec[sub].mul());
+ result[0] = vec[sub].mul();
+ } else if (tag == DIV) {
+ //cout << "result:" << arr[sub].div() << endl;
+ print_res(vec[sub].div());
+ result[0] = vec[sub].div();
+ } else if (tag == EXP) {
+ //cout << "result:" << arr[sub].exp() << endl;
+ print_res(vec[sub].exp());
+ result[0] = vec[sub].exp();
+ } else if (tag == SEND) {
+ //cout << "Please enter the subEnclaveID of the recipient:";
+ print_send_hit();
+ while (1) {
+ sub1 = -1;
+ getid(ID);
+ for (int i = 0; i < size; i++) {
+ if (ID[0] == vec[i].get_id()) {
+ sub1 = i;
+ break;
+ }
+ }
+ if (sub1 == -1) {
+ //cout << "The subEnclaveID was not found,please re-enter:";
+ print_reenter_hit();
+ continue;
+ } else
+ break;
+ }
+ send(vec[sub], vec[sub1]);
+ //cout << "Send Success!" << endl;
+ print_send();
+ } else if (tag == RECIEVE) {
+ //cout << "Please enter the subEnclaveID of the Sender:";
+ print_recieve_hit();
+ while (1) {
+ sub1 = -1;
+ //cin >> ID;
+ getid(ID);
+ for (int i = 0; i < size; i++) {
+ if (ID[0] == vec[i].get_id()) {
+ sub1 = i;
+ break;
+ }
+ }
+ if (sub1 == -1) {
+ //cout << "The subEnclaveID was not found,please re-enter:";
+ print_reenter_hit();
+ continue;
+ } else
+ break;
+ }
+ recieve(vec[sub], vec[sub1]);
+ //cout << "Recieve Success!" << endl;
+ print_recieve();
+ } else {
+ print_error();
+ }
+ return 0;
+}
+
diff --git a/wallfacer 2.0/nested/enclave/test.cpp b/wallfacer 2.0/nested/enclave/test.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..352d58bc848628771aafac699dbabd8324442331
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/test.cpp
@@ -0,0 +1,247 @@
+#include
+#include
+using namespace std;
+
+
+#define ADD 1
+#define SUB 2
+#define MUL 3
+#define DIV 4
+#define EXP 5
+#define SEND 6
+#define RECIEVE 7
+
+//内部飞地定义
+class subEnclave {
+ private:
+ int subEnlaveID;
+ int tag;
+ double result;
+ double rev;
+ public:
+ subEnclave();
+ int setID(int);
+ int setTag(int);
+ double add(double, double);
+ double sub(double, double);
+ double mul(double, double);
+ double div(double, double);
+ double exp(double);
+ int get_tag();
+ int get_id();
+ friend int send(subEnclave &, subEnclave &);
+ friend int recieve(subEnclave &, subEnclave &);
+ ~subEnclave();
+};
+
+subEnclave::subEnclave() {
+ subEnlaveID = 0;
+ tag = 0;
+ result = 0;
+ rev = 0;
+ cout << "create subenclave success" << endl;
+}
+
+int subEnclave::setID(int ID) {
+
+ this->subEnlaveID = ID;
+ return 0;
+}
+
+int subEnclave::setTag(int tag) {
+ this->tag = tag;
+ return 0;
+}
+
+double subEnclave::add(double a = 20, double b = 10) {
+ result = a + b;
+ return result;
+}
+
+double subEnclave::sub(double a = 20, double b = 10) {
+ result = a - b;
+ return result;
+}
+
+double subEnclave::mul(double a = 20, double b = 10) {
+ result = a * b;
+ return result;
+}
+
+double subEnclave::div(double a = 20, double b = 10) {
+ result = a / b;
+ return result;
+}
+
+double subEnclave::exp(double x = 7) {
+ result = x * x + 2 * x + 1;
+ return result;
+}
+
+int subEnclave::get_tag() {
+ return tag;
+}
+
+int subEnclave::get_id() {
+ return subEnlaveID;
+}
+
+int send(subEnclave &a, subEnclave &b) {
+ b.rev = a.result;
+ return 0;
+}
+
+int recieve(subEnclave &a, subEnclave &b) {
+ a.rev = b.result;
+ return 0;
+}
+
+subEnclave::~subEnclave() {
+ cout << "destroy subenclave success" << endl;
+}
+
+bool Check_duplicates(int *arr, int num);
+int compute(int tag, subEnclave *arr, int size, int sub);
+int Set_subEnclaveID(subEnclave *arr, int size);
+int Use_subEnclave(subEnclave *arr, int size);
+
+//判断重复ID
+bool Check_duplicates(int *arr, int num) {
+ sort(arr, arr + num);
+ for (int i = 0; i < num - 1; i++) {
+ if (arr[i] == arr[i + 1])
+ return true;
+ }
+ return false;
+}
+
+//飞地内计算
+int compute(int tag, subEnclave *arr, int size, int sub) {
+ int ID;
+ int sub1;
+ arr[sub].setTag(tag);
+ if (tag == ADD) {
+ cout << "result:" << arr[sub].add() << endl;
+ } else if (tag == SUB) {
+ cout << "result:" << arr[sub].sub() << endl;
+ } else if (tag == MUL) {
+ cout << "result:" << arr[sub].mul() << endl;
+ } else if (tag == DIV) {
+ cout << "result:" << arr[sub].div() << endl;
+ } else if (tag == EXP) {
+ cout << "result:" << arr[sub].exp() << endl;
+ } else if (tag == SEND) {
+ cout << "Please enter the subEnclaveID of the recipient:";
+ while (1) {
+ sub1 = -1;
+ cin >> ID;
+ for (int i = 0; i < size; i++) {
+ if (ID == arr[i].get_id()) {
+ sub1 = i;
+ break;
+ }
+ }
+ if (sub1 == -1) {
+ cout << "The subEnclaveID was not found,please re-enter:";
+ continue;
+ } else
+ break;
+ }
+ send(arr[sub], arr[sub1]);
+ cout << "Send Success!" << endl;
+ } else if (tag == RECIEVE) {
+ cout << "Please enter the subEnclaveID of the Sender:";
+ while (1) {
+ sub1 = -1;
+ cin >> ID;
+ for (int i = 0; i < size; i++) {
+ if (ID == arr[i].get_id()) {
+ sub1 = i;
+ break;
+ }
+ }
+ if (sub1 == -1) {
+ cout << "The subEnclaveID was not found,please re-enter:";
+ continue;
+ } else
+ break;
+ }
+ recieve(arr[sub], arr[sub1]);
+ cout << "Recieve Success!" << endl;
+ } else {
+ cout << "error" << endl;
+ }
+ return 0;
+}
+
+//设置内部飞地ID
+int Set_subEnclaveID(subEnclave *arr, int size) {
+ int ID;
+ int check_id[size];
+ while (1) {
+ cout << "Please enter the subEnclaveID in turn:" << endl;
+ for (int i = 0; i < size; i++) {
+ cin >> ID;
+ check_id[i] = ID;
+ }
+ if (Check_duplicates(check_id, size) == true) {
+ cout << "Duplicate IDs were found,please re-enter!" << endl << endl;
+ continue;
+ } else
+ break;
+ }
+ for (int i = 0; i < size; i++) {
+ arr[i].setID(check_id[i]);
+ }
+ return 0;
+}
+
+//使用内部飞地
+int Use_subEnclave(subEnclave *arr, int size) {
+ int sub, ID, op;
+ while (1) {
+ sub = -1;
+ cout << "Please enter the subEnclaveID you want to operate: ";
+ cin >> ID;
+ for (int i = 0; i < size; i++) {
+ if (ID == arr[i].get_id()) {
+ sub = i;
+ break;
+ }
+ }
+ if (sub == -1) {
+ cout << "The subEnclaveID was not found,please re-enter!" << endl;
+ continue;
+ }
+
+ cout << "Please enter the function you want:" << endl;
+ cout << "1.ADD 2.SUB 3.MUL 4.DIV 5.EXP" << endl;
+ cout << "6.SEND 7.RECV 8.SKIP 9.EXIT" << endl;
+
+ cin >> op;
+
+ if (op == 8)
+ continue;
+ if (op == 9)
+ break;
+
+ compute(op, arr, size, sub);
+ }
+ return 0;
+}
+
+int main() {
+
+ //创建内部飞地
+ int num;
+ cout << "Please enter the number of subEnclaves: ";
+ cin >> num;
+ subEnclave List[num];
+
+ //设置内部飞地ID
+ Set_subEnclaveID(List, num);
+
+ //使用内部飞地
+ Use_subEnclave(List, num);
+ return 0;
+}
\ No newline at end of file
diff --git a/wallfacer 2.0/nested/host/CMakeLists.txt b/wallfacer 2.0/nested/host/CMakeLists.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b2621947bbe86770b9ea992c93f3cce4b94ed54a
--- /dev/null
+++ b/wallfacer 2.0/nested/host/CMakeLists.txt
@@ -0,0 +1,119 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+#set auto code prefix
+set(PREFIX nested)
+#set host exec name
+set(OUTPUT secgear_nested)
+#set host src code
+set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp)
+
+#set auto code
+if(CC_GP)
+ set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+ add_custom_command(OUTPUT ${AUTO_FILES}
+ DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+ COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
+endif()
+
+if(CC_SGX)
+ set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
+ add_custom_command(OUTPUT ${AUTO_FILES}
+ DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+ COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include)
+endif()
+
+if(CC_PL)
+ set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
+ add_custom_command(OUTPUT ${AUTO_FILES}
+ DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+ COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai)
+endif()
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE")
+set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s")
+
+if(CC_GP)
+ if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+ link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+ endif()
+ add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+ target_include_directories(${OUTPUT} PRIVATE
+ ${CMAKE_BINARY_DIR}/inc
+ ${LOCAL_ROOT_PATH}/inc/host_inc
+ ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+ ${CMAKE_CURRENT_BINARY_DIR})
+ if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+ target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+ endif()
+endif()
+
+if(CC_SGX)
+ if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+ link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+ endif()
+ add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+ target_include_directories(${OUTPUT} PRIVATE
+ ${LOCAL_ROOT_PATH}/inc/host_inc
+ ${LOCAL_ROOT_PATH}/inc/host_inc/sgx
+ ${CMAKE_CURRENT_BINARY_DIR})
+ if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+ target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+ endif()
+endif()
+
+if(CC_PL)
+ if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+ link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+ endif()
+ add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+ target_include_directories(${OUTPUT} PRIVATE
+ ${LOCAL_ROOT_PATH}/inc/host_inc
+ ${LOCAL_ROOT_PATH}/inc/host_inc/penglai
+ ${CMAKE_CURRENT_BINARY_DIR})
+ if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+ target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+ endif()
+endif()
+
+if(CC_SIM)
+ target_link_libraries(${OUTPUT} secgearsim pthread)
+else()
+ target_link_libraries(${OUTPUT} secgear pthread)
+endif()
+set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
+
+if(CC_GP)
+ #itrustee install whitelist /vender/bin/teec_hello
+ install(TARGETS ${OUTPUT}
+ RUNTIME
+ DESTINATION /vendor/bin/
+ PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ WORLD_EXECUTE WORLD_READ)
+endif()
+
+if(CC_SGX)
+ install(TARGETS ${OUTPUT}
+ RUNTIME
+ DESTINATION ${CMAKE_BINARY_DIR}/bin/
+ PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ WORLD_EXECUTE WORLD_READ)
+endif()
+
+if(CC_PL)
+ install(TARGETS ${OUTPUT}
+ RUNTIME
+ DESTINATION ${CMAKE_BINARY_DIR}/bin/
+ PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ WORLD_EXECUTE WORLD_READ)
+endif()
diff --git a/wallfacer 2.0/nested/host/main.cpp b/wallfacer 2.0/nested/host/main.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..6eea03c46daccc718e0b35641e1edcf01a145ca3
--- /dev/null
+++ b/wallfacer 2.0/nested/host/main.cpp
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include
+#include
+#include
+#include
+#include "enclave.h"
+#include "nested_u.h"
+#include "string.h"
+using namespace std;
+
+#define BUF_LEN 32
+
+void print_res(double result_)
+{
+ cout << result_ << endl;
+}
+
+void print_error()
+{
+ cout << "error" << endl;
+}
+
+void print_create()
+{
+ cout << "create subenclave success" << endl;
+}
+
+void print_destroy()
+{
+ cout << "destroy subenclave success" << endl;
+}
+
+void getid(int* id)
+{
+ cin >> id[0];
+}
+
+
+void print_send()
+{
+ cout << "Send Success!" << endl;
+}
+
+void print_recieve()
+{
+ cout << "Recieve Success!" << endl;
+}
+
+void print_send_hit()
+{
+ cout << "Please enter the subEnclaveID of the recipient:";
+}
+
+void print_recieve_hit()
+{
+ cout << "Please enter the subEnclaveID of the Sender:";
+}
+
+void print_reenter_hit()
+{
+ cout << "The subEnclaveID was not found,please re-enter:";
+}
+
+int main()
+{
+ int retval = 0;
+ char *path = PATH;
+ char buf[BUF_LEN];
+ cc_enclave_t context = {};
+ cc_enclave_result_t res = CC_FAIL;
+
+ char real_p[PATH_MAX];
+ /* check file exists, if not exist then use absolute path */
+ if (realpath(path, real_p) == NULL) {
+ if (getcwd(real_p, sizeof(real_p)) == NULL) {
+ printf("Cannot find enclave.sign.so");
+ goto end;
+ }
+ if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) {
+ printf("Failed to strcat enclave.sign.so path");
+ goto end;
+ }
+ (void)strcat(real_p, "/enclave.signed.so");
+ }
+
+ res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
+ if (res != CC_SUCCESS) {
+ printf("host create enclave error\n");
+ goto end;
+ }
+ printf("host create enclave success\n");
+
+ /*
+ res = get_string(&context, &retval, buf);
+ if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) {
+ printf("Ecall enclave error\n");
+ } else {
+ printf("enclave say:%s\n", buf);
+ }
+ */
+
+ int num;
+ cout << "Please enter the number of subEnclaves: ";
+ cin >> num;
+ double result_[2];
+ //cin >> ID;
+
+ //res = compute();
+ //cout << result_[0];
+ for (int i = 0;i < num;i++) {
+ res = createSubEnclave(&context, &retval, i);
+ }
+
+ int sub, ID, op;
+ while (1) {
+ sub = -1;
+ cout << "Please enter the subEnclaveID you want to operate: ";
+ cin >> ID;
+ //判断存在
+ for (int i = 0; i < num; i++) {
+ if (ID == i) {
+ sub = i;
+ break;
+ }
+ }
+ if (sub == -1) {
+ cout << "The subEnclaveID was not found,please re-enter!" << endl;
+ continue;
+ }
+
+ cout << "Please enter the function you want:" << endl;
+ cout << "1.ADD 2.SUB 3.MUL 4.DIV 5.EXP" << endl;
+ cout << "6.SEND 7.RECV 8.SKIP 9.EXIT" << endl;
+
+ cin >> op;
+
+ if (op == 8)
+ continue;
+ if (op == 9)
+ break;
+
+ res = compute(&context, &retval,op, num, sub, result_);
+ }
+
+ for (int i = 0;i < num;i++) {
+ res = destroySubEnclave(&context, &retval);
+ }
+
+
+
+ res = cc_enclave_destroy(&context);
+ if(res != CC_SUCCESS) {
+ printf("host destroy enclave error\n");
+ } else {
+ printf("host destroy enclave success\n");
+ }
+end:
+ return res;
+}
diff --git a/wallfacer 2.0/nested/nested.edl b/wallfacer 2.0/nested/nested.edl
new file mode 100644
index 0000000000000000000000000000000000000000..7dc9df48cafe00f78a9187481bf6c7fb0a598941
--- /dev/null
+++ b/wallfacer 2.0/nested/nested.edl
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+enclave {
+ include "secgear_urts.h"
+ from "secgear_tstdc.edl" import *;
+ trusted {
+ public int compute(int tag, int size, int sub, [out, size=32]double* _result);
+
+ public int isExist(int ID, int num);
+
+ public int createSubEnclave(int num);
+
+ public int destroySubEnclave();
+ };
+ untrusted {
+ void print_res(double res);
+ void print_error();
+ void print_create();
+ void print_destroy();
+ void getid([in,out,size = 32]int* id);
+ void print_send();
+ void print_recieve();
+ void print_send_hit();
+ void print_recieve_hit();
+ void print_reenter_hit();
+ };
+};