From 9ce463dbea9b5df01a75e59c8126b57e17643ee6 Mon Sep 17 00:00:00 2001
From: LinJT <2369045900@qq.com>
Date: Fri, 15 Mar 2024 22:15:23 +0800
Subject: [PATCH 1/3] nested enclave

---
 wallfacer 2.0/Docker/Dockerfile               | 164 ++++++++++++
 wallfacer 2.0/Docker/build_and_run.sh         |   2 +
 wallfacer 2.0/nested/CMakeLists.txt           |  38 +++
 wallfacer 2.0/nested/enclave/CMakeLists.txt   | 219 ++++++++++++++++
 .../nested/enclave/Enclave.config.xml         |  12 +
 wallfacer 2.0/nested/enclave/Enclave.lds      |  11 +
 wallfacer 2.0/nested/enclave/config_cloud.ini |  60 +++++
 wallfacer 2.0/nested/enclave/manifest.txt     |   7 +
 wallfacer 2.0/nested/enclave/nested.cpp       | 236 +++++++++++++++++
 wallfacer 2.0/nested/enclave/test.cpp         | 247 ++++++++++++++++++
 wallfacer 2.0/nested/host/CMakeLists.txt      | 119 +++++++++
 wallfacer 2.0/nested/host/main.cpp            | 138 ++++++++++
 wallfacer 2.0/nested/nested.edl               |  31 +++
 13 files changed, 1284 insertions(+)
 create mode 100644 wallfacer 2.0/Docker/Dockerfile
 create mode 100644 wallfacer 2.0/Docker/build_and_run.sh
 create mode 100644 wallfacer 2.0/nested/CMakeLists.txt
 create mode 100644 wallfacer 2.0/nested/enclave/CMakeLists.txt
 create mode 100644 wallfacer 2.0/nested/enclave/Enclave.config.xml
 create mode 100644 wallfacer 2.0/nested/enclave/Enclave.lds
 create mode 100644 wallfacer 2.0/nested/enclave/config_cloud.ini
 create mode 100644 wallfacer 2.0/nested/enclave/manifest.txt
 create mode 100644 wallfacer 2.0/nested/enclave/nested.cpp
 create mode 100644 wallfacer 2.0/nested/enclave/test.cpp
 create mode 100644 wallfacer 2.0/nested/host/CMakeLists.txt
 create mode 100644 wallfacer 2.0/nested/host/main.cpp
 create mode 100644 wallfacer 2.0/nested/nested.edl

diff --git a/wallfacer 2.0/Docker/Dockerfile b/wallfacer 2.0/Docker/Dockerfile
new file mode 100644
index 00000000..f7ee1381
--- /dev/null
+++ b/wallfacer 2.0/Docker/Dockerfile	
@@ -0,0 +1,164 @@
+# Copyright (C) 2020 Intel Corporation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#   * Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in
+#     the documentation and/or other materials provided with the
+#     distribution.
+#   * Neither the name of Intel Corporation nor the names of its
+#     contributors may be used to endorse or promote products derived
+#     from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+
+FROM ubuntu:18.04 as builder
+
+RUN apt-get update && apt-get install  -y \
+    autoconf \
+    automake \
+    build-essential \
+    cmake \
+    curl \
+    debhelper \
+    git \
+    libcurl4-openssl-dev \
+    libprotobuf-dev \
+    libssl-dev \
+    libtool \
+    lsb-release \
+    ocaml \
+    ocamlbuild \
+    protobuf-compiler \
+    python3 \
+    reprepro \
+    wget
+RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1
+
+# We assume this docker file is invoked with root at the top of linux-sgx repo, see shell scripts for example.
+WORKDIR /linux-sgx
+COPY . .
+
+# RUN make sdk_install_pkg_no_mitigation
+RUN make preperation
+WORKDIR /opt/intel
+RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin'
+
+ENV SGX_SDK=/opt/intel/sgxsdk
+WORKDIR /linux-sgx
+RUN make psw_install_pkg
+
+ENV BUILD_PLATFORM="docker"
+RUN make deb_local_repo
+
+FROM ubuntu:18.04 as aesm
+RUN apt-get update && apt-get install -y \
+    libcurl4 \
+    libprotobuf10 \
+    libssl1.1 \
+    make \
+    module-init-tools
+
+WORKDIR /installer
+COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./
+RUN ./sgx_linux_x64_psw*.bin --no-start-aesm
+WORKDIR /opt/intel/sgxpsw/aesm/
+ENV LD_LIBRARY_PATH=.
+CMD ./aesm_service --no-daemon
+
+FROM ubuntu:18.04 as aesm_deb
+RUN apt-get update && apt-get install -y \
+    libcurl4 \
+    libprotobuf10 \
+    libssl1.1 \
+    make \
+    module-init-tools
+
+WORKDIR /deb_local_repo
+
+COPY --from=builder /linux-sgx/linux/installer/deb/sgx_debian_local_repo/ ./
+RUN echo "deb [trusted=yes arch=amd64] file:///deb_local_repo bionic main">>/etc/apt/sources.list
+RUN apt-get update
+RUN apt-get install -y libsgx-aesm-launch-plugin libsgx-aesm-quote-ex-plugin
+
+WORKDIR /opt/intel/sgx-aesm-service/aesm/
+ENV LD_LIBRARY_PATH=.
+CMD ./aesm_service --no-daemon
+
+
+FROM ubuntu:18.04 as sample
+RUN apt-get update && apt-get install -y \
+    g++ \
+    libcurl4-openssl-dev \
+    libprotobuf-dev \
+    libssl-dev \
+    make \
+    module-init-tools
+
+WORKDIR /opt/intel
+COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./
+RUN ./sgx_linux_x64_psw*.bin --no-start-aesm
+RUN sh -c 'echo yes | ./sgx_linux_x64_sdk_*.bin'
+
+WORKDIR /opt/intel/sgxsdk/SampleCode/SampleEnclave
+RUN SGX_DEBUG=0 SGX_MODE=HW SGX_PRERELEASE=1 make
+
+RUN adduser -q --disabled-password --gecos "" --no-create-home sgxuser
+USER sgxuser
+
+CMD ./app
+
+
+FROM ubuntu:18.04 as sample_deb
+RUN apt-get update && apt-get install -y \
+    g++ \
+    libcurl4-openssl-dev \
+    libprotobuf-dev \
+    libssl-dev \
+    make \
+    module-init-tools
+
+WORKDIR /deb_local_repo
+
+COPY --from=builder /linux-sgx/linux/installer/deb/sgx_debian_local_repo/ ./
+RUN echo "deb [trusted=yes arch=amd64] file:///deb_local_repo bionic main">>/etc/apt/sources.list
+RUN apt-get update
+RUN apt-get install -y libsgx-urts
+
+WORKDIR /opt/intel
+COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./
+RUN sh -c 'echo yes | ./sgx_linux_x64_sdk_*.bin'
+
+#WORKDIR /opt/intel/sgxsdk/SampleCode/SampleEnclave
+#RUN SGX_DEBUG=0 SGX_MODE=HW SGX_PRERELEASE=1 make
+
+#RUN adduser -q --disabled-password --gecos "" --no-create-home sgxuser
+#USER sgxuser
+
+# 安装secGear
+WORKDIR /opt
+RUN git clone https://gitee.com/jinghaikun2024/secGear
+
+# 编译运行
+WORKDIR /opt/secGear
+RUN source /opt/intel/sgxsdk/environment && source environment
+RUN mkdir debug && cd debug && cmake .. && make && sudo make install
+RUN ./examples/helloworld/host/secgear_helloworld
+
+CMD ./app
diff --git a/wallfacer 2.0/Docker/build_and_run.sh b/wallfacer 2.0/Docker/build_and_run.sh
new file mode 100644
index 00000000..641171e4
--- /dev/null
+++ b/wallfacer 2.0/Docker/build_and_run.sh	
@@ -0,0 +1,2 @@
+docker build -f ./Dockerfile -t wallfacer:2.0
+docker run --device=/dev/isgx -v aesmd-socket: var/run/aesmd -v /opt/intel:/opt/intel  -it  wallfacer:v2.0
\ No newline at end of file
diff --git a/wallfacer 2.0/nested/CMakeLists.txt b/wallfacer 2.0/nested/CMakeLists.txt
new file mode 100644
index 00000000..bb0a41d6
--- /dev/null
+++ b/wallfacer 2.0/nested/CMakeLists.txt	
@@ -0,0 +1,38 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+project(Nested  CXX)
+
+set(CMAKE_CXX_STANDARD 11)
+
+set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+
+#set edl name
+set(EDL_FILE nested.edl)
+set(CODEGEN codegen)
+
+if(CC_GP)
+    set(CODETYPE trustzone)
+    set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0)
+    add_definitions(-DPATH="/data/${UUID}.sec")
+endif()
+
+if(CC_SGX)
+    set(CODETYPE sgx)
+    add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
+endif()
+ 
+if(CC_PL)
+    set(CODETYPE penglai)
+    add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF")
+endif()
+
+add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
+add_subdirectory(${CURRENT_ROOT_PATH}/host)
diff --git a/wallfacer 2.0/nested/enclave/CMakeLists.txt b/wallfacer 2.0/nested/enclave/CMakeLists.txt
new file mode 100644
index 00000000..d4e0e987
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/CMakeLists.txt	
@@ -0,0 +1,219 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+#set auto code prefix
+set(PREFIX nested)
+
+#set sign key
+set(PEM Enclave_private.pem)
+
+#set sign tool
+set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh)
+
+#set enclave src code
+set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/nested.cpp)
+
+#set log level
+set(PRINT_LEVEL 3)
+add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL})
+
+if(CC_GP)
+    #set signed output
+    set(OUTPUT ${UUID}.sec)
+    #set whilelist. default: /vendor/bin/teec_hello
+    set(WHITE_LIST_0 /vendor/bin/helloworld)
+    set(WHITE_LIST_OWNER root)
+    set(WHITE_LIST_1 /vendor/bin/secgear_helloworld)
+    set(WHITELIST WHITE_LIST_0 WHITE_LIST_1)
+
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
+endif()
+
+if(CC_SGX)
+    set(OUTPUT enclave.signed.so)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include)
+endif()
+
+if(CC_PL)
+    set(OUTPUT penglai-ELF)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai)
+endif()
+
+set(COMMON_C_FLAGS "-W -Wall -Werror  -fno-short-enums  -fno-omit-frame-pointer -fstack-protector \
+	-Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \
+	-fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \
+        -Wno-error=unused-but-set-variable -Wno-error=format-truncation=")
+
+set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles")
+
+if(CC_GP)
+
+    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS}  -march=armv8-a ")
+    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s -fPIC")
+    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-s")
+    
+    set(ITRUSTEE_TEEDIR ${SDK_PATH}/)
+    set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc)
+
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_BINARY_DIR}/lib/)
+    endif()
+
+    add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES})
+
+    target_include_directories( ${PREFIX} PRIVATE
+	${CMAKE_CURRENT_BINARY_DIR}
+	${CMAKE_BINARY_DIR}/inc
+	${LOCAL_ROOT_PATH}/inc/host_inc
+	${LOCAL_ROOT_PATH}/inc/host_inc/gp
+	${LOCAL_ROOT_PATH}/inc/enclave_inc
+	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp
+	${ITRUSTEE_TEEDIR}/include/TA
+	${ITRUSTEE_TEEDIR}/include/TA/huawei_ext
+	${ITRUSTEE_LIBC}/arch/aarch64
+	${ITRUSTEE_LIBC}/
+	${ITRUSTEE_LIBC}/arch/arm/bits
+	${ITRUSTEE_LIBC}/arch/generic
+	${ITRUSTEE_LIBC}/arch/arm
+	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee)
+
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${PREFIX} PRIVATE
+	        ${CMAKE_BINARY_DIR}/lib/)
+    endif()
+
+    foreach(WHITE_LIST ${WHITELIST})
+	    add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}")
+    endforeach(WHITE_LIST)
+    add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}")
+
+    target_link_libraries(${PREFIX} -lsecgear_tee)
+
+    #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example #
+    #    add_custom_command(TARGET ${PREFIX}
+    #	      POST_BUILD
+	      #	      COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT})
+
+      #    install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}  
+      #        DESTINATION /data
+      #        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE  WORLD_READ  WORLD_EXECUTE)
+
+endif()
+
+if(CC_SGX)
+    set(SGX_DIR ${SDK_PATH})
+    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden")
+    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
+    set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64)
+
+    if(CC_SIM)
+        set(Trts_Library_Name sgx_trts_sim)
+        set(Service_Library_Name sgx_tservice_sim)
+    else()
+        set(Trts_Library_Name sgx_trts)
+        set(Service_Library_Name sgx_tservice)
+    endif()
+
+    set(Crypto_Library_Name sgx_tcrypto)
+
+    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \
+	-Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds")
+
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0") 
+        link_directories(${LINK_LIBRARY_PATH})
+    endif()
+
+    add_library(${PREFIX}  SHARED ${SOURCE_FILES} ${AUTO_FILES})
+
+    target_include_directories(${PREFIX} PRIVATE
+	    ${CMAKE_CURRENT_BINARY_DIR}
+	    ${SGX_DIR}/include/tlibc
+	    ${SGX_DIR}/include/libcxx
+	    ${SGX_DIR}/include
+	    ${LOCAL_ROOT_PATH}/inc/host_inc
+	    ${LOCAL_ROOT_PATH}/inc/host_inc/sgx)
+    
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") 
+        target_link_directories(${PREFIX} PRIVATE
+	        ${LINK_LIBRARY_PATH})
+    endif()
+
+    target_link_libraries(${PREFIX}  -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive 
+    		-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name}   -Wl,--end-group)
+    add_custom_command(TARGET ${PREFIX} 
+    POST_BUILD
+    COMMAND umask 0177
+    COMMAND openssl genrsa -3 -out ${PEM} 3072
+    COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml)
+endif()
+
+if(NOT DEFINED CC_PL)
+    set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE)
+endif()
+
+if(CC_PL)
+    set(SDK_LIB_DIR ${SDK_PATH}/lib)
+    set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include)
+    set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a)
+    set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib)
+    set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a)
+    set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a)
+    set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a)
+
+    set(SOURCE_C_OBJS "")
+    foreach(SOURCE_FILE ${SOURCE_FILES})
+        STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE})
+        set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o)
+        add_custom_command(
+            OUTPUT ${SOURCE_OBJ}
+            DEPENDS ${SOURCE_FILES}
+            COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc
+                -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc
+                -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE}
+            COMMENT "generate SOURCE_OBJ"
+        )
+        list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ})
+    endforeach()
+
+    set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o)
+    add_custom_command(
+        OUTPUT ${APP_C_OBJ}
+        DEPENDS ${AUTO_FILES}
+        COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc
+            -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc
+            -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c
+        COMMENT "generate APP_C_OBJ"
+    )
+
+    add_custom_command(
+        OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
+        DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB}
+        COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc
+            -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB}
+            ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds
+        COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
+        COMMENT "generate penglai-ELF"
+    )
+    add_custom_target(
+        ${OUTPUT} ALL
+        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
+        COMMENT "makefile target penglai-ELF"
+    )
+
+endif()
diff --git a/wallfacer 2.0/nested/enclave/Enclave.config.xml b/wallfacer 2.0/nested/enclave/Enclave.config.xml
new file mode 100644
index 00000000..e94c9bc5
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/Enclave.config.xml	
@@ -0,0 +1,12 @@
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>10</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>
diff --git a/wallfacer 2.0/nested/enclave/Enclave.lds b/wallfacer 2.0/nested/enclave/Enclave.lds
new file mode 100644
index 00000000..ab77e647
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/Enclave.lds	
@@ -0,0 +1,11 @@
+enclave.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};
+
diff --git a/wallfacer 2.0/nested/enclave/config_cloud.ini b/wallfacer 2.0/nested/enclave/config_cloud.ini
new file mode 100644
index 00000000..8c70225e
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/config_cloud.ini	
@@ -0,0 +1,60 @@
+[signSecPrivateCfg]
+;;;
+;private key length for signing TA:
+;[fixed value]
+;256 ECDSA Alg
+;2048/4096 RSA Alg
+secSignKeyLen = 4096
+;;;
+;[fixed value]
+;0 means SHA256 hash type
+;1 means SHA512 hash type
+secHashType = 0
+;;;
+; [fixed value]
+;0 means padding type is pkcs1v15
+;1 means padding type is PSS
+;[fixed value]
+secPaddingType = 1
+;;;
+;[fixed value]
+;RSA alg
+;ECDSA alg
+;SM2 alg
+secSignAlg = RSA
+;;;
+;public key for encrypt TA
+secEncryptKey = rsa_public_key_cloud.pem
+;;;
+;public key length
+secEncryptKeyLen = 3072
+
+[signSecPublicCfg]
+;;;
+;[fixed value]
+; sec sign key type
+;0 means debug
+;1 means release
+secReleaseType = 1
+;;;
+;0 means TA not installed by OTRP
+;1 means TA installed by OTRP
+secOtrpFlag = 0
+;;;
+;0 means not sign
+;1 means signed by local private
+;2 means signed using native sign tool;
+;3 means signed by CI
+;[fixed value]
+secSignType = 1
+;;;
+;server address for signing TA
+secSignServerIp =
+;;;
+;private key for signing TA
+;[private key owned by yourself]
+secSignKey = /home/TA_cert/private_key.pem
+;;;
+;config file
+;[signed config file by Huawei]
+configPath = /home/TA_cert/secgear-app1/config
diff --git a/wallfacer 2.0/nested/enclave/manifest.txt b/wallfacer 2.0/nested/enclave/manifest.txt
new file mode 100644
index 00000000..d78354e6
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/manifest.txt	
@@ -0,0 +1,7 @@
+gpd.ta.appID:   		f68fd704-6eb1-4d14-b218-722850eb3ef0
+gpd.ta.service_name:		rsa-demo
+gpd.ta.singleInstance:		true
+gpd.ta.multiSession: 		false
+gpd.ta.instanceKeepAlive:	false
+gpd.ta.dataSize:		819200
+gpd.ta.stackSize:		40960
diff --git a/wallfacer 2.0/nested/enclave/nested.cpp b/wallfacer 2.0/nested/enclave/nested.cpp
new file mode 100644
index 00000000..b684a54a
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/nested.cpp	
@@ -0,0 +1,236 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <vector>
+#include "nested_t.h"
+
+#define TA_HELLO_WORLD        "secgear hello world!"
+#define BUF_MAX 32
+
+
+#define ADD 1
+#define SUB 2
+#define MUL 3
+#define DIV 4
+#define EXP 5
+#define SEND 6
+#define RECIEVE 7
+
+//内部飞地定义
+class subEnclave {
+	private:
+		int subEnlaveID;
+		int tag;
+		double result;
+		double rev;
+	public:
+		subEnclave();
+		int setID(int);
+		int setTag(int);
+		double add(double, double);
+		double sub(double, double);
+		double mul(double, double);
+		double div(double, double);
+		double exp(double);
+		int get_tag();
+		int get_id();
+		//friend int send(subEnclave &, subEnclave &);
+		//friend int recieve(subEnclave &, subEnclave &);
+		~subEnclave();
+};
+
+subEnclave::subEnclave() {
+	subEnlaveID = 0;
+	tag = 0;
+	result = 0;
+	rev = 0;
+	//cout << "create subenclave success" << endl;
+	
+}
+subEnclave vec[100];
+int subEnclave::setID(int ID) {
+	this->subEnlaveID = ID;
+	return 0;
+}
+
+int subEnclave::setTag(int tag) {
+	this->tag = tag;
+	return 0;
+}
+
+double subEnclave::add(double a = 20, double b = 10) {
+	result = a + b;
+	return result;
+}
+
+double subEnclave::sub(double a = 20, double b = 10) {
+	result = a - b;
+	return result;
+}
+
+double subEnclave::mul(double a = 20, double b = 10) {
+	result = a * b;
+	return result;
+}
+
+double subEnclave::div(double a = 20, double b = 10) {
+	result = a / b;
+	return result;
+}
+
+double subEnclave::exp(double x = 7) {
+	result = x * x + 2 * x + 1;
+	return result;
+}
+
+int subEnclave::get_tag() {
+	return tag;
+}
+
+int subEnclave::get_id() {
+	return subEnlaveID;
+}
+/*
+int send(subEnclave &a, subEnclave &b) {
+	b.rev = a.result;
+	return 0;
+}
+
+int recieve(subEnclave &a, subEnclave &b) {
+	a.rev = b.result;
+	return 0;
+}*/
+
+subEnclave::~subEnclave() {
+	//cout << "destroy subenclave success" << endl;
+	print_destroy();
+}
+
+//////////////////////////////////////////////
+
+
+//std::vector<subEnclave> vec;
+
+
+
+// create
+int createSubEnclave(int id)
+{
+	
+	vec[id].setID(id);
+	print_create();
+	//vec.push_back(se[i]);
+	
+}
+
+// create
+int destroySubEnclave()
+{
+	print_create();
+	//vec.push_back(se[i]);
+	
+}
+
+int isExist(int ID,int num) 
+{
+	int sub = -1;
+	/*
+    for (int i = 0; i < size; i++) {
+			if (ID == arr[i].get_id()) {
+				sub = i;
+				break;
+			}
+		}
+	*/
+	for (int i = 0; i < num; i++) {
+		if (ID == vec[i].get_id()) {
+			sub = i;
+			break;
+		}
+	}
+}
+
+//飞地内计算(ecall)
+int compute(int tag, int size, int sub, double* result) {
+	//int ID;
+	//int sub1;
+	vec[sub].setTag(tag);
+	if (tag == ADD) {
+		// cout << "result:" << arr[sub].add() << endl;
+        print_res(vec[sub].add());
+        result[0] = vec[sub].add();
+    } else if (tag == SUB) {
+		//cout << "result:" << arr[sub].sub() << endl;
+		print_res(vec[sub].sub());
+        result[0] = vec[sub].sub();
+	} else if (tag == MUL) {
+		//cout << "result:" << arr[sub].mul() << endl;
+		print_res(vec[sub].mul());
+        result[0] = vec[sub].mul();
+	} else if (tag == DIV) {
+		//cout << "result:" << arr[sub].div() << endl;
+		print_res(vec[sub].div());
+        result[0] = vec[sub].div();
+	} else if (tag == EXP) {
+		//cout << "result:" << arr[sub].exp() << endl;
+		print_res(vec[sub].exp());
+        result[0] = vec[sub].exp();
+	} 
+    /*
+        else if (tag == SEND) {
+		cout << "Please enter the subEnclaveID of the recipient:";
+		while (1) {
+			sub1 = -1;
+			cin >> ID;
+			for (int i = 0; i < size; i++) {
+				if (ID == arr[i].get_id()) {
+					sub1 = i;
+					break;
+				}
+			}
+			if (sub1 == -1) {
+				cout << "The subEnclaveID was not found,please re-enter:";
+				continue;
+			} else
+				break;
+		}
+		send(arr[sub], arr[sub1]);
+		cout << "Send Success!" << endl;
+	} else if (tag == RECIEVE) {
+		cout << "Please enter the subEnclaveID of the Sender:";
+		while (1) {
+			sub1 = -1;
+			cin >> ID;
+			for (int i = 0; i < size; i++) {
+				if (ID == arr[i].get_id()) {
+					sub1 = i;
+					break;
+				}
+			}
+			if (sub1 == -1) {
+				cout << "The subEnclaveID was not found,please re-enter:";
+				continue;
+			} else
+				break;
+		}
+		recieve(arr[sub], arr[sub1]);
+		cout << "Recieve Success!" << endl;
+	} 
+    */
+    else {
+		print_error();
+	}
+	return 0;
+}
+
diff --git a/wallfacer 2.0/nested/enclave/test.cpp b/wallfacer 2.0/nested/enclave/test.cpp
new file mode 100644
index 00000000..352d58bc
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/test.cpp	
@@ -0,0 +1,247 @@
+#include <iostream>
+#include <algorithm>
+using namespace std;
+
+
+#define ADD 1
+#define SUB 2
+#define MUL 3
+#define DIV 4
+#define EXP 5
+#define SEND 6
+#define RECIEVE 7
+
+//内部飞地定义
+class subEnclave {
+	private:
+		int subEnlaveID;
+		int tag;
+		double result;
+		double rev;
+	public:
+		subEnclave();
+		int setID(int);
+		int setTag(int);
+		double add(double, double);
+		double sub(double, double);
+		double mul(double, double);
+		double div(double, double);
+		double exp(double);
+		int get_tag();
+		int get_id();
+		friend int send(subEnclave &, subEnclave &);
+		friend int recieve(subEnclave &, subEnclave &);
+		~subEnclave();
+};
+
+subEnclave::subEnclave() {
+	subEnlaveID = 0;
+	tag = 0;
+	result = 0;
+	rev = 0;
+	cout << "create subenclave success" << endl;
+}
+
+int subEnclave::setID(int ID) {
+
+	this->subEnlaveID = ID;
+	return 0;
+}
+
+int subEnclave::setTag(int tag) {
+	this->tag = tag;
+	return 0;
+}
+
+double subEnclave::add(double a = 20, double b = 10) {
+	result = a + b;
+	return result;
+}
+
+double subEnclave::sub(double a = 20, double b = 10) {
+	result = a - b;
+	return result;
+}
+
+double subEnclave::mul(double a = 20, double b = 10) {
+	result = a * b;
+	return result;
+}
+
+double subEnclave::div(double a = 20, double b = 10) {
+	result = a / b;
+	return result;
+}
+
+double subEnclave::exp(double x = 7) {
+	result = x * x + 2 * x + 1;
+	return result;
+}
+
+int subEnclave::get_tag() {
+	return tag;
+}
+
+int subEnclave::get_id() {
+	return subEnlaveID;
+}
+
+int send(subEnclave &a, subEnclave &b) {
+	b.rev = a.result;
+	return 0;
+}
+
+int recieve(subEnclave &a, subEnclave &b) {
+	a.rev = b.result;
+	return 0;
+}
+
+subEnclave::~subEnclave() {
+	cout << "destroy subenclave success" << endl;
+}
+
+bool Check_duplicates(int *arr, int num);
+int compute(int tag, subEnclave *arr, int size, int sub);
+int Set_subEnclaveID(subEnclave *arr, int size);
+int Use_subEnclave(subEnclave *arr, int size);
+
+//判断重复ID
+bool Check_duplicates(int *arr, int num) {
+	sort(arr, arr + num);
+	for (int i = 0; i < num - 1; i++) {
+		if (arr[i] == arr[i + 1])
+			return true;
+	}
+	return false;
+}
+
+//飞地内计算
+int compute(int tag, subEnclave *arr, int size, int sub) {
+	int ID;
+	int sub1;
+	arr[sub].setTag(tag);
+	if (tag == ADD) {
+		cout << "result:" << arr[sub].add() << endl;
+	} else if (tag == SUB) {
+		cout << "result:" << arr[sub].sub() << endl;
+	} else if (tag == MUL) {
+		cout << "result:" << arr[sub].mul() << endl;
+	} else if (tag == DIV) {
+		cout << "result:" << arr[sub].div() << endl;
+	} else if (tag == EXP) {
+		cout << "result:" << arr[sub].exp() << endl;
+	} else if (tag == SEND) {
+		cout << "Please enter the subEnclaveID of the recipient:";
+		while (1) {
+			sub1 = -1;
+			cin >> ID;
+			for (int i = 0; i < size; i++) {
+				if (ID == arr[i].get_id()) {
+					sub1 = i;
+					break;
+				}
+			}
+			if (sub1 == -1) {
+				cout << "The subEnclaveID was not found,please re-enter:";
+				continue;
+			} else
+				break;
+		}
+		send(arr[sub], arr[sub1]);
+		cout << "Send Success!" << endl;
+	} else if (tag == RECIEVE) {
+		cout << "Please enter the subEnclaveID of the Sender:";
+		while (1) {
+			sub1 = -1;
+			cin >> ID;
+			for (int i = 0; i < size; i++) {
+				if (ID == arr[i].get_id()) {
+					sub1 = i;
+					break;
+				}
+			}
+			if (sub1 == -1) {
+				cout << "The subEnclaveID was not found,please re-enter:";
+				continue;
+			} else
+				break;
+		}
+		recieve(arr[sub], arr[sub1]);
+		cout << "Recieve Success!" << endl;
+	} else {
+		cout << "error" << endl;
+	}
+	return 0;
+}
+
+//设置内部飞地ID
+int Set_subEnclaveID(subEnclave *arr, int size) {
+	int ID;
+	int check_id[size];
+	while (1) {
+		cout << "Please enter the subEnclaveID in turn:" << endl;
+		for (int i = 0; i < size; i++) {
+			cin >> ID;
+			check_id[i] = ID;
+		}
+		if (Check_duplicates(check_id, size) == true) {
+			cout << "Duplicate IDs were found,please re-enter!" << endl << endl;
+			continue;
+		} else
+			break;
+	}
+	for (int i = 0; i < size; i++) {
+		arr[i].setID(check_id[i]);
+	}
+	return 0;
+}
+
+//使用内部飞地
+int Use_subEnclave(subEnclave *arr, int size) {
+	int sub, ID, op;
+	while (1) {
+		sub = -1;
+		cout << "Please enter the subEnclaveID you want to operate: ";
+		cin >> ID;
+		for (int i = 0; i < size; i++) {
+			if (ID == arr[i].get_id()) {
+				sub = i;
+				break;
+			}
+		}
+		if (sub == -1) {
+			cout << "The subEnclaveID was not found,please re-enter!" << endl;
+			continue;
+		}
+
+		cout << "Please enter the function you want:" << endl;
+		cout << "1.ADD	2.SUB	3.MUL	4.DIV	5.EXP" << endl;
+		cout << "6.SEND	7.RECV	8.SKIP	9.EXIT" << endl;
+        
+		cin >> op;
+
+		if (op == 8)
+			continue;
+		if (op == 9)
+			break;
+
+		compute(op, arr, size, sub);
+	}
+	return 0;
+}
+
+int main() {
+
+	//创建内部飞地
+	int num;
+	cout << "Please enter the number of subEnclaves: ";
+	cin >> num;
+	subEnclave List[num];
+
+	//设置内部飞地ID
+	Set_subEnclaveID(List, num);
+
+	//使用内部飞地
+	Use_subEnclave(List, num);
+	return 0;
+}
\ No newline at end of file
diff --git a/wallfacer 2.0/nested/host/CMakeLists.txt b/wallfacer 2.0/nested/host/CMakeLists.txt
new file mode 100644
index 00000000..b2621947
--- /dev/null
+++ b/wallfacer 2.0/nested/host/CMakeLists.txt	
@@ -0,0 +1,119 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+#set auto code prefix
+set(PREFIX nested)
+#set host exec name
+set(OUTPUT secgear_nested)
+#set host src code
+set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp)
+
+#set auto code
+if(CC_GP)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
+endif()
+    
+if(CC_SGX)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx  --search-path ${SDK_PATH}/include)
+endif()
+
+if(CC_PL)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai)
+endif()
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE")
+set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
+
+if(CC_GP)
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+    target_include_directories(${OUTPUT} PRIVATE
+            ${CMAKE_BINARY_DIR}/inc
+            ${LOCAL_ROOT_PATH}/inc/host_inc
+            ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+            ${CMAKE_CURRENT_BINARY_DIR})
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+endif()
+
+if(CC_SGX)
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+    target_include_directories(${OUTPUT} PRIVATE
+			${LOCAL_ROOT_PATH}/inc/host_inc 
+			${LOCAL_ROOT_PATH}/inc/host_inc/sgx
+			${CMAKE_CURRENT_BINARY_DIR})
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+endif()
+
+if(CC_PL)
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+    target_include_directories(${OUTPUT} PRIVATE
+			${LOCAL_ROOT_PATH}/inc/host_inc
+			${LOCAL_ROOT_PATH}/inc/host_inc/penglai
+			${CMAKE_CURRENT_BINARY_DIR})
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+endif()
+
+if(CC_SIM)
+    target_link_libraries(${OUTPUT} secgearsim pthread)
+else()
+    target_link_libraries(${OUTPUT} secgear pthread)
+endif()
+set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
+
+if(CC_GP)
+	#itrustee install whitelist /vender/bin/teec_hello 
+	install(TARGETS  ${OUTPUT}
+        	RUNTIME
+        	DESTINATION /vendor/bin/
+       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+		            GROUP_EXECUTE GROUP_READ
+		            WORLD_EXECUTE WORLD_READ)  
+endif()
+
+if(CC_SGX)
+	install(TARGETS  ${OUTPUT}
+        	RUNTIME
+        	DESTINATION ${CMAKE_BINARY_DIR}/bin/
+       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+		            GROUP_EXECUTE GROUP_READ
+		            WORLD_EXECUTE WORLD_READ)  
+endif()
+
+if(CC_PL)
+	install(TARGETS  ${OUTPUT}
+		RUNTIME
+		DESTINATION ${CMAKE_BINARY_DIR}/bin/
+       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+		            GROUP_EXECUTE GROUP_READ
+		            WORLD_EXECUTE WORLD_READ)  
+endif()
diff --git a/wallfacer 2.0/nested/host/main.cpp b/wallfacer 2.0/nested/host/main.cpp
new file mode 100644
index 00000000..8832b991
--- /dev/null
+++ b/wallfacer 2.0/nested/host/main.cpp	
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include <stdio.h>
+#include <iostream>
+#include <unistd.h>
+#include <linux/limits.h>
+#include "enclave.h"
+#include "nested_u.h"
+#include "string.h"
+using namespace std;
+
+#define BUF_LEN 32
+
+void print_res(double result_)
+{
+    cout << result_ << endl;
+}
+
+void print_error()
+{
+    cout << "error" << endl;
+}
+
+void print_create()
+{
+    cout << "create subenclave success" << endl;
+}
+
+void print_destroy()
+{
+    cout << "destroy subenclave success" << endl;
+}
+
+int main()
+{
+    int  retval = 0;
+    char *path = PATH;
+    char buf[BUF_LEN];
+    cc_enclave_t context = {};
+    cc_enclave_result_t res = CC_FAIL;
+
+    char real_p[PATH_MAX];
+    /* check file exists, if not exist then use absolute path */
+    if (realpath(path, real_p) == NULL) {
+        if (getcwd(real_p, sizeof(real_p)) == NULL) {
+            printf("Cannot find enclave.sign.so");
+            goto end;
+        }
+        if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) {
+            printf("Failed to strcat enclave.sign.so path");
+            goto end;
+        }
+        (void)strcat(real_p, "/enclave.signed.so");
+    }
+
+    res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
+    if (res != CC_SUCCESS) {
+        printf("host create enclave error\n");
+        goto end; 
+    }
+    printf("host create enclave success\n");
+
+    /*
+    res = get_string(&context, &retval, buf);
+    if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) {
+        printf("Ecall enclave error\n");
+    } else {
+        printf("enclave say:%s\n", buf);
+    }
+    */
+
+    int num;
+    cout << "Please enter the number of subEnclaves: ";
+    cin >> num;
+    double result_[2];
+    //cin >> ID;
+    
+    //res = compute();
+    //cout << result_[0];
+    for (int i = 0;i < num;i++) {
+        res = createSubEnclave(&context, &retval, i);
+    }
+
+    int sub, ID, op;
+	while (1) {
+		sub = -1;
+		cout << "Please enter the subEnclaveID you want to operate: ";
+		cin >> ID;
+		for (int i = 0; i < num; i++) {
+			if (ID == i) {
+				sub = i;
+				break;
+			}
+		}
+		if (sub == -1) {
+			cout << "The subEnclaveID was not found,please re-enter!" << endl;
+			continue;
+		}
+
+		cout << "Please enter the function you want:" << endl;
+		cout << "1.ADD	2.SUB	3.MUL	4.DIV	5.EXP" << endl;
+		cout << "6.SKIP	7.EXIT" << endl;
+        
+		cin >> op;
+
+		if (op == 6)
+			continue;
+		if (op == 7)
+			break;
+
+		res = compute(&context, &retval,op, num, sub, result_);
+	}
+
+    for (int i = 0;i < num;i++) {
+        res = destroySubEnclave(&context, &retval);
+    }
+
+
+
+    res = cc_enclave_destroy(&context);
+    if(res != CC_SUCCESS) {
+        printf("host destroy enclave error\n");
+    } else {
+        printf("host destroy enclave success\n");
+    }
+end:
+    return res;
+}
diff --git a/wallfacer 2.0/nested/nested.edl b/wallfacer 2.0/nested/nested.edl
new file mode 100644
index 00000000..0eb3686c
--- /dev/null
+++ b/wallfacer 2.0/nested/nested.edl	
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+enclave {
+    include "secgear_urts.h"
+    from "secgear_tstdc.edl" import *; 
+    trusted {
+        public int compute(int tag, int size, int sub, [out, size=32]double* _result);
+
+        public int isExist(int ID, int num);
+
+        public int createSubEnclave(int num);
+
+        public int destroySubEnclave();
+    };
+    untrusted {
+        void print_res(double res);
+        void print_error();
+        void print_create();
+        void print_destroy();
+    };
+};
-- 
Gitee


From 31bbb7512e4447aea73f861e7a97a041a43cdd2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9E=97=E5=AE=B6=E8=85=BE?= <2369045900@qq.com>
Date: Thu, 28 Mar 2024 12:07:32 +0000
Subject: [PATCH 2/3] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20wall?=
 =?UTF-8?q?facer=202.0/nested?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wallfacer 2.0/nested/CMakeLists.txt           |  38 ---
 wallfacer 2.0/nested/enclave/CMakeLists.txt   | 219 ----------------
 .../nested/enclave/Enclave.config.xml         |  12 -
 wallfacer 2.0/nested/enclave/Enclave.lds      |  11 -
 wallfacer 2.0/nested/enclave/config_cloud.ini |  60 -----
 wallfacer 2.0/nested/enclave/manifest.txt     |   7 -
 wallfacer 2.0/nested/enclave/nested.cpp       | 236 -----------------
 wallfacer 2.0/nested/enclave/test.cpp         | 247 ------------------
 wallfacer 2.0/nested/host/CMakeLists.txt      | 119 ---------
 wallfacer 2.0/nested/host/main.cpp            | 138 ----------
 wallfacer 2.0/nested/nested.edl               |  31 ---
 11 files changed, 1118 deletions(-)
 delete mode 100644 wallfacer 2.0/nested/CMakeLists.txt
 delete mode 100644 wallfacer 2.0/nested/enclave/CMakeLists.txt
 delete mode 100644 wallfacer 2.0/nested/enclave/Enclave.config.xml
 delete mode 100644 wallfacer 2.0/nested/enclave/Enclave.lds
 delete mode 100644 wallfacer 2.0/nested/enclave/config_cloud.ini
 delete mode 100644 wallfacer 2.0/nested/enclave/manifest.txt
 delete mode 100644 wallfacer 2.0/nested/enclave/nested.cpp
 delete mode 100644 wallfacer 2.0/nested/enclave/test.cpp
 delete mode 100644 wallfacer 2.0/nested/host/CMakeLists.txt
 delete mode 100644 wallfacer 2.0/nested/host/main.cpp
 delete mode 100644 wallfacer 2.0/nested/nested.edl

diff --git a/wallfacer 2.0/nested/CMakeLists.txt b/wallfacer 2.0/nested/CMakeLists.txt
deleted file mode 100644
index bb0a41d6..00000000
--- a/wallfacer 2.0/nested/CMakeLists.txt	
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
-# secGear is licensed under the Mulan PSL v2.
-# You can use this software according to the terms and conditions of the Mulan PSL v2.
-# You may obtain a copy of Mulan PSL v2 at:
-#     http://license.coscl.org.cn/MulanPSL2
-# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
-# PURPOSE.
-# See the Mulan PSL v2 for more details.
-
-project(Nested  CXX)
-
-set(CMAKE_CXX_STANDARD 11)
-
-set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
-
-#set edl name
-set(EDL_FILE nested.edl)
-set(CODEGEN codegen)
-
-if(CC_GP)
-    set(CODETYPE trustzone)
-    set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0)
-    add_definitions(-DPATH="/data/${UUID}.sec")
-endif()
-
-if(CC_SGX)
-    set(CODETYPE sgx)
-    add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
-endif()
- 
-if(CC_PL)
-    set(CODETYPE penglai)
-    add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF")
-endif()
-
-add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
-add_subdirectory(${CURRENT_ROOT_PATH}/host)
diff --git a/wallfacer 2.0/nested/enclave/CMakeLists.txt b/wallfacer 2.0/nested/enclave/CMakeLists.txt
deleted file mode 100644
index d4e0e987..00000000
--- a/wallfacer 2.0/nested/enclave/CMakeLists.txt	
+++ /dev/null
@@ -1,219 +0,0 @@
-# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
-# secGear is licensed under the Mulan PSL v2.
-# You can use this software according to the terms and conditions of the Mulan PSL v2.
-# You may obtain a copy of Mulan PSL v2 at:
-#     http://license.coscl.org.cn/MulanPSL2
-# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
-# PURPOSE.
-# See the Mulan PSL v2 for more details.
-
-#set auto code prefix
-set(PREFIX nested)
-
-#set sign key
-set(PEM Enclave_private.pem)
-
-#set sign tool
-set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh)
-
-#set enclave src code
-set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/nested.cpp)
-
-#set log level
-set(PRINT_LEVEL 3)
-add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL})
-
-if(CC_GP)
-    #set signed output
-    set(OUTPUT ${UUID}.sec)
-    #set whilelist. default: /vendor/bin/teec_hello
-    set(WHITE_LIST_0 /vendor/bin/helloworld)
-    set(WHITE_LIST_OWNER root)
-    set(WHITE_LIST_1 /vendor/bin/secgear_helloworld)
-    set(WHITELIST WHITE_LIST_0 WHITE_LIST_1)
-
-    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
-    add_custom_command(OUTPUT ${AUTO_FILES}
-    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
-    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
-endif()
-
-if(CC_SGX)
-    set(OUTPUT enclave.signed.so)
-    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c)
-    add_custom_command(OUTPUT ${AUTO_FILES}
-    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
-    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include)
-endif()
-
-if(CC_PL)
-    set(OUTPUT penglai-ELF)
-    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
-    add_custom_command(OUTPUT ${AUTO_FILES}
-    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
-    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai)
-endif()
-
-set(COMMON_C_FLAGS "-W -Wall -Werror  -fno-short-enums  -fno-omit-frame-pointer -fstack-protector \
-	-Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \
-	-fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \
-        -Wno-error=unused-but-set-variable -Wno-error=format-truncation=")
-
-set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles")
-
-if(CC_GP)
-
-    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS}  -march=armv8-a ")
-    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s -fPIC")
-    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-s")
-    
-    set(ITRUSTEE_TEEDIR ${SDK_PATH}/)
-    set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc)
-
-    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
-        link_directories(${CMAKE_BINARY_DIR}/lib/)
-    endif()
-
-    add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES})
-
-    target_include_directories( ${PREFIX} PRIVATE
-	${CMAKE_CURRENT_BINARY_DIR}
-	${CMAKE_BINARY_DIR}/inc
-	${LOCAL_ROOT_PATH}/inc/host_inc
-	${LOCAL_ROOT_PATH}/inc/host_inc/gp
-	${LOCAL_ROOT_PATH}/inc/enclave_inc
-	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp
-	${ITRUSTEE_TEEDIR}/include/TA
-	${ITRUSTEE_TEEDIR}/include/TA/huawei_ext
-	${ITRUSTEE_LIBC}/arch/aarch64
-	${ITRUSTEE_LIBC}/
-	${ITRUSTEE_LIBC}/arch/arm/bits
-	${ITRUSTEE_LIBC}/arch/generic
-	${ITRUSTEE_LIBC}/arch/arm
-	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee)
-
-    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
-        target_link_directories(${PREFIX} PRIVATE
-	        ${CMAKE_BINARY_DIR}/lib/)
-    endif()
-
-    foreach(WHITE_LIST ${WHITELIST})
-	    add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}")
-    endforeach(WHITE_LIST)
-    add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}")
-
-    target_link_libraries(${PREFIX} -lsecgear_tee)
-
-    #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example #
-    #    add_custom_command(TARGET ${PREFIX}
-    #	      POST_BUILD
-	      #	      COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT})
-
-      #    install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}  
-      #        DESTINATION /data
-      #        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE  WORLD_READ  WORLD_EXECUTE)
-
-endif()
-
-if(CC_SGX)
-    set(SGX_DIR ${SDK_PATH})
-    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden")
-    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
-    set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64)
-
-    if(CC_SIM)
-        set(Trts_Library_Name sgx_trts_sim)
-        set(Service_Library_Name sgx_tservice_sim)
-    else()
-        set(Trts_Library_Name sgx_trts)
-        set(Service_Library_Name sgx_tservice)
-    endif()
-
-    set(Crypto_Library_Name sgx_tcrypto)
-
-    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \
-	-Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds")
-
-    if(${CMAKE_VERSION} VERSION_LESS "3.13.0") 
-        link_directories(${LINK_LIBRARY_PATH})
-    endif()
-
-    add_library(${PREFIX}  SHARED ${SOURCE_FILES} ${AUTO_FILES})
-
-    target_include_directories(${PREFIX} PRIVATE
-	    ${CMAKE_CURRENT_BINARY_DIR}
-	    ${SGX_DIR}/include/tlibc
-	    ${SGX_DIR}/include/libcxx
-	    ${SGX_DIR}/include
-	    ${LOCAL_ROOT_PATH}/inc/host_inc
-	    ${LOCAL_ROOT_PATH}/inc/host_inc/sgx)
-    
-    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") 
-        target_link_directories(${PREFIX} PRIVATE
-	        ${LINK_LIBRARY_PATH})
-    endif()
-
-    target_link_libraries(${PREFIX}  -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive 
-    		-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name}   -Wl,--end-group)
-    add_custom_command(TARGET ${PREFIX} 
-    POST_BUILD
-    COMMAND umask 0177
-    COMMAND openssl genrsa -3 -out ${PEM} 3072
-    COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml)
-endif()
-
-if(NOT DEFINED CC_PL)
-    set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE)
-endif()
-
-if(CC_PL)
-    set(SDK_LIB_DIR ${SDK_PATH}/lib)
-    set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include)
-    set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a)
-    set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib)
-    set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a)
-    set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a)
-    set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a)
-
-    set(SOURCE_C_OBJS "")
-    foreach(SOURCE_FILE ${SOURCE_FILES})
-        STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE})
-        set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o)
-        add_custom_command(
-            OUTPUT ${SOURCE_OBJ}
-            DEPENDS ${SOURCE_FILES}
-            COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc
-                -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc
-                -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE}
-            COMMENT "generate SOURCE_OBJ"
-        )
-        list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ})
-    endforeach()
-
-    set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o)
-    add_custom_command(
-        OUTPUT ${APP_C_OBJ}
-        DEPENDS ${AUTO_FILES}
-        COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc
-            -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc
-            -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c
-        COMMENT "generate APP_C_OBJ"
-    )
-
-    add_custom_command(
-        OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
-        DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB}
-        COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc
-            -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB}
-            ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds
-        COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
-        COMMENT "generate penglai-ELF"
-    )
-    add_custom_target(
-        ${OUTPUT} ALL
-        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
-        COMMENT "makefile target penglai-ELF"
-    )
-
-endif()
diff --git a/wallfacer 2.0/nested/enclave/Enclave.config.xml b/wallfacer 2.0/nested/enclave/Enclave.config.xml
deleted file mode 100644
index e94c9bc5..00000000
--- a/wallfacer 2.0/nested/enclave/Enclave.config.xml	
+++ /dev/null
@@ -1,12 +0,0 @@
-<EnclaveConfiguration>
-  <ProdID>0</ProdID>
-  <ISVSVN>0</ISVSVN>
-  <StackMaxSize>0x40000</StackMaxSize>
-  <HeapMaxSize>0x100000</HeapMaxSize>
-  <TCSNum>10</TCSNum>
-  <TCSPolicy>1</TCSPolicy>
-  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
-  <DisableDebug>0</DisableDebug>
-  <MiscSelect>0</MiscSelect>
-  <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
diff --git a/wallfacer 2.0/nested/enclave/Enclave.lds b/wallfacer 2.0/nested/enclave/Enclave.lds
deleted file mode 100644
index ab77e647..00000000
--- a/wallfacer 2.0/nested/enclave/Enclave.lds	
+++ /dev/null
@@ -1,11 +0,0 @@
-enclave.so
-{
-    global:
-        g_global_data_sim;
-        g_global_data;
-        enclave_entry;
-        g_peak_heap_used;
-    local:
-        *;
-};
-
diff --git a/wallfacer 2.0/nested/enclave/config_cloud.ini b/wallfacer 2.0/nested/enclave/config_cloud.ini
deleted file mode 100644
index 8c70225e..00000000
--- a/wallfacer 2.0/nested/enclave/config_cloud.ini	
+++ /dev/null
@@ -1,60 +0,0 @@
-[signSecPrivateCfg]
-;;;
-;private key length for signing TA:
-;[fixed value]
-;256 ECDSA Alg
-;2048/4096 RSA Alg
-secSignKeyLen = 4096
-;;;
-;[fixed value]
-;0 means SHA256 hash type
-;1 means SHA512 hash type
-secHashType = 0
-;;;
-; [fixed value]
-;0 means padding type is pkcs1v15
-;1 means padding type is PSS
-;[fixed value]
-secPaddingType = 1
-;;;
-;[fixed value]
-;RSA alg
-;ECDSA alg
-;SM2 alg
-secSignAlg = RSA
-;;;
-;public key for encrypt TA
-secEncryptKey = rsa_public_key_cloud.pem
-;;;
-;public key length
-secEncryptKeyLen = 3072
-
-[signSecPublicCfg]
-;;;
-;[fixed value]
-; sec sign key type
-;0 means debug
-;1 means release
-secReleaseType = 1
-;;;
-;0 means TA not installed by OTRP
-;1 means TA installed by OTRP
-secOtrpFlag = 0
-;;;
-;0 means not sign
-;1 means signed by local private
-;2 means signed using native sign tool;
-;3 means signed by CI
-;[fixed value]
-secSignType = 1
-;;;
-;server address for signing TA
-secSignServerIp =
-;;;
-;private key for signing TA
-;[private key owned by yourself]
-secSignKey = /home/TA_cert/private_key.pem
-;;;
-;config file
-;[signed config file by Huawei]
-configPath = /home/TA_cert/secgear-app1/config
diff --git a/wallfacer 2.0/nested/enclave/manifest.txt b/wallfacer 2.0/nested/enclave/manifest.txt
deleted file mode 100644
index d78354e6..00000000
--- a/wallfacer 2.0/nested/enclave/manifest.txt	
+++ /dev/null
@@ -1,7 +0,0 @@
-gpd.ta.appID:   		f68fd704-6eb1-4d14-b218-722850eb3ef0
-gpd.ta.service_name:		rsa-demo
-gpd.ta.singleInstance:		true
-gpd.ta.multiSession: 		false
-gpd.ta.instanceKeepAlive:	false
-gpd.ta.dataSize:		819200
-gpd.ta.stackSize:		40960
diff --git a/wallfacer 2.0/nested/enclave/nested.cpp b/wallfacer 2.0/nested/enclave/nested.cpp
deleted file mode 100644
index b684a54a..00000000
--- a/wallfacer 2.0/nested/enclave/nested.cpp	
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
- * secGear is licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- *     http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <vector>
-#include "nested_t.h"
-
-#define TA_HELLO_WORLD        "secgear hello world!"
-#define BUF_MAX 32
-
-
-#define ADD 1
-#define SUB 2
-#define MUL 3
-#define DIV 4
-#define EXP 5
-#define SEND 6
-#define RECIEVE 7
-
-//内部飞地定义
-class subEnclave {
-	private:
-		int subEnlaveID;
-		int tag;
-		double result;
-		double rev;
-	public:
-		subEnclave();
-		int setID(int);
-		int setTag(int);
-		double add(double, double);
-		double sub(double, double);
-		double mul(double, double);
-		double div(double, double);
-		double exp(double);
-		int get_tag();
-		int get_id();
-		//friend int send(subEnclave &, subEnclave &);
-		//friend int recieve(subEnclave &, subEnclave &);
-		~subEnclave();
-};
-
-subEnclave::subEnclave() {
-	subEnlaveID = 0;
-	tag = 0;
-	result = 0;
-	rev = 0;
-	//cout << "create subenclave success" << endl;
-	
-}
-subEnclave vec[100];
-int subEnclave::setID(int ID) {
-	this->subEnlaveID = ID;
-	return 0;
-}
-
-int subEnclave::setTag(int tag) {
-	this->tag = tag;
-	return 0;
-}
-
-double subEnclave::add(double a = 20, double b = 10) {
-	result = a + b;
-	return result;
-}
-
-double subEnclave::sub(double a = 20, double b = 10) {
-	result = a - b;
-	return result;
-}
-
-double subEnclave::mul(double a = 20, double b = 10) {
-	result = a * b;
-	return result;
-}
-
-double subEnclave::div(double a = 20, double b = 10) {
-	result = a / b;
-	return result;
-}
-
-double subEnclave::exp(double x = 7) {
-	result = x * x + 2 * x + 1;
-	return result;
-}
-
-int subEnclave::get_tag() {
-	return tag;
-}
-
-int subEnclave::get_id() {
-	return subEnlaveID;
-}
-/*
-int send(subEnclave &a, subEnclave &b) {
-	b.rev = a.result;
-	return 0;
-}
-
-int recieve(subEnclave &a, subEnclave &b) {
-	a.rev = b.result;
-	return 0;
-}*/
-
-subEnclave::~subEnclave() {
-	//cout << "destroy subenclave success" << endl;
-	print_destroy();
-}
-
-//////////////////////////////////////////////
-
-
-//std::vector<subEnclave> vec;
-
-
-
-// create
-int createSubEnclave(int id)
-{
-	
-	vec[id].setID(id);
-	print_create();
-	//vec.push_back(se[i]);
-	
-}
-
-// create
-int destroySubEnclave()
-{
-	print_create();
-	//vec.push_back(se[i]);
-	
-}
-
-int isExist(int ID,int num) 
-{
-	int sub = -1;
-	/*
-    for (int i = 0; i < size; i++) {
-			if (ID == arr[i].get_id()) {
-				sub = i;
-				break;
-			}
-		}
-	*/
-	for (int i = 0; i < num; i++) {
-		if (ID == vec[i].get_id()) {
-			sub = i;
-			break;
-		}
-	}
-}
-
-//飞地内计算(ecall)
-int compute(int tag, int size, int sub, double* result) {
-	//int ID;
-	//int sub1;
-	vec[sub].setTag(tag);
-	if (tag == ADD) {
-		// cout << "result:" << arr[sub].add() << endl;
-        print_res(vec[sub].add());
-        result[0] = vec[sub].add();
-    } else if (tag == SUB) {
-		//cout << "result:" << arr[sub].sub() << endl;
-		print_res(vec[sub].sub());
-        result[0] = vec[sub].sub();
-	} else if (tag == MUL) {
-		//cout << "result:" << arr[sub].mul() << endl;
-		print_res(vec[sub].mul());
-        result[0] = vec[sub].mul();
-	} else if (tag == DIV) {
-		//cout << "result:" << arr[sub].div() << endl;
-		print_res(vec[sub].div());
-        result[0] = vec[sub].div();
-	} else if (tag == EXP) {
-		//cout << "result:" << arr[sub].exp() << endl;
-		print_res(vec[sub].exp());
-        result[0] = vec[sub].exp();
-	} 
-    /*
-        else if (tag == SEND) {
-		cout << "Please enter the subEnclaveID of the recipient:";
-		while (1) {
-			sub1 = -1;
-			cin >> ID;
-			for (int i = 0; i < size; i++) {
-				if (ID == arr[i].get_id()) {
-					sub1 = i;
-					break;
-				}
-			}
-			if (sub1 == -1) {
-				cout << "The subEnclaveID was not found,please re-enter:";
-				continue;
-			} else
-				break;
-		}
-		send(arr[sub], arr[sub1]);
-		cout << "Send Success!" << endl;
-	} else if (tag == RECIEVE) {
-		cout << "Please enter the subEnclaveID of the Sender:";
-		while (1) {
-			sub1 = -1;
-			cin >> ID;
-			for (int i = 0; i < size; i++) {
-				if (ID == arr[i].get_id()) {
-					sub1 = i;
-					break;
-				}
-			}
-			if (sub1 == -1) {
-				cout << "The subEnclaveID was not found,please re-enter:";
-				continue;
-			} else
-				break;
-		}
-		recieve(arr[sub], arr[sub1]);
-		cout << "Recieve Success!" << endl;
-	} 
-    */
-    else {
-		print_error();
-	}
-	return 0;
-}
-
diff --git a/wallfacer 2.0/nested/enclave/test.cpp b/wallfacer 2.0/nested/enclave/test.cpp
deleted file mode 100644
index 352d58bc..00000000
--- a/wallfacer 2.0/nested/enclave/test.cpp	
+++ /dev/null
@@ -1,247 +0,0 @@
-#include <iostream>
-#include <algorithm>
-using namespace std;
-
-
-#define ADD 1
-#define SUB 2
-#define MUL 3
-#define DIV 4
-#define EXP 5
-#define SEND 6
-#define RECIEVE 7
-
-//内部飞地定义
-class subEnclave {
-	private:
-		int subEnlaveID;
-		int tag;
-		double result;
-		double rev;
-	public:
-		subEnclave();
-		int setID(int);
-		int setTag(int);
-		double add(double, double);
-		double sub(double, double);
-		double mul(double, double);
-		double div(double, double);
-		double exp(double);
-		int get_tag();
-		int get_id();
-		friend int send(subEnclave &, subEnclave &);
-		friend int recieve(subEnclave &, subEnclave &);
-		~subEnclave();
-};
-
-subEnclave::subEnclave() {
-	subEnlaveID = 0;
-	tag = 0;
-	result = 0;
-	rev = 0;
-	cout << "create subenclave success" << endl;
-}
-
-int subEnclave::setID(int ID) {
-
-	this->subEnlaveID = ID;
-	return 0;
-}
-
-int subEnclave::setTag(int tag) {
-	this->tag = tag;
-	return 0;
-}
-
-double subEnclave::add(double a = 20, double b = 10) {
-	result = a + b;
-	return result;
-}
-
-double subEnclave::sub(double a = 20, double b = 10) {
-	result = a - b;
-	return result;
-}
-
-double subEnclave::mul(double a = 20, double b = 10) {
-	result = a * b;
-	return result;
-}
-
-double subEnclave::div(double a = 20, double b = 10) {
-	result = a / b;
-	return result;
-}
-
-double subEnclave::exp(double x = 7) {
-	result = x * x + 2 * x + 1;
-	return result;
-}
-
-int subEnclave::get_tag() {
-	return tag;
-}
-
-int subEnclave::get_id() {
-	return subEnlaveID;
-}
-
-int send(subEnclave &a, subEnclave &b) {
-	b.rev = a.result;
-	return 0;
-}
-
-int recieve(subEnclave &a, subEnclave &b) {
-	a.rev = b.result;
-	return 0;
-}
-
-subEnclave::~subEnclave() {
-	cout << "destroy subenclave success" << endl;
-}
-
-bool Check_duplicates(int *arr, int num);
-int compute(int tag, subEnclave *arr, int size, int sub);
-int Set_subEnclaveID(subEnclave *arr, int size);
-int Use_subEnclave(subEnclave *arr, int size);
-
-//判断重复ID
-bool Check_duplicates(int *arr, int num) {
-	sort(arr, arr + num);
-	for (int i = 0; i < num - 1; i++) {
-		if (arr[i] == arr[i + 1])
-			return true;
-	}
-	return false;
-}
-
-//飞地内计算
-int compute(int tag, subEnclave *arr, int size, int sub) {
-	int ID;
-	int sub1;
-	arr[sub].setTag(tag);
-	if (tag == ADD) {
-		cout << "result:" << arr[sub].add() << endl;
-	} else if (tag == SUB) {
-		cout << "result:" << arr[sub].sub() << endl;
-	} else if (tag == MUL) {
-		cout << "result:" << arr[sub].mul() << endl;
-	} else if (tag == DIV) {
-		cout << "result:" << arr[sub].div() << endl;
-	} else if (tag == EXP) {
-		cout << "result:" << arr[sub].exp() << endl;
-	} else if (tag == SEND) {
-		cout << "Please enter the subEnclaveID of the recipient:";
-		while (1) {
-			sub1 = -1;
-			cin >> ID;
-			for (int i = 0; i < size; i++) {
-				if (ID == arr[i].get_id()) {
-					sub1 = i;
-					break;
-				}
-			}
-			if (sub1 == -1) {
-				cout << "The subEnclaveID was not found,please re-enter:";
-				continue;
-			} else
-				break;
-		}
-		send(arr[sub], arr[sub1]);
-		cout << "Send Success!" << endl;
-	} else if (tag == RECIEVE) {
-		cout << "Please enter the subEnclaveID of the Sender:";
-		while (1) {
-			sub1 = -1;
-			cin >> ID;
-			for (int i = 0; i < size; i++) {
-				if (ID == arr[i].get_id()) {
-					sub1 = i;
-					break;
-				}
-			}
-			if (sub1 == -1) {
-				cout << "The subEnclaveID was not found,please re-enter:";
-				continue;
-			} else
-				break;
-		}
-		recieve(arr[sub], arr[sub1]);
-		cout << "Recieve Success!" << endl;
-	} else {
-		cout << "error" << endl;
-	}
-	return 0;
-}
-
-//设置内部飞地ID
-int Set_subEnclaveID(subEnclave *arr, int size) {
-	int ID;
-	int check_id[size];
-	while (1) {
-		cout << "Please enter the subEnclaveID in turn:" << endl;
-		for (int i = 0; i < size; i++) {
-			cin >> ID;
-			check_id[i] = ID;
-		}
-		if (Check_duplicates(check_id, size) == true) {
-			cout << "Duplicate IDs were found,please re-enter!" << endl << endl;
-			continue;
-		} else
-			break;
-	}
-	for (int i = 0; i < size; i++) {
-		arr[i].setID(check_id[i]);
-	}
-	return 0;
-}
-
-//使用内部飞地
-int Use_subEnclave(subEnclave *arr, int size) {
-	int sub, ID, op;
-	while (1) {
-		sub = -1;
-		cout << "Please enter the subEnclaveID you want to operate: ";
-		cin >> ID;
-		for (int i = 0; i < size; i++) {
-			if (ID == arr[i].get_id()) {
-				sub = i;
-				break;
-			}
-		}
-		if (sub == -1) {
-			cout << "The subEnclaveID was not found,please re-enter!" << endl;
-			continue;
-		}
-
-		cout << "Please enter the function you want:" << endl;
-		cout << "1.ADD	2.SUB	3.MUL	4.DIV	5.EXP" << endl;
-		cout << "6.SEND	7.RECV	8.SKIP	9.EXIT" << endl;
-        
-		cin >> op;
-
-		if (op == 8)
-			continue;
-		if (op == 9)
-			break;
-
-		compute(op, arr, size, sub);
-	}
-	return 0;
-}
-
-int main() {
-
-	//创建内部飞地
-	int num;
-	cout << "Please enter the number of subEnclaves: ";
-	cin >> num;
-	subEnclave List[num];
-
-	//设置内部飞地ID
-	Set_subEnclaveID(List, num);
-
-	//使用内部飞地
-	Use_subEnclave(List, num);
-	return 0;
-}
\ No newline at end of file
diff --git a/wallfacer 2.0/nested/host/CMakeLists.txt b/wallfacer 2.0/nested/host/CMakeLists.txt
deleted file mode 100644
index b2621947..00000000
--- a/wallfacer 2.0/nested/host/CMakeLists.txt	
+++ /dev/null
@@ -1,119 +0,0 @@
-# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
-# secGear is licensed under the Mulan PSL v2.
-# You can use this software according to the terms and conditions of the Mulan PSL v2.
-# You may obtain a copy of Mulan PSL v2 at:
-#     http://license.coscl.org.cn/MulanPSL2
-# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
-# PURPOSE.
-# See the Mulan PSL v2 for more details.
-
-#set auto code prefix
-set(PREFIX nested)
-#set host exec name
-set(OUTPUT secgear_nested)
-#set host src code
-set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp)
-
-#set auto code
-if(CC_GP)
-    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
-    add_custom_command(OUTPUT ${AUTO_FILES}
-    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
-    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
-endif()
-    
-if(CC_SGX)
-    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
-    add_custom_command(OUTPUT ${AUTO_FILES}
-    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
-    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx  --search-path ${SDK_PATH}/include)
-endif()
-
-if(CC_PL)
-    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
-    add_custom_command(OUTPUT ${AUTO_FILES}
-    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
-    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai)
-endif()
-
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE")
-set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
-
-if(CC_GP)
-    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
-        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
-    endif()
-    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
-    target_include_directories(${OUTPUT} PRIVATE
-            ${CMAKE_BINARY_DIR}/inc
-            ${LOCAL_ROOT_PATH}/inc/host_inc
-            ${LOCAL_ROOT_PATH}/inc/host_inc/gp
-            ${CMAKE_CURRENT_BINARY_DIR})
-    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
-        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
-    endif()
-endif()
-
-if(CC_SGX)
-    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
-        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
-    endif()
-    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
-    target_include_directories(${OUTPUT} PRIVATE
-			${LOCAL_ROOT_PATH}/inc/host_inc 
-			${LOCAL_ROOT_PATH}/inc/host_inc/sgx
-			${CMAKE_CURRENT_BINARY_DIR})
-    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
-        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
-    endif()
-endif()
-
-if(CC_PL)
-    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
-        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
-    endif()
-    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
-    target_include_directories(${OUTPUT} PRIVATE
-			${LOCAL_ROOT_PATH}/inc/host_inc
-			${LOCAL_ROOT_PATH}/inc/host_inc/penglai
-			${CMAKE_CURRENT_BINARY_DIR})
-    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
-        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
-    endif()
-endif()
-
-if(CC_SIM)
-    target_link_libraries(${OUTPUT} secgearsim pthread)
-else()
-    target_link_libraries(${OUTPUT} secgear pthread)
-endif()
-set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
-
-if(CC_GP)
-	#itrustee install whitelist /vender/bin/teec_hello 
-	install(TARGETS  ${OUTPUT}
-        	RUNTIME
-        	DESTINATION /vendor/bin/
-       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
-		            GROUP_EXECUTE GROUP_READ
-		            WORLD_EXECUTE WORLD_READ)  
-endif()
-
-if(CC_SGX)
-	install(TARGETS  ${OUTPUT}
-        	RUNTIME
-        	DESTINATION ${CMAKE_BINARY_DIR}/bin/
-       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
-		            GROUP_EXECUTE GROUP_READ
-		            WORLD_EXECUTE WORLD_READ)  
-endif()
-
-if(CC_PL)
-	install(TARGETS  ${OUTPUT}
-		RUNTIME
-		DESTINATION ${CMAKE_BINARY_DIR}/bin/
-       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
-		            GROUP_EXECUTE GROUP_READ
-		            WORLD_EXECUTE WORLD_READ)  
-endif()
diff --git a/wallfacer 2.0/nested/host/main.cpp b/wallfacer 2.0/nested/host/main.cpp
deleted file mode 100644
index 8832b991..00000000
--- a/wallfacer 2.0/nested/host/main.cpp	
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
- * secGear is licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- *     http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- */
-
-#include <stdio.h>
-#include <iostream>
-#include <unistd.h>
-#include <linux/limits.h>
-#include "enclave.h"
-#include "nested_u.h"
-#include "string.h"
-using namespace std;
-
-#define BUF_LEN 32
-
-void print_res(double result_)
-{
-    cout << result_ << endl;
-}
-
-void print_error()
-{
-    cout << "error" << endl;
-}
-
-void print_create()
-{
-    cout << "create subenclave success" << endl;
-}
-
-void print_destroy()
-{
-    cout << "destroy subenclave success" << endl;
-}
-
-int main()
-{
-    int  retval = 0;
-    char *path = PATH;
-    char buf[BUF_LEN];
-    cc_enclave_t context = {};
-    cc_enclave_result_t res = CC_FAIL;
-
-    char real_p[PATH_MAX];
-    /* check file exists, if not exist then use absolute path */
-    if (realpath(path, real_p) == NULL) {
-        if (getcwd(real_p, sizeof(real_p)) == NULL) {
-            printf("Cannot find enclave.sign.so");
-            goto end;
-        }
-        if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) {
-            printf("Failed to strcat enclave.sign.so path");
-            goto end;
-        }
-        (void)strcat(real_p, "/enclave.signed.so");
-    }
-
-    res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
-    if (res != CC_SUCCESS) {
-        printf("host create enclave error\n");
-        goto end; 
-    }
-    printf("host create enclave success\n");
-
-    /*
-    res = get_string(&context, &retval, buf);
-    if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) {
-        printf("Ecall enclave error\n");
-    } else {
-        printf("enclave say:%s\n", buf);
-    }
-    */
-
-    int num;
-    cout << "Please enter the number of subEnclaves: ";
-    cin >> num;
-    double result_[2];
-    //cin >> ID;
-    
-    //res = compute();
-    //cout << result_[0];
-    for (int i = 0;i < num;i++) {
-        res = createSubEnclave(&context, &retval, i);
-    }
-
-    int sub, ID, op;
-	while (1) {
-		sub = -1;
-		cout << "Please enter the subEnclaveID you want to operate: ";
-		cin >> ID;
-		for (int i = 0; i < num; i++) {
-			if (ID == i) {
-				sub = i;
-				break;
-			}
-		}
-		if (sub == -1) {
-			cout << "The subEnclaveID was not found,please re-enter!" << endl;
-			continue;
-		}
-
-		cout << "Please enter the function you want:" << endl;
-		cout << "1.ADD	2.SUB	3.MUL	4.DIV	5.EXP" << endl;
-		cout << "6.SKIP	7.EXIT" << endl;
-        
-		cin >> op;
-
-		if (op == 6)
-			continue;
-		if (op == 7)
-			break;
-
-		res = compute(&context, &retval,op, num, sub, result_);
-	}
-
-    for (int i = 0;i < num;i++) {
-        res = destroySubEnclave(&context, &retval);
-    }
-
-
-
-    res = cc_enclave_destroy(&context);
-    if(res != CC_SUCCESS) {
-        printf("host destroy enclave error\n");
-    } else {
-        printf("host destroy enclave success\n");
-    }
-end:
-    return res;
-}
diff --git a/wallfacer 2.0/nested/nested.edl b/wallfacer 2.0/nested/nested.edl
deleted file mode 100644
index 0eb3686c..00000000
--- a/wallfacer 2.0/nested/nested.edl	
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
- * secGear is licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- *     http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- */
-
-enclave {
-    include "secgear_urts.h"
-    from "secgear_tstdc.edl" import *; 
-    trusted {
-        public int compute(int tag, int size, int sub, [out, size=32]double* _result);
-
-        public int isExist(int ID, int num);
-
-        public int createSubEnclave(int num);
-
-        public int destroySubEnclave();
-    };
-    untrusted {
-        void print_res(double res);
-        void print_error();
-        void print_create();
-        void print_destroy();
-    };
-};
-- 
Gitee


From c3336af0a496f185fdb6aad61add7c494f911bba Mon Sep 17 00:00:00 2001
From: LinJT <2369045900@qq.com>
Date: Thu, 28 Mar 2024 20:17:54 +0800
Subject: [PATCH 3/3] nested

---
 wallfacer 2.0/nested/CMakeLists.txt           |  38 +++
 wallfacer 2.0/nested/enclave/CMakeLists.txt   | 219 ++++++++++++++++
 .../nested/enclave/Enclave.config.xml         |  12 +
 wallfacer 2.0/nested/enclave/Enclave.lds      |  11 +
 wallfacer 2.0/nested/enclave/config_cloud.ini |  60 +++++
 wallfacer 2.0/nested/enclave/manifest.txt     |   7 +
 wallfacer 2.0/nested/enclave/nested.cpp       | 243 +++++++++++++++++
 wallfacer 2.0/nested/enclave/test.cpp         | 247 ++++++++++++++++++
 wallfacer 2.0/nested/host/CMakeLists.txt      | 119 +++++++++
 wallfacer 2.0/nested/host/main.cpp            | 170 ++++++++++++
 wallfacer 2.0/nested/nested.edl               |  37 +++
 11 files changed, 1163 insertions(+)
 create mode 100644 wallfacer 2.0/nested/CMakeLists.txt
 create mode 100644 wallfacer 2.0/nested/enclave/CMakeLists.txt
 create mode 100644 wallfacer 2.0/nested/enclave/Enclave.config.xml
 create mode 100644 wallfacer 2.0/nested/enclave/Enclave.lds
 create mode 100644 wallfacer 2.0/nested/enclave/config_cloud.ini
 create mode 100644 wallfacer 2.0/nested/enclave/manifest.txt
 create mode 100644 wallfacer 2.0/nested/enclave/nested.cpp
 create mode 100644 wallfacer 2.0/nested/enclave/test.cpp
 create mode 100644 wallfacer 2.0/nested/host/CMakeLists.txt
 create mode 100644 wallfacer 2.0/nested/host/main.cpp
 create mode 100644 wallfacer 2.0/nested/nested.edl

diff --git a/wallfacer 2.0/nested/CMakeLists.txt b/wallfacer 2.0/nested/CMakeLists.txt
new file mode 100644
index 00000000..bb0a41d6
--- /dev/null
+++ b/wallfacer 2.0/nested/CMakeLists.txt	
@@ -0,0 +1,38 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+project(Nested  CXX)
+
+set(CMAKE_CXX_STANDARD 11)
+
+set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+
+#set edl name
+set(EDL_FILE nested.edl)
+set(CODEGEN codegen)
+
+if(CC_GP)
+    set(CODETYPE trustzone)
+    set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0)
+    add_definitions(-DPATH="/data/${UUID}.sec")
+endif()
+
+if(CC_SGX)
+    set(CODETYPE sgx)
+    add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
+endif()
+ 
+if(CC_PL)
+    set(CODETYPE penglai)
+    add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF")
+endif()
+
+add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
+add_subdirectory(${CURRENT_ROOT_PATH}/host)
diff --git a/wallfacer 2.0/nested/enclave/CMakeLists.txt b/wallfacer 2.0/nested/enclave/CMakeLists.txt
new file mode 100644
index 00000000..d4e0e987
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/CMakeLists.txt	
@@ -0,0 +1,219 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+#set auto code prefix
+set(PREFIX nested)
+
+#set sign key
+set(PEM Enclave_private.pem)
+
+#set sign tool
+set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh)
+
+#set enclave src code
+set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/nested.cpp)
+
+#set log level
+set(PRINT_LEVEL 3)
+add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL})
+
+if(CC_GP)
+    #set signed output
+    set(OUTPUT ${UUID}.sec)
+    #set whilelist. default: /vendor/bin/teec_hello
+    set(WHITE_LIST_0 /vendor/bin/helloworld)
+    set(WHITE_LIST_OWNER root)
+    set(WHITE_LIST_1 /vendor/bin/secgear_helloworld)
+    set(WHITELIST WHITE_LIST_0 WHITE_LIST_1)
+
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
+endif()
+
+if(CC_SGX)
+    set(OUTPUT enclave.signed.so)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include)
+endif()
+
+if(CC_PL)
+    set(OUTPUT penglai-ELF)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai)
+endif()
+
+set(COMMON_C_FLAGS "-W -Wall -Werror  -fno-short-enums  -fno-omit-frame-pointer -fstack-protector \
+	-Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \
+	-fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \
+        -Wno-error=unused-but-set-variable -Wno-error=format-truncation=")
+
+set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles")
+
+if(CC_GP)
+
+    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS}  -march=armv8-a ")
+    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s -fPIC")
+    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-s")
+    
+    set(ITRUSTEE_TEEDIR ${SDK_PATH}/)
+    set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc)
+
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_BINARY_DIR}/lib/)
+    endif()
+
+    add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES})
+
+    target_include_directories( ${PREFIX} PRIVATE
+	${CMAKE_CURRENT_BINARY_DIR}
+	${CMAKE_BINARY_DIR}/inc
+	${LOCAL_ROOT_PATH}/inc/host_inc
+	${LOCAL_ROOT_PATH}/inc/host_inc/gp
+	${LOCAL_ROOT_PATH}/inc/enclave_inc
+	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp
+	${ITRUSTEE_TEEDIR}/include/TA
+	${ITRUSTEE_TEEDIR}/include/TA/huawei_ext
+	${ITRUSTEE_LIBC}/arch/aarch64
+	${ITRUSTEE_LIBC}/
+	${ITRUSTEE_LIBC}/arch/arm/bits
+	${ITRUSTEE_LIBC}/arch/generic
+	${ITRUSTEE_LIBC}/arch/arm
+	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee)
+
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${PREFIX} PRIVATE
+	        ${CMAKE_BINARY_DIR}/lib/)
+    endif()
+
+    foreach(WHITE_LIST ${WHITELIST})
+	    add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}")
+    endforeach(WHITE_LIST)
+    add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}")
+
+    target_link_libraries(${PREFIX} -lsecgear_tee)
+
+    #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example #
+    #    add_custom_command(TARGET ${PREFIX}
+    #	      POST_BUILD
+	      #	      COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT})
+
+      #    install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}  
+      #        DESTINATION /data
+      #        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE  WORLD_READ  WORLD_EXECUTE)
+
+endif()
+
+if(CC_SGX)
+    set(SGX_DIR ${SDK_PATH})
+    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden")
+    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
+    set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64)
+
+    if(CC_SIM)
+        set(Trts_Library_Name sgx_trts_sim)
+        set(Service_Library_Name sgx_tservice_sim)
+    else()
+        set(Trts_Library_Name sgx_trts)
+        set(Service_Library_Name sgx_tservice)
+    endif()
+
+    set(Crypto_Library_Name sgx_tcrypto)
+
+    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \
+	-Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds")
+
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0") 
+        link_directories(${LINK_LIBRARY_PATH})
+    endif()
+
+    add_library(${PREFIX}  SHARED ${SOURCE_FILES} ${AUTO_FILES})
+
+    target_include_directories(${PREFIX} PRIVATE
+	    ${CMAKE_CURRENT_BINARY_DIR}
+	    ${SGX_DIR}/include/tlibc
+	    ${SGX_DIR}/include/libcxx
+	    ${SGX_DIR}/include
+	    ${LOCAL_ROOT_PATH}/inc/host_inc
+	    ${LOCAL_ROOT_PATH}/inc/host_inc/sgx)
+    
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") 
+        target_link_directories(${PREFIX} PRIVATE
+	        ${LINK_LIBRARY_PATH})
+    endif()
+
+    target_link_libraries(${PREFIX}  -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive 
+    		-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name}   -Wl,--end-group)
+    add_custom_command(TARGET ${PREFIX} 
+    POST_BUILD
+    COMMAND umask 0177
+    COMMAND openssl genrsa -3 -out ${PEM} 3072
+    COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml)
+endif()
+
+if(NOT DEFINED CC_PL)
+    set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE)
+endif()
+
+if(CC_PL)
+    set(SDK_LIB_DIR ${SDK_PATH}/lib)
+    set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include)
+    set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a)
+    set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib)
+    set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a)
+    set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a)
+    set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a)
+
+    set(SOURCE_C_OBJS "")
+    foreach(SOURCE_FILE ${SOURCE_FILES})
+        STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE})
+        set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o)
+        add_custom_command(
+            OUTPUT ${SOURCE_OBJ}
+            DEPENDS ${SOURCE_FILES}
+            COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc
+                -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc
+                -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE}
+            COMMENT "generate SOURCE_OBJ"
+        )
+        list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ})
+    endforeach()
+
+    set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o)
+    add_custom_command(
+        OUTPUT ${APP_C_OBJ}
+        DEPENDS ${AUTO_FILES}
+        COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc
+            -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc
+            -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c
+        COMMENT "generate APP_C_OBJ"
+    )
+
+    add_custom_command(
+        OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
+        DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB}
+        COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc
+            -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB}
+            ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds
+        COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
+        COMMENT "generate penglai-ELF"
+    )
+    add_custom_target(
+        ${OUTPUT} ALL
+        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT}
+        COMMENT "makefile target penglai-ELF"
+    )
+
+endif()
diff --git a/wallfacer 2.0/nested/enclave/Enclave.config.xml b/wallfacer 2.0/nested/enclave/Enclave.config.xml
new file mode 100644
index 00000000..e94c9bc5
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/Enclave.config.xml	
@@ -0,0 +1,12 @@
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>10</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>
diff --git a/wallfacer 2.0/nested/enclave/Enclave.lds b/wallfacer 2.0/nested/enclave/Enclave.lds
new file mode 100644
index 00000000..ab77e647
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/Enclave.lds	
@@ -0,0 +1,11 @@
+enclave.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};
+
diff --git a/wallfacer 2.0/nested/enclave/config_cloud.ini b/wallfacer 2.0/nested/enclave/config_cloud.ini
new file mode 100644
index 00000000..8c70225e
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/config_cloud.ini	
@@ -0,0 +1,60 @@
+[signSecPrivateCfg]
+;;;
+;private key length for signing TA:
+;[fixed value]
+;256 ECDSA Alg
+;2048/4096 RSA Alg
+secSignKeyLen = 4096
+;;;
+;[fixed value]
+;0 means SHA256 hash type
+;1 means SHA512 hash type
+secHashType = 0
+;;;
+; [fixed value]
+;0 means padding type is pkcs1v15
+;1 means padding type is PSS
+;[fixed value]
+secPaddingType = 1
+;;;
+;[fixed value]
+;RSA alg
+;ECDSA alg
+;SM2 alg
+secSignAlg = RSA
+;;;
+;public key for encrypt TA
+secEncryptKey = rsa_public_key_cloud.pem
+;;;
+;public key length
+secEncryptKeyLen = 3072
+
+[signSecPublicCfg]
+;;;
+;[fixed value]
+; sec sign key type
+;0 means debug
+;1 means release
+secReleaseType = 1
+;;;
+;0 means TA not installed by OTRP
+;1 means TA installed by OTRP
+secOtrpFlag = 0
+;;;
+;0 means not sign
+;1 means signed by local private
+;2 means signed using native sign tool;
+;3 means signed by CI
+;[fixed value]
+secSignType = 1
+;;;
+;server address for signing TA
+secSignServerIp =
+;;;
+;private key for signing TA
+;[private key owned by yourself]
+secSignKey = /home/TA_cert/private_key.pem
+;;;
+;config file
+;[signed config file by Huawei]
+configPath = /home/TA_cert/secgear-app1/config
diff --git a/wallfacer 2.0/nested/enclave/manifest.txt b/wallfacer 2.0/nested/enclave/manifest.txt
new file mode 100644
index 00000000..d78354e6
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/manifest.txt	
@@ -0,0 +1,7 @@
+gpd.ta.appID:   		f68fd704-6eb1-4d14-b218-722850eb3ef0
+gpd.ta.service_name:		rsa-demo
+gpd.ta.singleInstance:		true
+gpd.ta.multiSession: 		false
+gpd.ta.instanceKeepAlive:	false
+gpd.ta.dataSize:		819200
+gpd.ta.stackSize:		40960
diff --git a/wallfacer 2.0/nested/enclave/nested.cpp b/wallfacer 2.0/nested/enclave/nested.cpp
new file mode 100644
index 00000000..89ba0cba
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/nested.cpp	
@@ -0,0 +1,243 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <vector>
+#include "nested_t.h"
+
+#define TA_HELLO_WORLD        "secgear hello world!"
+#define BUF_MAX 32
+
+
+#define ADD 1
+#define SUB 2
+#define MUL 3
+#define DIV 4
+#define EXP 5
+#define SEND 6
+#define RECIEVE 7
+
+//内部飞地定义
+class subEnclave {
+	private:
+		int subEnlaveID;
+		int tag;
+		double result;
+		double rev;
+	public:
+		subEnclave();
+		int setID(int);
+		int setTag(int);
+		double add(double, double);
+		double sub(double, double);
+		double mul(double, double);
+		double div(double, double);
+		double exp(double);
+		int get_tag();
+		int get_id();
+		friend int send(subEnclave &, subEnclave &);
+		friend int recieve(subEnclave &, subEnclave &);
+		~subEnclave();
+};
+
+subEnclave::subEnclave() {
+	subEnlaveID = 0;
+	tag = 0;
+	result = 0;
+	rev = 0;
+	//cout << "create subenclave success" << endl;
+	
+}
+
+subEnclave vec[100];
+
+int subEnclave::setID(int ID) {
+	this->subEnlaveID = ID;
+	return 0;
+}
+
+int subEnclave::setTag(int tag) {
+	this->tag = tag;
+	return 0;
+}
+
+double subEnclave::add(double a = 20, double b = 10) {
+	result = a + b;
+	return result;
+}
+
+double subEnclave::sub(double a = 20, double b = 10) {
+	result = a - b;
+	return result;
+}
+
+double subEnclave::mul(double a = 20, double b = 10) {
+	result = a * b;
+	return result;
+}
+
+double subEnclave::div(double a = 20, double b = 10) {
+	result = a / b;
+	return result;
+}
+
+double subEnclave::exp(double x = 7) {
+	result = x * x + 2 * x + 1;
+	return result;
+}
+
+int subEnclave::get_tag() {
+	return tag;
+}
+
+int subEnclave::get_id() {
+	return subEnlaveID;
+}
+
+int send(subEnclave &a, subEnclave &b) {
+	b.rev = a.result;
+	return 0;
+}
+
+int recieve(subEnclave &a, subEnclave &b) {
+	a.rev = b.result;
+	return 0;
+}
+
+subEnclave::~subEnclave() {
+	//cout << "destroy subenclave success" << endl;
+	print_destroy();
+}
+
+//////////////////////////////////////////////
+
+
+//std::vector<subEnclave> vec;
+
+
+
+// create
+int createSubEnclave(int id)
+{
+	
+	vec[id].setID(id);
+	print_create();
+	//vec.push_back(se[i]);
+	return 0;
+}
+
+// destroy
+int destroySubEnclave()
+{
+	print_destroy();
+	//vec.push_back(se[i]);
+	return 0;
+}
+
+/*
+int isExist(int ID,int num) 
+{
+	int sub = -1;
+	
+    for (int i = 0; i < size; i++) {
+			if (ID == arr[i].get_id()) {
+				sub = i;
+				break;
+			}
+		}
+	
+	for (int i = 0; i < num; i++) {
+		if (ID == vec[i].get_id()) {
+			sub = i;
+			break;
+		}
+	}
+}
+*/
+
+//飞地内计算(ecall)
+int compute(int tag, int size, int sub, double* result) {
+	int ID[2];
+	int sub1;
+	vec[sub].setTag(tag);
+	if (tag == ADD) {
+		// cout << "result:" << arr[sub].add() << endl;
+        print_res(vec[sub].add());
+        result[0] = vec[sub].add();
+    } else if (tag == SUB) {
+		//cout << "result:" << arr[sub].sub() << endl;
+		print_res(vec[sub].sub());
+        result[0] = vec[sub].sub();
+	} else if (tag == MUL) {
+		//cout << "result:" << arr[sub].mul() << endl;
+		print_res(vec[sub].mul());
+        result[0] = vec[sub].mul();
+	} else if (tag == DIV) {
+		//cout << "result:" << arr[sub].div() << endl;
+		print_res(vec[sub].div());
+        result[0] = vec[sub].div();
+	} else if (tag == EXP) {
+		//cout << "result:" << arr[sub].exp() << endl;
+		print_res(vec[sub].exp());
+        result[0] = vec[sub].exp();
+	} else if (tag == SEND) {
+		//cout << "Please enter the subEnclaveID of the recipient:";
+		print_send_hit();
+		while (1) {
+			sub1 = -1;
+			getid(ID);
+			for (int i = 0; i < size; i++) {
+				if (ID[0] == vec[i].get_id()) {
+					sub1 = i;
+					break;
+				}
+			}
+			if (sub1 == -1) {
+				//cout << "The subEnclaveID was not found,please re-enter:";
+				print_reenter_hit();
+				continue;
+			} else
+				break;
+		}
+		send(vec[sub], vec[sub1]);
+		//cout << "Send Success!" << endl;
+		print_send();
+	} else if (tag == RECIEVE) {
+		//cout << "Please enter the subEnclaveID of the Sender:";
+		print_recieve_hit();
+		while (1) {
+			sub1 = -1;
+			//cin >> ID;
+			getid(ID);
+			for (int i = 0; i < size; i++) {
+				if (ID[0] == vec[i].get_id()) {
+					sub1 = i;
+					break;
+				}
+			}
+			if (sub1 == -1) {
+				//cout << "The subEnclaveID was not found,please re-enter:";
+				print_reenter_hit();
+				continue;
+			} else
+				break;
+		}
+		recieve(vec[sub], vec[sub1]);
+		//cout << "Recieve Success!" << endl;
+		print_recieve();
+	} else {
+		print_error();
+	}
+	return 0;
+}
+
diff --git a/wallfacer 2.0/nested/enclave/test.cpp b/wallfacer 2.0/nested/enclave/test.cpp
new file mode 100644
index 00000000..352d58bc
--- /dev/null
+++ b/wallfacer 2.0/nested/enclave/test.cpp	
@@ -0,0 +1,247 @@
+#include <iostream>
+#include <algorithm>
+using namespace std;
+
+
+#define ADD 1
+#define SUB 2
+#define MUL 3
+#define DIV 4
+#define EXP 5
+#define SEND 6
+#define RECIEVE 7
+
+//内部飞地定义
+class subEnclave {
+	private:
+		int subEnlaveID;
+		int tag;
+		double result;
+		double rev;
+	public:
+		subEnclave();
+		int setID(int);
+		int setTag(int);
+		double add(double, double);
+		double sub(double, double);
+		double mul(double, double);
+		double div(double, double);
+		double exp(double);
+		int get_tag();
+		int get_id();
+		friend int send(subEnclave &, subEnclave &);
+		friend int recieve(subEnclave &, subEnclave &);
+		~subEnclave();
+};
+
+subEnclave::subEnclave() {
+	subEnlaveID = 0;
+	tag = 0;
+	result = 0;
+	rev = 0;
+	cout << "create subenclave success" << endl;
+}
+
+int subEnclave::setID(int ID) {
+
+	this->subEnlaveID = ID;
+	return 0;
+}
+
+int subEnclave::setTag(int tag) {
+	this->tag = tag;
+	return 0;
+}
+
+double subEnclave::add(double a = 20, double b = 10) {
+	result = a + b;
+	return result;
+}
+
+double subEnclave::sub(double a = 20, double b = 10) {
+	result = a - b;
+	return result;
+}
+
+double subEnclave::mul(double a = 20, double b = 10) {
+	result = a * b;
+	return result;
+}
+
+double subEnclave::div(double a = 20, double b = 10) {
+	result = a / b;
+	return result;
+}
+
+double subEnclave::exp(double x = 7) {
+	result = x * x + 2 * x + 1;
+	return result;
+}
+
+int subEnclave::get_tag() {
+	return tag;
+}
+
+int subEnclave::get_id() {
+	return subEnlaveID;
+}
+
+int send(subEnclave &a, subEnclave &b) {
+	b.rev = a.result;
+	return 0;
+}
+
+int recieve(subEnclave &a, subEnclave &b) {
+	a.rev = b.result;
+	return 0;
+}
+
+subEnclave::~subEnclave() {
+	cout << "destroy subenclave success" << endl;
+}
+
+bool Check_duplicates(int *arr, int num);
+int compute(int tag, subEnclave *arr, int size, int sub);
+int Set_subEnclaveID(subEnclave *arr, int size);
+int Use_subEnclave(subEnclave *arr, int size);
+
+//判断重复ID
+bool Check_duplicates(int *arr, int num) {
+	sort(arr, arr + num);
+	for (int i = 0; i < num - 1; i++) {
+		if (arr[i] == arr[i + 1])
+			return true;
+	}
+	return false;
+}
+
+//飞地内计算
+int compute(int tag, subEnclave *arr, int size, int sub) {
+	int ID;
+	int sub1;
+	arr[sub].setTag(tag);
+	if (tag == ADD) {
+		cout << "result:" << arr[sub].add() << endl;
+	} else if (tag == SUB) {
+		cout << "result:" << arr[sub].sub() << endl;
+	} else if (tag == MUL) {
+		cout << "result:" << arr[sub].mul() << endl;
+	} else if (tag == DIV) {
+		cout << "result:" << arr[sub].div() << endl;
+	} else if (tag == EXP) {
+		cout << "result:" << arr[sub].exp() << endl;
+	} else if (tag == SEND) {
+		cout << "Please enter the subEnclaveID of the recipient:";
+		while (1) {
+			sub1 = -1;
+			cin >> ID;
+			for (int i = 0; i < size; i++) {
+				if (ID == arr[i].get_id()) {
+					sub1 = i;
+					break;
+				}
+			}
+			if (sub1 == -1) {
+				cout << "The subEnclaveID was not found,please re-enter:";
+				continue;
+			} else
+				break;
+		}
+		send(arr[sub], arr[sub1]);
+		cout << "Send Success!" << endl;
+	} else if (tag == RECIEVE) {
+		cout << "Please enter the subEnclaveID of the Sender:";
+		while (1) {
+			sub1 = -1;
+			cin >> ID;
+			for (int i = 0; i < size; i++) {
+				if (ID == arr[i].get_id()) {
+					sub1 = i;
+					break;
+				}
+			}
+			if (sub1 == -1) {
+				cout << "The subEnclaveID was not found,please re-enter:";
+				continue;
+			} else
+				break;
+		}
+		recieve(arr[sub], arr[sub1]);
+		cout << "Recieve Success!" << endl;
+	} else {
+		cout << "error" << endl;
+	}
+	return 0;
+}
+
+//设置内部飞地ID
+int Set_subEnclaveID(subEnclave *arr, int size) {
+	int ID;
+	int check_id[size];
+	while (1) {
+		cout << "Please enter the subEnclaveID in turn:" << endl;
+		for (int i = 0; i < size; i++) {
+			cin >> ID;
+			check_id[i] = ID;
+		}
+		if (Check_duplicates(check_id, size) == true) {
+			cout << "Duplicate IDs were found,please re-enter!" << endl << endl;
+			continue;
+		} else
+			break;
+	}
+	for (int i = 0; i < size; i++) {
+		arr[i].setID(check_id[i]);
+	}
+	return 0;
+}
+
+//使用内部飞地
+int Use_subEnclave(subEnclave *arr, int size) {
+	int sub, ID, op;
+	while (1) {
+		sub = -1;
+		cout << "Please enter the subEnclaveID you want to operate: ";
+		cin >> ID;
+		for (int i = 0; i < size; i++) {
+			if (ID == arr[i].get_id()) {
+				sub = i;
+				break;
+			}
+		}
+		if (sub == -1) {
+			cout << "The subEnclaveID was not found,please re-enter!" << endl;
+			continue;
+		}
+
+		cout << "Please enter the function you want:" << endl;
+		cout << "1.ADD	2.SUB	3.MUL	4.DIV	5.EXP" << endl;
+		cout << "6.SEND	7.RECV	8.SKIP	9.EXIT" << endl;
+        
+		cin >> op;
+
+		if (op == 8)
+			continue;
+		if (op == 9)
+			break;
+
+		compute(op, arr, size, sub);
+	}
+	return 0;
+}
+
+int main() {
+
+	//创建内部飞地
+	int num;
+	cout << "Please enter the number of subEnclaves: ";
+	cin >> num;
+	subEnclave List[num];
+
+	//设置内部飞地ID
+	Set_subEnclaveID(List, num);
+
+	//使用内部飞地
+	Use_subEnclave(List, num);
+	return 0;
+}
\ No newline at end of file
diff --git a/wallfacer 2.0/nested/host/CMakeLists.txt b/wallfacer 2.0/nested/host/CMakeLists.txt
new file mode 100644
index 00000000..b2621947
--- /dev/null
+++ b/wallfacer 2.0/nested/host/CMakeLists.txt	
@@ -0,0 +1,119 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+#set auto code prefix
+set(PREFIX nested)
+#set host exec name
+set(OUTPUT secgear_nested)
+#set host src code
+set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp)
+
+#set auto code
+if(CC_GP)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
+endif()
+    
+if(CC_SGX)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx  --search-path ${SDK_PATH}/include)
+endif()
+
+if(CC_PL)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai)
+endif()
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE")
+set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
+
+if(CC_GP)
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+    target_include_directories(${OUTPUT} PRIVATE
+            ${CMAKE_BINARY_DIR}/inc
+            ${LOCAL_ROOT_PATH}/inc/host_inc
+            ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+            ${CMAKE_CURRENT_BINARY_DIR})
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+endif()
+
+if(CC_SGX)
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+    target_include_directories(${OUTPUT} PRIVATE
+			${LOCAL_ROOT_PATH}/inc/host_inc 
+			${LOCAL_ROOT_PATH}/inc/host_inc/sgx
+			${CMAKE_CURRENT_BINARY_DIR})
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+endif()
+
+if(CC_PL)
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+    target_include_directories(${OUTPUT} PRIVATE
+			${LOCAL_ROOT_PATH}/inc/host_inc
+			${LOCAL_ROOT_PATH}/inc/host_inc/penglai
+			${CMAKE_CURRENT_BINARY_DIR})
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+endif()
+
+if(CC_SIM)
+    target_link_libraries(${OUTPUT} secgearsim pthread)
+else()
+    target_link_libraries(${OUTPUT} secgear pthread)
+endif()
+set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
+
+if(CC_GP)
+	#itrustee install whitelist /vender/bin/teec_hello 
+	install(TARGETS  ${OUTPUT}
+        	RUNTIME
+        	DESTINATION /vendor/bin/
+       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+		            GROUP_EXECUTE GROUP_READ
+		            WORLD_EXECUTE WORLD_READ)  
+endif()
+
+if(CC_SGX)
+	install(TARGETS  ${OUTPUT}
+        	RUNTIME
+        	DESTINATION ${CMAKE_BINARY_DIR}/bin/
+       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+		            GROUP_EXECUTE GROUP_READ
+		            WORLD_EXECUTE WORLD_READ)  
+endif()
+
+if(CC_PL)
+	install(TARGETS  ${OUTPUT}
+		RUNTIME
+		DESTINATION ${CMAKE_BINARY_DIR}/bin/
+       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+		            GROUP_EXECUTE GROUP_READ
+		            WORLD_EXECUTE WORLD_READ)  
+endif()
diff --git a/wallfacer 2.0/nested/host/main.cpp b/wallfacer 2.0/nested/host/main.cpp
new file mode 100644
index 00000000..6eea03c4
--- /dev/null
+++ b/wallfacer 2.0/nested/host/main.cpp	
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include <stdio.h>
+#include <iostream>
+#include <unistd.h>
+#include <linux/limits.h>
+#include "enclave.h"
+#include "nested_u.h"
+#include "string.h"
+using namespace std;
+
+#define BUF_LEN 32
+
+void print_res(double result_)
+{
+    cout << result_ << endl;
+}
+
+void print_error()
+{
+    cout << "error" << endl;
+}
+
+void print_create()
+{
+    cout << "create subenclave success" << endl;
+}
+
+void print_destroy()
+{
+    cout << "destroy subenclave success" << endl;
+}
+
+void getid(int* id)
+{
+    cin >> id[0];
+}
+
+
+void print_send()
+{
+    cout << "Send Success!" << endl;
+}
+
+void print_recieve()
+{
+    cout << "Recieve Success!" << endl;
+}
+
+void print_send_hit()
+{
+    cout << "Please enter the subEnclaveID of the recipient:";
+}
+
+void print_recieve_hit()
+{
+    cout << "Please enter the subEnclaveID of the Sender:";
+}
+
+void print_reenter_hit()
+{
+    cout << "The subEnclaveID was not found,please re-enter:";
+}
+
+int main()
+{
+    int  retval = 0;
+    char *path = PATH;
+    char buf[BUF_LEN];
+    cc_enclave_t context = {};
+    cc_enclave_result_t res = CC_FAIL;
+
+    char real_p[PATH_MAX];
+    /* check file exists, if not exist then use absolute path */
+    if (realpath(path, real_p) == NULL) {
+        if (getcwd(real_p, sizeof(real_p)) == NULL) {
+            printf("Cannot find enclave.sign.so");
+            goto end;
+        }
+        if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) {
+            printf("Failed to strcat enclave.sign.so path");
+            goto end;
+        }
+        (void)strcat(real_p, "/enclave.signed.so");
+    }
+
+    res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
+    if (res != CC_SUCCESS) {
+        printf("host create enclave error\n");
+        goto end; 
+    }
+    printf("host create enclave success\n");
+
+    /*
+    res = get_string(&context, &retval, buf);
+    if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) {
+        printf("Ecall enclave error\n");
+    } else {
+        printf("enclave say:%s\n", buf);
+    }
+    */
+
+    int num;
+    cout << "Please enter the number of subEnclaves: ";
+    cin >> num;
+    double result_[2];
+    //cin >> ID;
+    
+    //res = compute();
+    //cout << result_[0];
+    for (int i = 0;i < num;i++) {
+        res = createSubEnclave(&context, &retval, i);
+    }
+
+    int sub, ID, op;
+	while (1) {
+		sub = -1;
+		cout << "Please enter the subEnclaveID you want to operate: ";
+		cin >> ID;
+        //判断存在
+		for (int i = 0; i < num; i++) {
+			if (ID == i) {
+				sub = i;
+				break;
+			}
+		}
+		if (sub == -1) {
+			cout << "The subEnclaveID was not found,please re-enter!" << endl;
+			continue;
+		}
+
+		cout << "Please enter the function you want:" << endl;
+		cout << "1.ADD	2.SUB	3.MUL	4.DIV	5.EXP" << endl;
+		cout << "6.SEND 7.RECV  8.SKIP	9.EXIT" << endl;
+        
+		cin >> op;
+
+		if (op == 8)
+			continue;
+		if (op == 9)
+			break;
+
+		res = compute(&context, &retval,op, num, sub, result_);
+	}
+
+    for (int i = 0;i < num;i++) {
+        res = destroySubEnclave(&context, &retval);
+    }
+
+
+
+    res = cc_enclave_destroy(&context);
+    if(res != CC_SUCCESS) {
+        printf("host destroy enclave error\n");
+    } else {
+        printf("host destroy enclave success\n");
+    }
+end:
+    return res;
+}
diff --git a/wallfacer 2.0/nested/nested.edl b/wallfacer 2.0/nested/nested.edl
new file mode 100644
index 00000000..7dc9df48
--- /dev/null
+++ b/wallfacer 2.0/nested/nested.edl	
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+enclave {
+    include "secgear_urts.h"
+    from "secgear_tstdc.edl" import *; 
+    trusted {
+        public int compute(int tag, int size, int sub, [out, size=32]double* _result);
+
+        public int isExist(int ID, int num);
+
+        public int createSubEnclave(int num);
+
+        public int destroySubEnclave();
+    };
+    untrusted {
+        void print_res(double res);
+        void print_error();
+        void print_create();
+        void print_destroy();
+        void getid([in,out,size = 32]int* id);
+        void print_send();
+        void print_recieve();
+        void print_send_hit();
+        void print_recieve_hit();
+        void print_reenter_hit();
+    };
+};
-- 
Gitee