From 1afbb904e085d80e1282f17d936b208ec3d2c84a Mon Sep 17 00:00:00 2001 From: zgzxx Date: Mon, 15 Mar 2021 20:13:55 +0800 Subject: [PATCH] backport patch (cherry picked from commit 5b70e532bf36f9de2246c7b54ef2bad83f19fc75) --- 0009-fix-sgxssl-edl.patch | 23 +++++++ 0010-update-docs-build_install.md.patch | 25 ++++++++ 0011-modify-the-prompt-information.patch | 25 ++++++++ ...w-error-code-and-del-redundant-print.patch | 62 +++++++++++++++++++ 0013-fix-error-print.patch | 25 ++++++++ 0014-set-umask-in-sign_tool.sh.patch | 24 +++++++ secGear.spec | 20 +++++- 7 files changed, 203 insertions(+), 1 deletion(-) create mode 100644 0009-fix-sgxssl-edl.patch create mode 100644 0010-update-docs-build_install.md.patch create mode 100644 0011-modify-the-prompt-information.patch create mode 100644 0012-parse-new-error-code-and-del-redundant-print.patch create mode 100644 0013-fix-error-print.patch create mode 100644 0014-set-umask-in-sign_tool.sh.patch diff --git a/0009-fix-sgxssl-edl.patch b/0009-fix-sgxssl-edl.patch new file mode 100644 index 0000000..ef67833 --- /dev/null +++ b/0009-fix-sgxssl-edl.patch @@ -0,0 +1,23 @@ +From 171ab61244c87058ab7b4a9f5ea0fbb1d5a84bbc Mon Sep 17 00:00:00 2001 +From: liwei3013 +Date: Sat, 27 Feb 2021 11:32:50 +0800 +Subject: [PATCH 1/6] fix sgxssl edl + +Signed-off-by: liwei3013 +--- + inc/host_inc/sgx/secgear_tssl.edl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/inc/host_inc/sgx/secgear_tssl.edl b/inc/host_inc/sgx/secgear_tssl.edl +index 707c344..2ae7d85 100644 +--- a/inc/host_inc/sgx/secgear_tssl.edl ++++ b/inc/host_inc/sgx/secgear_tssl.edl +@@ -1,4 +1,4 @@ + // To do: develop key libraries of secGear version, to be compatible with SGX and GP. + enclave { +- from "sgx_tstdc.edl" import *; ++ from "sgx_tsgxssl.edl" import *; + }; +-- +2.27.0 + diff --git a/0010-update-docs-build_install.md.patch b/0010-update-docs-build_install.md.patch new file mode 100644 index 0000000..1853aec --- /dev/null +++ b/0010-update-docs-build_install.md.patch @@ -0,0 +1,25 @@ +From a960391b449cdc9dc081dbab28e9fbc0aa093cf0 Mon Sep 17 00:00:00 2001 +From: liwei3013 +Date: Mon, 8 Mar 2021 10:19:54 +0800 +Subject: [PATCH 2/6] update docs/build_install.md. + +--- + docs/build_install.md | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/docs/build_install.md b/docs/build_install.md +index 9ba1adb..482e8c2 100644 +--- a/docs/build_install.md ++++ b/docs/build_install.md +@@ -3,7 +3,7 @@ Install secGear + openEuler x86 + + 1. Refer to https://01.org/intel-software-guard-extensions/downloads download and install the 2.11 +- sgx driver, sgx psw, sgx sdx. In the directory of sgx sdk, source environment(for use sgx-sign) ++ sgx driver, sgx psw, sgx sdk. In the directory of sgx sdk, source environment(for use sgx-sign) + + 2. Refer to https://github.com/ocaml/opam/releases download and install the opam-2.0.7-x86_64-linux. + Run "./opam-2.0.7-x86_64-linux init" +-- +2.27.0 + diff --git a/0011-modify-the-prompt-information.patch b/0011-modify-the-prompt-information.patch new file mode 100644 index 0000000..a1f34be --- /dev/null +++ b/0011-modify-the-prompt-information.patch @@ -0,0 +1,25 @@ +From 4fc7411abfeef1d80b1ff97ef674322e7391e55d Mon Sep 17 00:00:00 2001 +From: zgzxx +Date: Wed, 10 Mar 2021 09:37:54 +0800 +Subject: [PATCH 3/6] modify the prompt information + +--- + tools/codegener/intel/Util.ml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/codegener/intel/Util.ml b/tools/codegener/intel/Util.ml +index 9629e54..f5f9afc 100644 +--- a/tools/codegener/intel/Util.ml ++++ b/tools/codegener/intel/Util.ml +@@ -62,7 +62,7 @@ let dedup_list lst = + let usage (progname: string) = + eprintf "usage: %s [options] ...\n" progname; + eprintf "\n[options]\n\ +---search-path Specify the search path of EDL files\n\ ++--search-path Specify the search path of the dependent files of the EDL files\n\ + --use-prefix Prefix untrusted proxy with Enclave name\n\ + --header-only Only generate header files\n\ + --untrusted Generate untrusted proxy and bridge\n\ +-- +2.27.0 + diff --git a/0012-parse-new-error-code-and-del-redundant-print.patch b/0012-parse-new-error-code-and-del-redundant-print.patch new file mode 100644 index 0000000..9489089 --- /dev/null +++ b/0012-parse-new-error-code-and-del-redundant-print.patch @@ -0,0 +1,62 @@ +From c11313e25c077743ec9fb88d4463a18370dcb881 Mon Sep 17 00:00:00 2001 +From: zgzxx +Date: Thu, 11 Mar 2021 10:46:05 +0800 +Subject: [PATCH 4/6] parse new error code and del redundant print + +--- + inc/host_inc/status.h | 2 +- + src/host_src/enclave_internal.c | 2 +- + src/host_src/sgx/sgx_enclave.c | 4 +++- + 3 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h +index 84c092a..1d18d2e 100644 +--- a/inc/host_inc/status.h ++++ b/inc/host_inc/status.h +@@ -56,7 +56,7 @@ typedef enum _enclave_result_t + CC_ERROR_INVALID_ISVSVN, /* The isv svn is greater than the enclave's isv svn */ + CC_ERROR_INVALID_KEYNAME, /* The key name is an unsupported value */ + CC_ERROR_AE_INVALID_EPIDBLOB, /* Indicates epid blob verification error */ +- CC_ERROR_SERVICE_INVALID_PRIVILEGE, /* Enclave has no privilege to get launch token */ ++ CC_ERROR_SERVICE_INVALID_PRIVILEGE, /* Enclave not authorized to run */ + CC_ERROR_EPID_MEMBER_REVOKED, /* The EPID group membership is revoked */ + CC_ERROR_UPDATE_NEEDED, /* SDK need to be update*/ + CC_ERROR_MC_NOT_FOUND, /* The Monotonic Counter doesn't exist or has been invalided */ +diff --git a/src/host_src/enclave_internal.c b/src/host_src/enclave_internal.c +index 9a172bd..962fc07 100644 +--- a/src/host_src/enclave_internal.c ++++ b/src/host_src/enclave_internal.c +@@ -64,7 +64,7 @@ static err2str g_secgearerror [] = + {CC_ERROR_INVALID_ISVSVN, "The isv svn is greater than the enclave's isv svn."}, + {CC_ERROR_INVALID_KEYNAME, "The key name is an unsupported value."}, + {CC_ERROR_AE_INVALID_EPIDBLOB, "Indicates epid blob verification error."}, +- {CC_ERROR_SERVICE_INVALID_PRIVILEGE, "Enclave has no privilege to get launch token."}, ++ {CC_ERROR_SERVICE_INVALID_PRIVILEGE, "Enclave not authorized to run."}, + {CC_ERROR_EPID_MEMBER_REVOKED, "The EPID group membership is revoked."}, + {CC_ERROR_UPDATE_NEEDED, "SDK need to be update."}, + {CC_ERROR_MC_NOT_FOUND, "The Monotonic Counter doesn't exist or has been invalided."}, +diff --git a/src/host_src/sgx/sgx_enclave.c b/src/host_src/sgx/sgx_enclave.c +index b37c748..a40c408 100644 +--- a/src/host_src/sgx/sgx_enclave.c ++++ b/src/host_src/sgx/sgx_enclave.c +@@ -59,6 +59,8 @@ cc_enclave_result_t conversion_res_status(uint32_t enclave_res, enclave_type_ver + return CC_ERROR_OUT_OF_TCS; + case SGX_ERROR_ENCLAVE_CRASHED: + return CC_ERROR_ENCLAVE_DEAD; ++ case SGX_ERROR_SERVICE_INVALID_PRIVILEGE: ++ return CC_ERROR_SERVICE_INVALID_PRIVILEGE; + default: + return CC_ERROR_UNEXPECTED; + } +@@ -131,7 +133,7 @@ cc_enclave_result_t _sgx_create(cc_enclave_t **enclave, const enclave_features_t + NULL, &(l_context->edi), NULL); + if (sgx_res != SGX_SUCCESS) { + res = conversion_res_status(sgx_res, (*enclave)->type); +- print_error_goto("Failed to create sgx enclave %s\n",cc_enclave_res2_str(res)); ++ print_error_goto("Failed to create sgx enclave\n"); + } + break; + case 1: +-- +2.27.0 + diff --git a/0013-fix-error-print.patch b/0013-fix-error-print.patch new file mode 100644 index 0000000..eadc8dd --- /dev/null +++ b/0013-fix-error-print.patch @@ -0,0 +1,25 @@ +From c9938ba0cf6b79b341efb18501827daea67c96ad Mon Sep 17 00:00:00 2001 +From: whzhe +Date: Thu, 11 Mar 2021 16:45:20 +0800 +Subject: [PATCH 5/6] fix error print + +--- + tools/codegener/intel/Util.ml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/codegener/intel/Util.ml b/tools/codegener/intel/Util.ml +index f5f9afc..a77637e 100644 +--- a/tools/codegener/intel/Util.ml ++++ b/tools/codegener/intel/Util.ml +@@ -187,7 +187,7 @@ let get_file_path (fname: string) = + try + List.find Sys.file_exists fn_list + with +- Not_found -> failwithf "File not found within search paths: %s\n" fname ++ Not_found -> failwithf "File not found within search paths or search paths is permisson denied: %s\n" fname + + (* Get the short name of the given file name. + * ------------------------------------------ +-- +2.27.0 + diff --git a/0014-set-umask-in-sign_tool.sh.patch b/0014-set-umask-in-sign_tool.sh.patch new file mode 100644 index 0000000..37e6220 --- /dev/null +++ b/0014-set-umask-in-sign_tool.sh.patch @@ -0,0 +1,24 @@ +From c5b813e96262f2af0596d8c5e164aafcd64fb60c Mon Sep 17 00:00:00 2001 +From: yanlu +Date: Fri, 12 Mar 2021 11:42:11 +0800 +Subject: [PATCH 6/6] set umask in sign_tool.sh + +--- + tools/sign_tool/sign_tool.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh +index 9aaf663..8f2189c 100755 +--- a/tools/sign_tool/sign_tool.sh ++++ b/tools/sign_tool/sign_tool.sh +@@ -265,6 +265,7 @@ if [ -z $OUT_FILE ]; then + echo "Error: missing out file" + exit -1 + fi ++umask 0077 + check_results=`uname -m` + if [ "${ENCLAVE_TYPE}"x == "sgx"x ]; then + if [ "${check_results}"x != "x86_64"x ]; then +-- +2.27.0 + diff --git a/secGear.spec b/secGear.spec index eb77b0a..61ac839 100644 --- a/secGear.spec +++ b/secGear.spec @@ -1,6 +1,6 @@ Name: secGear Version: 0.1.0 -Release: 6%{?dist} +Release: 7%{?dist} Summary: secGear is an SDK to develop confidential computing apps based on hardware enclave features ExclusiveArch: x86_64 @@ -9,6 +9,21 @@ License: Mulan PSL v2 URL: https://gitee.com/openeuler/secGear Source0: https://gitee.com/openeuler/secGear/repository/archive/v%{version}.tar.gz +Patch0: 0001-add-README.cn.md.patch +Patch1: 0002-it-is-better-to-define-enum-from-0-rather-than-1.patch +Patch2: 0003-update-README.cn.md.patch +Patch3: 0004-update-README.cn.md.patch +Patch4: 0005-delete-unnecessary-README.cn.md.patch +Patch5: 0006-fix-issues-about-double-create-destory.patch +Patch6: 0007-to-make-secGear-log-more-clear.patch +Patch7: 0008-modify-path-error.patch +Patch8: 0009-fix-sgxssl-edl.patch +Patch9: 0010-update-docs-build_install.md.patch +Patch10: 0011-modify-the-prompt-information.patch +Patch11: 0012-parse-new-error-code-and-del-redundant-print.patch +Patch12: 0013-fix-error-print.patch +Patch13: 0014-set-umask-in-sign_tool.sh.patch + BuildRequires: gcc python3 automake autoconf libtool BUildRequires: glibc glibc-devel %ifarch x86_64 @@ -99,6 +114,9 @@ rm %{buildroot}/home* -rf %endif %changelog +* Mon Mar 15 2021 zhangguangzhi - 0.1.0-7 +- DESC: backport patch + * Wed Mar 10 2021 chenmaodong - 0.1.0-6 - DESC: change requires from linux-sgx-sdk to sgxsdk -- Gitee