diff --git a/0040-fix-context-without-free-error.patch b/0040-fix-context-without-free-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..6592fdca70501e1ac321e869900203dbd4510528 --- /dev/null +++ b/0040-fix-context-without-free-error.patch @@ -0,0 +1,166 @@ +From 4c4ec07217a59ff96d975a7091116dcd149ce1e5 Mon Sep 17 00:00:00 2001 +From: yanlu +Date: Mon, 21 Jun 2021 15:57:26 +0800 +Subject: [PATCH] fix context without free error + +--- + examples/helloworld/host/main.c | 24 +++++++++++++----------- + examples/lrt/host/main.c | 18 ++++++------------ + examples/tls_enclave/host/main.c | 20 +++++++++----------- + 3 files changed, 28 insertions(+), 34 deletions(-) + +diff --git a/examples/helloworld/host/main.c b/examples/helloworld/host/main.c +index a26fb6f..0d61c62 100644 +--- a/examples/helloworld/host/main.c ++++ b/examples/helloworld/host/main.c +@@ -29,28 +29,28 @@ int main() + if (!context) { + return CC_ERROR_OUT_OF_MEMORY; + } +- cc_enclave_result_t res; ++ cc_enclave_result_t res = CC_FAIL; + + printf("Create secgear enclave\n"); + + char real_p[PATH_MAX]; + /* check file exists, if not exist then use absolute path */ + if (realpath(path, real_p) == NULL) { +- if (getcwd(real_p, sizeof(real_p)) == NULL) { +- printf("Cannot find enclave.sign.so"); +- return -1; +- } +- if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { +- printf("Failed to strcat enclave.sign.so path"); +- return -1; +- } +- (void)strcat(real_p, "/enclave.signed.so"); ++ if (getcwd(real_p, sizeof(real_p)) == NULL) { ++ printf("Cannot find enclave.sign.so"); ++ goto end; ++ } ++ if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { ++ printf("Failed to strcat enclave.sign.so path"); ++ goto end; ++ } ++ (void)strcat(real_p, "/enclave.signed.so"); + } + + res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, context); + if (res != CC_SUCCESS) { + printf("Create enclave error\n"); +- return res; ++ goto end; + } + + res = get_string(context, &retval, buf); +@@ -64,5 +64,7 @@ int main() + if(res != CC_SUCCESS) { + printf("Destroy enclave error\n"); + } ++end: ++ free(context); + return res; + } +diff --git a/examples/lrt/host/main.c b/examples/lrt/host/main.c +index 5108f67..ab3079f 100644 +--- a/examples/lrt/host/main.c ++++ b/examples/lrt/host/main.c +@@ -24,11 +24,7 @@ int main() + int retval = 0; + char *path = PATH; + char buf[BUF_LEN]; +- cc_enclave_t *context = NULL; +- context = (cc_enclave_t*)malloc(sizeof(cc_enclave_t)); +- if (!context) { +- return CC_ERROR_OUT_OF_MEMORY; +- } ++ cc_enclave_t context = {0}; + cc_enclave_result_t res; + + printf("Create secgear enclave\n"); +@@ -47,14 +43,14 @@ int main() + (void)strcat(real_p, "/enclave.signed.so"); + } + +- res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, context); ++ res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); + if (res != CC_SUCCESS) { + printf("Create enclave error\n"); + return res; + } + + while(true) { +- res = get_string(context, &retval, buf); ++ res = get_string(&context, &retval, buf); + if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { + printf("Ecall enclave error\n"); + goto out; +@@ -65,11 +61,9 @@ int main() + } + + out: +- if (context != NULL) { +- res = cc_enclave_destroy(context); +- if(res != CC_SUCCESS) { +- printf("Destroy enclave error\n"); +- } ++ res = cc_enclave_destroy(&context); ++ if(res != CC_SUCCESS) { ++ printf("Destroy enclave error\n"); + } + return res; + } +diff --git a/examples/tls_enclave/host/main.c b/examples/tls_enclave/host/main.c +index c801558..56d1563 100644 +--- a/examples/tls_enclave/host/main.c ++++ b/examples/tls_enclave/host/main.c +@@ -125,11 +125,8 @@ int start_server(int port) + int main(int argc, const char *argv[]) + { + char *path = PATH; +- cc_enclave_t *context = NULL; +- context = (cc_enclave_t*)malloc(sizeof(cc_enclave_t)); +- if (!context) { +- return CC_ERROR_OUT_OF_MEMORY; +- } ++ cc_enclave_t context_data = {0}; ++ cc_enclave_t *context = &context_data; + struct sockaddr_in client_addr; + socklen_t client_len; + int server_fd = -1; +@@ -148,13 +145,16 @@ int main(int argc, const char *argv[]) + } + tlsc_fd = accept(server_fd, (struct sockaddr *)&client_addr, &client_len); + if (tlsc_fd < 0) { ++ close(server_fd); + return CC_FAIL; + } + printf("Create secgear enclave\n"); + res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, context); + if (res != CC_SUCCESS) { + printf("Create enclave error\n"); +- goto end; ++ close(tlsc_fd); ++ close(server_fd); ++ return CC_FAIL; + } + res = get_password_and_seal_key(context, argv[3], ENC_KEY_FILE_NAME); + if (res != CC_SUCCESS) { +@@ -171,11 +171,9 @@ int main(int argc, const char *argv[]) + printf("enclve tls finish\n"); + + end: +- if (context != NULL) { +- res = cc_enclave_destroy(context); +- if(res != CC_SUCCESS) { +- printf("Destroy enclave error\n"); +- } ++ res = cc_enclave_destroy(context); ++ if(res != CC_SUCCESS) { ++ printf("Destroy enclave error\n"); + } + close(tlsc_fd); + close(server_fd); +-- +1.8.3.1 + diff --git a/0041-fix-logs-redirection-error-and-delete-rsa_public_key.patch b/0041-fix-logs-redirection-error-and-delete-rsa_public_key.patch new file mode 100644 index 0000000000000000000000000000000000000000..486269fdf9e6b7bda2f6837db14378664a9d5f17 --- /dev/null +++ b/0041-fix-logs-redirection-error-and-delete-rsa_public_key.patch @@ -0,0 +1,50 @@ +From a3a3a1e9e19f5595cb66fdc7928da70ca9f250a5 Mon Sep 17 00:00:00 2001 +From: chenmaodong +Date: Wed, 8 Sep 2021 16:48:05 +0800 +Subject: [PATCH] fix logs redirection error and delete + rsa_public_key_cloud.pem + +PrintInfo will send the message from enclave to host with a program +name "[secGear]", however it'll print the wrong program name while +there are multi threads, so we delete this rule. On the same time, we +delete rsa_public_key_cloud.pem, because itrustee_sdk will provide it + +Signed-off-by: chenmaodong +--- + conf/rsyslog.d/secgear.conf | 3 +-- + tools/sign_tool/cloud/rsa_public_key_cloud.pem | 11 ----------- + 2 files changed, 1 insertion(+), 13 deletions(-) + delete mode 100644 tools/sign_tool/cloud/rsa_public_key_cloud.pem + +diff --git a/conf/rsyslog.d/secgear.conf b/conf/rsyslog.d/secgear.conf +index b835a94..7f1d898 100644 +--- a/conf/rsyslog.d/secgear.conf ++++ b/conf/rsyslog.d/secgear.conf +@@ -1,6 +1,5 @@ + #Do not modify this file +-if (($programname == 'teeos') or ($programname == 'secGear')) and \ +- ($msg contains '[secGear]') then { ++if ($msg contains '[secGear]') then { + action(type="omfile" fileCreateMode="0600" file="/var/log/secgear/secgear.log") + stop + } +diff --git a/tools/sign_tool/cloud/rsa_public_key_cloud.pem b/tools/sign_tool/cloud/rsa_public_key_cloud.pem +deleted file mode 100644 +index a321f63..0000000 +--- a/tools/sign_tool/cloud/rsa_public_key_cloud.pem ++++ /dev/null +@@ -1,11 +0,0 @@ +------BEGIN PUBLIC KEY----- +-MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzAPwbnbgBg7JgXERA9Bx +-p7GLI1S3e1zL83RMd2+GXb6kO4yMKUL3NUCE2HhA2BtQYmLyGovx59UUcKnU58is +-Xux++kH+A2shmOPjYvEFuX0Kt8tc19b8M9b/iHsY8ZmKykqia2a5U+IrECRFJo5p +-DWUnl7jrHVtq78BSR1c7iXG1frrEC0AYCuqKJo/fxfmOKL0Y9mENCB3nAwjn9unD +-BsO/OhkqvvB3nkeuMfNKPh4wCqtQPve13eTojbuxjX/3ePijplTI5X2Gr+n6Ximn +-fYRlytQmMgMl/db0ARSKNApq9bmwzVNrnGWWZWJksdRvf6iL7t17Gs4L9AApOuC9 +-WkzxPvwp5ZUqjsGd4oJGWeC6ZE6BTw2vxE+xMFI9uAKHxq9pBKkcGMa0g4fANNNV +-+W+8JZGanxEXKB3y/M7BCyQAPCWOHC/RNjmRA1gczLYCPzC4pWu935UZdF1RR6zY +-CD3t+FoOGGET/g4CwWgyhb5qkp65Hs6ayYt/DUAqo+yBAgMBAAE= +------END PUBLIC KEY----- +-- +1.8.3.1 + diff --git a/0042-Fix-format-and-non-standard-coding-of-sigh_tool.sh-s.patch b/0042-Fix-format-and-non-standard-coding-of-sigh_tool.sh-s.patch new file mode 100644 index 0000000000000000000000000000000000000000..fc6425ef1d7684945ce8d63e30ed4dfce90b965b --- /dev/null +++ b/0042-Fix-format-and-non-standard-coding-of-sigh_tool.sh-s.patch @@ -0,0 +1,325 @@ +From f8264a32459ca98b5607f1841b6a3d0876d709f0 Mon Sep 17 00:00:00 2001 +From: blue +Date: Thu, 14 Oct 2021 03:59:23 +0000 +Subject: [PATCH] Fix format and non-standard coding of sigh_tool.sh script + +--- + tools/sign_tool/sign_tool.sh | 205 ++++++++++++++++++++++--------------------- + 1 file changed, 103 insertions(+), 102 deletions(-) + +diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh +index 0435a67..8f50ff5 100755 +--- a/tools/sign_tool/sign_tool.sh ++++ b/tools/sign_tool/sign_tool.sh +@@ -9,19 +9,21 @@ + # See the Mulan PSL v2 for more details. + + #!/bin/bash +-VERSION=3 + API_LEVEL=2 + ONE_STEP_MODE=1 + +-localpath="$(cd "$(dirname "$0")"; pwd)" ++localpath="$( ++ cd "$(dirname "$0")" || exit -1 ++ pwd ++)" + pypath="/lib/secGear" +-if [ -f ${localpath}/signtool_v3.py ]; then ++if [ -f "${localpath}/signtool_v3.py" ]; then + signtoolpath=${localpath} + else + signtoolpath=${pypath} + fi + +-print_help(){ ++print_help() { + echo "sign tool usage: ./sign_tool.sh [options] ..." + echo "[options]" + echo "-c basic config file." +@@ -44,81 +46,81 @@ print_help(){ + + } + +-while getopts "c:d:i:k:m:o:p:s:x:h" opt +-do ++while getopts "c:d:i:k:m:o:p:s:x:h" opt; do + case $opt in + c) +- if [[ $OPTARG == -* ]]; then +- echo "Error: parameter for -c is missing or incorrect" +- exit -1 +- fi +- CONFIG_FILE=$OPTARG +- ;; ++ if [[ $OPTARG == -* ]]; then ++ echo "Error: parameter for -c is missing or incorrect" ++ exit -1 ++ fi ++ CONFIG_FILE=$OPTARG ++ ;; + d) +- if [[ $OPTARG == -* ]]; then +- echo "Error: parameter for -d is missing or incorrect" +- exit -1 +- fi +- typeset -l CMD +- CMD=$OPTARG +- ;; ++ if [[ $OPTARG == -* ]]; then ++ echo "Error: parameter for -d is missing or incorrect" ++ exit -1 ++ fi ++ typeset -l CMD ++ CMD=$OPTARG ++ ;; + i) +- if [[ $OPTARG == -* ]]; then +- echo "Error: parameter for -i is missing or incorrect" +- exit -1 +- fi +- IN_ENCLAVE=$OPTARG +- ;; ++ if [[ $OPTARG == -* ]]; then ++ echo "Error: parameter for -i is missing or incorrect" ++ exit -1 ++ fi ++ IN_ENCLAVE=$OPTARG ++ ;; + k) +- if [[ $OPTARG == -* ]]; then +- echo "Error: parameter for -k is missing or incorrect" +- exit -1 +- fi +- SIG_KEY=$OPTARG +- ;; ++ if [[ $OPTARG == -* ]]; then ++ echo "Error: parameter for -k is missing or incorrect" ++ exit -1 ++ fi ++ SIG_KEY=$OPTARG ++ ;; + m) +- if [[ $OPTARG == -* ]]; then +- echo "Error: parameter for -m is missing or incorrect" +- exit -1 +- fi +- A_CONFIG_FILE=$OPTARG +- ;; ++ if [[ $OPTARG == -* ]]; then ++ echo "Error: parameter for -m is missing or incorrect" ++ exit -1 ++ fi ++ A_CONFIG_FILE=$OPTARG ++ ;; + o) +- if [[ $OPTARG == -* ]]; then +- echo "Error: parameter for -o is missing or incorrect" +- exit -1 +- fi +- OUT_FILE=$OPTARG +- ;; ++ if [[ $OPTARG == -* ]]; then ++ echo "Error: parameter for -o is missing or incorrect" ++ exit -1 ++ fi ++ OUT_FILE=$OPTARG ++ ;; + p) +- if [[ $OPTARG == -* ]]; then +- echo "Error: parameter for -p is missing or incorrect" +- exit -1 +- fi +- SERVER_PUBKEY=$OPTARG +- ;; ++ if [[ $OPTARG == -* ]]; then ++ echo "Error: parameter for -p is missing or incorrect" ++ exit -1 ++ fi ++ SERVER_PUBKEY=$OPTARG ++ ;; + s) +- if [[ $OPTARG == -* ]]; then +- echo "Error: parameter for -s is missing or incorrect" +- exit -1 +- fi +- SIGNATURE=$OPTARG +- ;; ++ if [[ $OPTARG == -* ]]; then ++ echo "Error: parameter for -s is missing or incorrect" ++ exit -1 ++ fi ++ SIGNATURE=$OPTARG ++ ;; + x) +- if [[ $OPTARG == -* ]]; then +- echo "Error: parameter for -x is missing or incorrect" +- exit -1 +- fi +- typeset -l ENCLAVE_TYPE +- ENCLAVE_TYPE=$OPTARG +- ;; ++ if [[ $OPTARG == -* ]]; then ++ echo "Error: parameter for -x is missing or incorrect" ++ exit -1 ++ fi ++ typeset -l ENCLAVE_TYPE ++ ENCLAVE_TYPE=$OPTARG ++ ;; + h) +- print_help +- exit 0 +- ;; ++ print_help ++ exit 0 ++ ;; + ?) +- print_help +- exit -1 ++ print_help ++ exit -1 ++ ;; + esac + done + if [ ${OPTIND} == 1 ]; then +@@ -126,103 +128,102 @@ if [ ${OPTIND} == 1 ]; then + exit 0 + fi + +-itrustee_start_sign(){ +-# check_native_sign +- if [ -z $A_CONFIG_FILE ]; then ++itrustee_start_sign() { ++ # check_native_sign ++ if [ -z "$A_CONFIG_FILE" ]; then + echo "Error: missing additional config_cloud.ini file for signing iTrustee enclave" + exit -1 + fi + + if [ "${CMD}"x == "sign"x ]; then +- if [ -z $SIGNATURE ]; then ++ if [ -z "$SIGNATURE" ]; then + ONE_STEP_MODE=1 +- if [ -z $CONFIG_FILE ]; then ++ if [ -z "$CONFIG_FILE" ]; then + echo "Error: missing basic config file for signing iTrustee enclave" + exit -1 + fi +- if [ -z $IN_ENCLAVE ]; then ++ if [ -z "$IN_ENCLAVE" ]; then + echo "Error: missing enclave file" + exit -1 + fi +- python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" ++ python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" + else + ONE_STEP_MODE=0 + python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "NULL" "${OUT_FILE}" "NULL" "${A_CONFIG_FILE}" "${API_LEVEL}" "${SIGNATURE}" + fi + elif [ "${CMD}"x == "digest"x ]; then + ONE_STEP_MODE=0 +- if [ -z $CONFIG_FILE ]; then ++ if [ -z "$CONFIG_FILE" ]; then + echo "Error: missing config file for signing iTrustee enclave" + exit -1 + fi +- if [ -z $IN_ENCLAVE ]; then ++ if [ -z "$IN_ENCLAVE" ]; then + echo "Error: missing enclave file" + exit -1 + fi +- python ${signtoolpath}/signtool_v3.py "digest" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" ++ python ${signtoolpath}/signtool_v3.py "digest" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" + else + echo "Error: illegal command" + fi + } + +-sgx_start_sign(){ +- if [ -z $IN_ENCLAVE ]; then ++sgx_start_sign() { ++ if [ -z "$IN_ENCLAVE" ]; then + echo "Error: missing enclave file" + exit -1 + fi + SIGDATA_FILE="signdata" + if [ "${CMD}"x == "sign"x ]; then +- if [ -z $SIGNATURE ]; then +- if [ -z $SIG_KEY ]; then +- echo "Error: missing sign key" +- exit -1 +- fi +- if [ -z $CONFIG_FILE ]; then +- sgx_sign sign -enclave ${IN_ENCLAVE} -key ${SIG_KEY} -out ${OUT_FILE} ++ if [ -z "$SIGNATURE" ]; then ++ if [ -z "$SIG_KEY" ]; then ++ echo "Error: missing sign key" ++ exit -1 ++ fi ++ if [ -z "$CONFIG_FILE" ]; then ++ sgx_sign sign -enclave "${IN_ENCLAVE}" -key "${SIG_KEY}" -out "${OUT_FILE}" + else +- sgx_sign sign -enclave ${IN_ENCLAVE} -key ${SIG_KEY} -out ${OUT_FILE} -config ${CONFIG_FILE} ++ sgx_sign sign -enclave "${IN_ENCLAVE}" -key "${SIG_KEY}" -out "${OUT_FILE}" -config "${CONFIG_FILE}" + fi + else +- if [ -z $SERVER_PUBKEY ]; then ++ if [ -z "$SERVER_PUBKEY" ]; then + echo "Error: missing server public key" + exit -1 +- fi +- if [ -z $CONFIG_FILE ]; then +- sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsigned ${SIGDATA_FILE} -out ${OUT_FILE} ++ fi ++ if [ -z "$CONFIG_FILE" ]; then ++ sgx_sign catsig -enclave "${IN_ENCLAVE}" -key "${SERVER_PUBKEY}" -sig "${SIGNATURE}" -unsigned "${SIGDATA_FILE}" -out "${OUT_FILE}" + else +- sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsigned ${SIGDATA_FILE} -out ${OUT_FILE} -config ${CONFIG_FILE} ++ sgx_sign catsig -enclave "${IN_ENCLAVE}" -key "${SERVER_PUBKEY}" -sig "${SIGNATURE}" -unsigned "${SIGDATA_FILE}" -out "${OUT_FILE}" -config "${CONFIG_FILE}" + fi + rm -rf ${SIGDATA_FILE} + fi + elif [ "${CMD}"x == "digest"x ]; then +- if [ -z $CONFIG_FILE ]; then +- sgx_sign gendata -enclave ${IN_ENCLAVE} -out ${SIGDATA_FILE} ++ if [ -z "$CONFIG_FILE" ]; then ++ sgx_sign gendata -enclave "${IN_ENCLAVE}" -out "${SIGDATA_FILE}" + else +- sgx_sign gendata -enclave ${IN_ENCLAVE} -out ${SIGDATA_FILE} -config ${CONFIG_FILE} ++ sgx_sign gendata -enclave "${IN_ENCLAVE}" -out "${SIGDATA_FILE}" -config "${CONFIG_FILE}" + fi +- cp ${SIGDATA_FILE} ${OUT_FILE} ++ cp "${SIGDATA_FILE}" "${OUT_FILE}" + elif [ "${CMD}"x == "dump"x ]; then +- sgx_sign dump -enclave ${IN_ENCLAVE} -dumpfile ${OUT_FILE} ++ sgx_sign dump -enclave "${IN_ENCLAVE}" -dumpfile "${OUT_FILE}" + else + echo "Error: illegal command" + fi + } + +- +-if [ -z $CMD ]; then ++if [ -z "$CMD" ]; then + echo "Error: missing command" + exit -1 + fi +-if [ -z $ENCLAVE_TYPE ]; then ++if [ -z "$ENCLAVE_TYPE" ]; then + echo "Error: missing enclave type" + exit -1 + fi +-if [ -z $OUT_FILE ]; then ++if [ -z "$OUT_FILE" ]; then + echo "Error: missing out file" + exit -1 + fi + umask 0077 +-check_results=`uname -m` ++check_results=$(uname -m) + if [ "${ENCLAVE_TYPE}"x == "sgx"x ]; then + if [ "${check_results}"x != "x86_64"x ]; then + echo "Warning: the enclave type does not comply with current architecture" +-- +1.8.3.1 + diff --git a/0043-Optimize-README-in-English.patch b/0043-Optimize-README-in-English.patch new file mode 100644 index 0000000000000000000000000000000000000000..05009d8b133f694d7a6d69dc8b0435a41c3b6c4f --- /dev/null +++ b/0043-Optimize-README-in-English.patch @@ -0,0 +1,253 @@ +From e1be05934ae4ac8df1cc9e97e826ef47539a487c Mon Sep 17 00:00:00 2001 +From: blue +Date: Thu, 17 Jun 2021 20:41:18 +0800 +Subject: [PATCH] Optimize README in English + +--- + README.en.md | 85 ++++++++++++++++++++++++++++++------------------------------ + 1 file changed, 42 insertions(+), 43 deletions(-) + +diff --git a/README.en.md b/README.en.md +index ec7ada0..8d5f80a 100644 +--- a/README.en.md ++++ b/README.en.md +@@ -7,7 +7,7 @@ Introduction + ----------- + + secGear is an SDK to develop confidential computing apps based on hardware enclave features. The target is to use +-single source code for developers to develop apps running on different hardware. Currently secGear support Intel SGX ++single source code for developers to develop apps running on different hardware. Currently secGear supports Intel SGX + and iTrustee running in ARM Trustzone. + + Build and Install +@@ -32,11 +32,11 @@ Assuming the development directory is .../secGear/examples/test/ + + include "secgear_urts.h", from "secgear_tstdc.edl" import *, to shield the difference between sgx and iTrustee when + calling the C library. So as long as you use the c library functions, for the consistency of your development code, +-the default is to import these two files. ++the two files need be imported. + + For details about edl syntax, please refer to the sgx development document Enclave Definition Language Syntax section. + At present, sgx and iTrustee are compatible with each other in basic types, pointer buffers, and deep copy of +-structures, but currently only sgx supports such things as user_check, Granting Access to ECALLs, Using Switchless ++structures, but currently only sgx supports features like user_check, Granting Access to ECALLs, Using Switchless + Calls and so on. + + Then save as test.edl +@@ -64,8 +64,8 @@ Then save as test.edl + add_subdirectory(${CURRENT_ROOT_PATH}/enclave) + add_subdirectory(${CURRENT_ROOT_PATH}/host) + +-Set the CODETYPE EDL_FILE and CODETYPE attributes, which will be used when automatically generated later. +-On the arm platform, the build enclave image needs to be named with a unique UUID, so it is dynamically uniquely ++Set the CODETYPE EDL_FILE and CODETYPE attributes, which will be used when automatically generating code later. ++On ARM platform, the enclave image needs be named with a unique UUID, so it is dynamically uniquely + generated using the uuidgen command. The defined DPATH macro is used when loading the enclave image. + + +@@ -104,19 +104,19 @@ generated using the uuidgen command. The defined DPATH macro is used when loadin + return res; + } + +-#include "enclave.h", import the secGear header file, #include "test_u.h" import the automatically generated code ++#include "enclave.h", to import the secGear header file, #include "test_u.h" to import the automatically generated code + header file. Next, call cc_enclave_create(...) to create the enclave context, and then call the wrapper of the + interface described in the edl file to enter the enclave to execute confidential code. + Finally, call cc_enclave_destroy(...) to destroy the enclave context. + + Note that the interface called here has more context and retval parameters than defined in edl file before. +-This is because this function, generated by the automatic code generation tool according to edl, is a wrapper about +-the real enclave code, and its declaration is in the test_u.h header file. Where the context parameter it is the ++This is because this function, generated by the automatic code generation tool according to edl, is a wrapper of ++the real enclave code, and its declaration is in the test_u.h header file. Where the context parameter is the + cc_enclave_t * context created before, and retval is the return value of the function defined in edl, and the res + parameter is the return value of the wrapped function. The prefix of test_u.h is consistent with the prefix of test.edl. + + If the function defined in edl does not return a value, such as "public void get_string([out, size=32]char *buf);", +-then the prototype called by the user will be "res = get_string(context, buf);". ++the prototype called by the user will be "res = get_string(context, buf);". + + According to these rules, you can write code when the wrapper function is not generated by code generation tool and + place the wrapper function generation in the compilation phase, which simplifies the development and compilation steps. +@@ -187,7 +187,7 @@ In the case of iTrustee, set the search paths of the header file and compile the + endif() + endif() + +-In the case of sgx, set the search paths of the header file and compile the final non-secure binary. ++In the case of SGX, set the search paths of the header file and compile the final non-secure binary. + + if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim) +@@ -238,7 +238,7 @@ interface description in test.edl. + #set sign key + set(PEM Enclave_private.pem) + +-Set the name used to sign the enclave private key ++Set the private key file name used to sign the enclave binary + + #set sign tool + set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) +@@ -265,10 +265,9 @@ Set sign tool and the security side log printing level + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) + endif() + +-WHITE_LIS_X sets the whitelist of itrustee, only the host binary of these paths can call this secure image, ++WHITE_LIS_X sets the whitelist of iTrustee, only the host binaries in these paths can call this secure image, + and up to 8 list paths can be configured. WHITE_LIST_OWNER set user, this user will be applied to all whitelist paths. +-Finally, set the name of the security side image after the final signature, and +-generate auxiliary code. ++Finally, set the name of the security image after the final signing, and generate auxiliary code. + + if(CC_SGX) + set(OUTPUT enclave.signed.so) +@@ -278,7 +277,7 @@ generate auxiliary code. + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SGXSDK}/include) + endif() + +-In the case of sgx, set the name of the security side image after the final signature, and generate auxiliary code. ++In the case of SGX, set the name of the security image after the final signing, and generate auxiliary code. + + set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ +@@ -287,9 +286,9 @@ In the case of sgx, set the name of the security side image after the final sign + + set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + +-Set the security side, no matter whether it is sgx or itrustee will use some compilation and link options, for ++Set the security side, no matter whether it is SGX or iTrustee will use some compilation and link options, for + example, because the security side is different from the non-secure side, the default library of host OS cannot be used, +-so -nostdinc -nodefaultlibs -nostdlib -nodefaultlibs compile link options was introduced. ++so -nostdinc -nodefaultlibs -nostdlib -nodefaultlibs compile link options is introduced. + + if(CC_GP) + configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt") +@@ -344,11 +343,11 @@ so -nostdinc -nodefaultlibs -nostdlib -nodefaultlibs compile link options was in + + endif() + +-In the case of iTrustee, generate the configuration file manifest.txt, which details of the configuration file will +-be explained later, specify some compilation options related to itrustee, set the search paths of the header file and +-the link file, and compile the enclave binary. ++In the case of iTrustee, generate the configuration file manifest.txt, and details of the configuration file will ++be explained later, specify some compilation options related to iTrustee, set the search paths of the header file and ++the link file, and build the enclave binary. + +-Regarding the use of itrustee ocall, there are some other notes, which will be introduced later. Then define the ++Regarding the use of iTrustee ocall, there are some other notes, which will be introduced later. Then define the + whitelist macro. Next, you need to link to the secgear_tee library, in which there are interfaces for generating + random numbers, seal, unseal, etc. The last step is to sign and install. + +@@ -398,14 +397,14 @@ random numbers, seal, unseal, etc. The last step is to sign and install. + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) + endif() + +-In the case of sgx, specify some compilation, link options related to sgx. When linking libraries, sgx and itrustee +-are quite different. This is because itrustee is a secure OS with more capabilities, such as musl libc and openssl. +-When compiling and link itrustee's enclave, there is no need to link some basic libraries. But sgx has no OS concept. +-The basic library interfaces to be called on the security side are all given in the sgx sdk in the form of static +-libraries, so this requires us to link these static libraries, and in order to be able to use these static libraries ++In the case of SGX, specify some compilation and link options related to SGX. When linking libraries, SGX and iTrustee ++are quite different. This is because iTrustee is a secure OS with more capabilities, such as musl libc and openssl. ++When compiling and link itrustee's enclave, there is no need to link some basic libraries. But SGX has no OS concept. ++The basic library interfaces to be called on the security side are all given in the SGX sdk in form of static ++libraries, so it requires us to link these static libraries, and in order to be able to use these static libraries + correctly, some libraries must be linked between specified options, such as sgx_trts. + +-For more detailed information, please refer to the Makefile of sgx examples. Finally, sign the enclave with the ++For more detailed information, please refer to the Makefile of SGX examples. Finally, sign the enclave with the + configuration file, which will be introduced later. Note that secGear does not currently support remote authentication. + + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +@@ -414,13 +413,13 @@ Set some safe compilation options. + + #### 4.3 Enclave image configuration file + +-Write sgx enclave related configuration files +-The configuration content in the Enclave.config.xml and Enclave.lds files is the same as the official sgx ++Write SGX enclave related configuration files ++The configuration content in the Enclave.config.xml and Enclave.lds files is the same as the official SGX + configuration file. For details, please refer to the official development document. + +-Write itrustee related configuration files ++Write iTrustee related configuration files + The gpd.ta.appID in the manifest.txt.in file is the uuid configuration item, which is dynamically generated, +-and the other configuration items can refer to the itrustee development document. ++and the other configuration items can refer to the iTrustee development document. + + ### 5 build and install test + +@@ -443,12 +442,12 @@ impossible to directly develop the log function like the non-secure side, Theref + interface to record the security side log to the Syslog system. The related configuration files secgear and secgear.conf + have been installed in the system directory during the build and install secGear phase. + +-Note that when using on itrustee, you need to import the secgear_log.h header file, but sgx does not need it. +-Because sgx implements the log function through ocall, the relevant code is in the auxiliary code. And when the ++Note that when using on iTrustee, you need to import the secgear_log.h header file, but SGX does not need it. ++Because SGX implements the log function through ocall, the relevant code is in the auxiliary code. And when the + configuration file is installed, you need to run "systemctl restart rsyslog" to make the log effective. + +-Finally, in order to enable itrustee logs to be dumped to the place specified in the configuration file, you also +-need to run /vendor/bin/tlogcat -f. The tlogcat tool is a part of the itrustee sdk. ++Finally, in order to enable iTrustee logs to be dumped to the place specified in the configuration file, you also ++need to run /vendor/bin/tlogcat -f. The tlogcat tool is a part of the iTrustee sdk. + + The meaning of log level (set(PRINT_LEVEL 3)). + +@@ -457,38 +456,38 @@ The meaning of log level (set(PRINT_LEVEL 3)). + PRINT_STRACE 2 + PRINT_DEBUG 3 + +-At present, there are some differences in the usage of the log function. After the itrustee ocall function is stable, ++At present, there are some differences in the usage of the log function. After the iTrustee ocall function is stablized, + the usage will be unified. + + Use ocall + --------- + +-The secGear ocall function can be used normally on the sgx platform. There are currently restrictions on itrustee: ++The secGear ocall function can be used normally on the SGX platform. There are currently restrictions with iTrustee: + + only the specified a3d88d2a-ae2a-4ea5-a37d-35fc5f607e9e uuid can be used, + and two programs that enable ocall cannot be run at the same time, + and config cannot be enabled. ta.instanceKeepAlive. + +-Moreover, if the underlying itrustee does not enable ocall, the SDK will only report an error registration ocall failure, ++Moreover, if the underlying iTrustee does not enable ocall, the SDK will only report an error registration ocall failure, + and the ecall function can be used normally. + + Seal, generate random number interface + -------------------------------------- + + The related interface is defined in secgear_dataseal.h, secgear_random.h. For usage, please refer to examples/seal_data. +-Note: Since the feature for itrustee to derive keys is still not perfect, seal related interfaces are not currently +-supported on the itrustee platform. ++Note: Since the feature for iTrustee to derive keys is still not perfect, seal related interfaces are not currently ++supported on the iTrustee platform. + + Remote authentication capability is currently not supported. + ------------------------------------------------------------ + +-secGear does not currently support plc, switchless and other about sgx features. ++secGear does not currently support plc, switchless and other about SGX features. + -------------------------------------------------------------------------------- + + Learning More About codegener + ---------------------------- + +-secGear Introduce EDL (Enclave Description Languate) and intermediate code generation tool codegener. EDL is ++secGear introduces EDL (Enclave Description Languate) and intermediate code generation tool codegener. EDL is + compatible with Intel SGX's definition. + + - [Learn how to use codegener](./docs/codegener.md) +@@ -496,7 +495,7 @@ compatible with Intel SGX's definition. + Learning More About sign_tool + ----------------------------- + +-secGear introduce the signing tool to sign the enclave. ++secGear introduces the signing tool to sign the enclave. + + - [Learn how to use signing tool](./docs/sign_tool.md) + +-- +1.8.3.1 + diff --git a/0044-Optimize-Engilish-version-readme-file.patch b/0044-Optimize-Engilish-version-readme-file.patch new file mode 100644 index 0000000000000000000000000000000000000000..d4490d7273cf912d0eda1cb92fb47ae028369eab --- /dev/null +++ b/0044-Optimize-Engilish-version-readme-file.patch @@ -0,0 +1,95 @@ +From e436bc4efa36a1d83e4059d71e85311cada9b528 Mon Sep 17 00:00:00 2001 +From: blue +Date: Mon, 28 Jun 2021 08:44:03 +0000 +Subject: [PATCH] Optimize Engilish version readme file + +--- + README.en.md | 43 ++++++++++++++++++++++--------------------- + 1 file changed, 22 insertions(+), 21 deletions(-) + +diff --git a/README.en.md b/README.en.md +index 8d5f80a..617ccac 100644 +--- a/README.en.md ++++ b/README.en.md +@@ -6,9 +6,9 @@ secGear + Introduction + ----------- + +-secGear is an SDK to develop confidential computing apps based on hardware enclave features. The target is to use +-single source code for developers to develop apps running on different hardware. Currently secGear supports Intel SGX +-and iTrustee running in ARM Trustzone. ++secGear is an SDK to develop confidential computing apps based on hardware enclave features. The target is to write ++single source code for apps running on different hardware. Currently secGear supports Intel SGX and iTrustee running ++in ARM Trustzone. + + Build and Install + ---------------- +@@ -30,13 +30,13 @@ Assuming the development directory is .../secGear/examples/test/ + }; + }; + +-include "secgear_urts.h", from "secgear_tstdc.edl" import *, to shield the difference between sgx and iTrustee when +-calling the C library. So as long as you use the c library functions, for the consistency of your development code, +-the two files need be imported. ++include "secgear_urts.h", from "secgear_tstdc.edl" import *, to shield the difference between SGX and iTrustee when ++calling the C library. So as long as the C library functions are used, for the consistency of the source code, the two ++files need be imported. + +-For details about edl syntax, please refer to the sgx development document Enclave Definition Language Syntax section. +-At present, sgx and iTrustee are compatible with each other in basic types, pointer buffers, and deep copy of +-structures, but currently only sgx supports features like user_check, Granting Access to ECALLs, Using Switchless ++For details about edl syntax, please refer to the SGX development document Enclave Definition Language Syntax section. ++At present, SGX and iTrustee are compatible with each other in basic types, pointer buffers, and deep copy of ++structures, but currently only SGX supports features like user_check, Granting Access to ECALLs, Using Switchless + Calls and so on. + + Then save as test.edl +@@ -64,9 +64,9 @@ Then save as test.edl + add_subdirectory(${CURRENT_ROOT_PATH}/enclave) + add_subdirectory(${CURRENT_ROOT_PATH}/host) + +-Set the CODETYPE EDL_FILE and CODETYPE attributes, which will be used when automatically generating code later. +-On ARM platform, the enclave image needs be named with a unique UUID, so it is dynamically uniquely +-generated using the uuidgen command. The defined DPATH macro is used when loading the enclave image. ++Set the CODETYPE EDL_FILE and CODETYPE attributes, which are used when automatically generating code at later phase. ++On ARM platform, the enclave image needs be named with a unique UUID, so it is dynamically uniquely generated using ++the uuidgen command. The defined DPATH macro is used when loading the enclave image. + + + ### 3 Write the non-secure side code and CMakeLists.txt +@@ -104,22 +104,23 @@ generated using the uuidgen command. The defined DPATH macro is used when loadin + return res; + } + +-#include "enclave.h", to import the secGear header file, #include "test_u.h" to import the automatically generated code ++include "enclave.h", to import the secGear header file, include "test_u.h" to import the automatically generated code + header file. Next, call cc_enclave_create(...) to create the enclave context, and then call the wrapper of the + interface described in the edl file to enter the enclave to execute confidential code. + Finally, call cc_enclave_destroy(...) to destroy the enclave context. + +-Note that the interface called here has more context and retval parameters than defined in edl file before. +-This is because this function, generated by the automatic code generation tool according to edl, is a wrapper of +-the real enclave code, and its declaration is in the test_u.h header file. Where the context parameter is the +-cc_enclave_t * context created before, and retval is the return value of the function defined in edl, and the res +-parameter is the return value of the wrapped function. The prefix of test_u.h is consistent with the prefix of test.edl. ++Note that comparing to arguments defined in edl file, the interface called here has two more arguments, context and retval. ++This is because the function, generated by the automatic code generation tool according to edl, is a wrapper ofthe real ++enclave function, and its declaration is in the test_u.h header file. Where the context parameter is the ++cc_enclave_t * context created before calling the funciton, and retval is the return value of the function defined in edl, ++and the res argument is the return value of the wrapped function. The prefix of test_u.h is consistent with the prefix of ++test.edl. + + If the function defined in edl does not return a value, such as "public void get_string([out, size=32]char *buf);", +-the prototype called by the user will be "res = get_string(context, buf);". ++the interface called by the user would be "res = get_string(context, buf);". + +-According to these rules, you can write code when the wrapper function is not generated by code generation tool and +-place the wrapper function generation in the compilation phase, which simplifies the development and compilation steps. ++According to these rules, code can be written before the wrapper function is generated by code generation tool in the ++compilation phase, which simplifies the development and compilation steps. + + #### 3.2 Write the CMakeLists.txt file of the host. + +-- +1.8.3.1 + diff --git a/0045-Corrected-some-spelling-and-grammar-mistakes.patch b/0045-Corrected-some-spelling-and-grammar-mistakes.patch new file mode 100644 index 0000000000000000000000000000000000000000..bee02cb9a26feb5964ef66daf54b73bb588d00f4 --- /dev/null +++ b/0045-Corrected-some-spelling-and-grammar-mistakes.patch @@ -0,0 +1,83 @@ +From 5539ad4ee098358f594f4dbfb73b2a0d9ed975cb Mon Sep 17 00:00:00 2001 +From: lshelen23 +Date: Fri, 22 Oct 2021 08:17:15 +0000 +Subject: [PATCH] Corrected some spelling and grammar mistakes + +--- + README.en.md | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/README.en.md b/README.en.md +index 617ccac..0fddd9f 100644 +--- a/README.en.md ++++ b/README.en.md +@@ -110,9 +110,9 @@ interface described in the edl file to enter the enclave to execute confidential + Finally, call cc_enclave_destroy(...) to destroy the enclave context. + + Note that comparing to arguments defined in edl file, the interface called here has two more arguments, context and retval. +-This is because the function, generated by the automatic code generation tool according to edl, is a wrapper ofthe real ++This is because the function, generated by the automatic code generation tool according to edl, is a wrapper of the real + enclave function, and its declaration is in the test_u.h header file. Where the context parameter is the +-cc_enclave_t * context created before calling the funciton, and retval is the return value of the function defined in edl, ++cc_enclave_t * context created before calling the function, and retval is the return value of the function defined in edl, + and the res argument is the return value of the wrapped function. The prefix of test_u.h is consistent with the prefix of + test.edl. + +@@ -268,7 +268,7 @@ Set sign tool and the security side log printing level + + WHITE_LIS_X sets the whitelist of iTrustee, only the host binaries in these paths can call this secure image, + and up to 8 list paths can be configured. WHITE_LIST_OWNER set user, this user will be applied to all whitelist paths. +-Finally, set the name of the security image after the final signing, and generate auxiliary code. ++Finally, set the name of the security image after the final signing, and generate auxiliary code. + + if(CC_SGX) + set(OUTPUT enclave.signed.so) +@@ -345,8 +345,7 @@ so -nostdinc -nodefaultlibs -nostdlib -nodefaultlibs compile link options is int + endif() + + In the case of iTrustee, generate the configuration file manifest.txt, and details of the configuration file will +-be explained later, specify some compilation options related to iTrustee, set the search paths of the header file and +-the link file, and build the enclave binary. ++be explained later, specify some compilation options related to iTrustee, set the search paths of the header file and the link file, and build the enclave binary. + + Regarding the use of iTrustee ocall, there are some other notes, which will be introduced later. Then define the + whitelist macro. Next, you need to link to the secgear_tee library, in which there are interfaces for generating +@@ -398,7 +397,7 @@ random numbers, seal, unseal, etc. The last step is to sign and install. + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) + endif() + +-In the case of SGX, specify some compilation and link options related to SGX. When linking libraries, SGX and iTrustee ++In the case of SGX, specify some compilation and link options related to SGX. When linking libraries, SGX and iTrustee + are quite different. This is because iTrustee is a secure OS with more capabilities, such as musl libc and openssl. + When compiling and link itrustee's enclave, there is no need to link some basic libraries. But SGX has no OS concept. + The basic library interfaces to be called on the security side are all given in the SGX sdk in form of static +@@ -416,7 +415,7 @@ Set some safe compilation options. + + Write SGX enclave related configuration files + The configuration content in the Enclave.config.xml and Enclave.lds files is the same as the official SGX +-configuration file. For details, please refer to the official development document. ++configuration file. For details, please refer to the official development document. + + Write iTrustee related configuration files + The gpd.ta.appID in the manifest.txt.in file is the uuid configuration item, which is dynamically generated, +@@ -457,7 +456,7 @@ The meaning of log level (set(PRINT_LEVEL 3)). + PRINT_STRACE 2 + PRINT_DEBUG 3 + +-At present, there are some differences in the usage of the log function. After the iTrustee ocall function is stablized, ++At present, there are some differences in the usage of the log function. After the iTrustee ocall function is stabilized, + the usage will be unified. + + Use ocall +@@ -488,7 +487,7 @@ secGear does not currently support plc, switchless and other about SGX features. + Learning More About codegener + ---------------------------- + +-secGear introduces EDL (Enclave Description Languate) and intermediate code generation tool codegener. EDL is ++secGear introduces EDL (Enclave Description Language) and intermediate code generation tool codegener. EDL is + compatible with Intel SGX's definition. + + - [Learn how to use codegener](./docs/codegener.md) +-- +1.8.3.1 + diff --git a/secGear.spec b/secGear.spec index 9a945182eb32cca60c76dcac51ae1c096b20527f..4f683b02fd75c515286367f4704518849c7e73af 100644 --- a/secGear.spec +++ b/secGear.spec @@ -1,6 +1,6 @@ Name: secGear Version: 0.1.0 -Release: 20%{?dist} +Release: 22%{?dist} Summary: secGear is an SDK to develop confidential computing apps based on hardware enclave features @@ -48,6 +48,12 @@ Patch35: 0036-enclave-use-the-can-pull-image-from-hub.oepkgs.net.patch Patch36: 0037-add-description-about-file-parameter-path-for-sign_t.patch Patch37: 0038-fix-use-after-free-in-cc_enclave_create.patch Patch38: 0039-clean-memory-when-it-come-to-error_handle.patch +Patch39: 0040-fix-context-without-free-error.patch +Patch40: 0041-fix-logs-redirection-error-and-delete-rsa_public_key.patch +Patch41: 0042-Fix-format-and-non-standard-coding-of-sigh_tool.sh-s.patch +Patch42: 0043-Optimize-README-in-English.patch +Patch43: 0044-Optimize-Engilish-version-readme-file.patch +Patch44: 0045-Corrected-some-spelling-and-grammar-mistakes.patch BuildRequires: gcc python automake autoconf libtool BUildRequires: glibc glibc-devel cmake ocaml-dune rpm gcc-c++ @@ -104,10 +110,8 @@ install -d %{buildroot}/%{_includedir}/secGear install -d %{buildroot}/%{_bindir} install -pm 751 bin/codegen %{buildroot}/%{_bindir} install -pm 751 tools/sign_tool/sign_tool.sh %{buildroot}/%{_bindir} -install -d %{buildroot}/%{_sysconfdir}/secGear/cloud install -d %{buildroot}/lib/secGear/ install -pm 751 tools/sign_tool/*.py %{buildroot}/lib/secGear -install -pm 644 tools/sign_tool/cloud/rsa_public_key_cloud.pem %{buildroot}/%{_sysconfdir}/secGear/cloud %ifarch x86_64 install -pm 644 inc/host_inc/*.h %{buildroot}/%{_includedir}/secGear install -pm 644 inc/host_inc/sgx/*.h %{buildroot}/%{_includedir}/secGear @@ -149,7 +153,6 @@ popd %{_bindir}/* %{_includedir}/secGear/* /lib/secGear/* -%{_sysconfdir}/secGear/cloud/rsa_public_key_cloud.pem %ifarch x86_64 %files sim @@ -159,7 +162,16 @@ popd %{_libdir}/libsgxsim_0.so %endif +%post +systemctl restart rsyslog + %changelog +* Tue Jan 11 2022 houmingyong - 0.1.0-22 +- DESC: fix no secgear.log after install secGear-devel + +* Mon Oct 25 2021 gaoyusong - 0.1.0-21 +- DESC: backport some patches from openeuler secGear + * Mon Jul 19 2021 chenmaodong - 0.1.0-20 - DESC: add requires for secGear: libsgx-aesm-launch-plugin ocaml-dune