Loading pkgs/os-specific/linux/sgx/azure-dcap-client/default.nix +6 −6 Original line number Diff line number Diff line Loading @@ -16,7 +16,7 @@ let find "$out" -mindepth 1 -delete cp ${lib.concatStringsSep " " list} "$out/" ''; headers = linkFarmFromDrvs "azure-dcpa-client-intel-headers" [ headers = linkFarmFromDrvs "azure-dcap-client-intel-headers" [ (fetchFromGitHub rec { name = "${repo}-headers"; owner = "intel"; Loading Loading @@ -69,8 +69,8 @@ stdenv.mkDerivation rec { find -L '${headers}' -type f -exec ln -s {} src/Linux/ext/intel \; substitute src/Linux/Makefile{.in,} \ --replace '##CURLINC##' '${curl.dev}/include/curl/' \ --replace '$(TEST_SUITE): $(PROVIDER_LIB) $(TEST_SUITE_OBJ)' '$(TEST_SUITE): $(TEST_SUITE_OBJ)' --replace-fail '##CURLINC##' '${curl.dev}/include/curl/' \ --replace-fail '$(TEST_SUITE): $(PROVIDER_LIB) $(TEST_SUITE_OBJ)' '$(TEST_SUITE): $(TEST_SUITE_OBJ)' ''; env.NIX_CFLAGS_COMPILE = "-Wno-deprecated-declarations"; Loading @@ -84,11 +84,11 @@ stdenv.mkDerivation rec { # $(nix-build -A sgx-azure-dcap-client.tests.suite)/bin/tests passthru.tests.suite = callPackage ./test-suite.nix { }; meta = with lib; { meta = { description = "Interfaces between SGX SDKs and the Azure Attestation SGX Certification Cache"; homepage = "https://github.com/microsoft/azure-dcap-client"; maintainers = with maintainers; [ phlip9 trundle veehaitch ]; maintainers = with lib.maintainers; [ phlip9 trundle veehaitch ]; platforms = [ "x86_64-linux" ]; license = [ licenses.mit ]; license = [ lib.licenses.mit ]; }; } pkgs/os-specific/linux/sgx/psw/default.nix +19 −19 Original line number Diff line number Diff line Loading @@ -29,11 +29,11 @@ stdenv.mkDerivation rec { # Also include the Data Center Attestation Primitives (DCAP) platform # enclaves. dcap = rec { version = "1.20"; version = "1.21"; filename = "prebuilt_dcap_${version}.tar.gz"; prebuilt = fetchurl { url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}"; hash = "sha256-nPsI89KSBA3cSNTMWyktZP5dkf+BwL3NZ4MuUf6G98o="; hash = "sha256-/PPD2MyNxoCwzNljIFcpkFvItXbyvymsJ7+Uf4IyZuk="; }; }; in Loading Loading @@ -158,19 +158,19 @@ stdenv.mkDerivation rec { # is helpful to have properly patched versions for non-NixOS distributions. echo "Fixing aesmd.service" substituteInPlace $out/lib/systemd/system/aesmd.service \ --replace '@aesm_folder@' \ --replace-fail '@aesm_folder@' \ "$out/aesm" \ --replace 'Type=forking' \ --replace-fail 'Type=forking' \ 'Type=simple' \ --replace "ExecStart=$out/aesm/aesm_service" \ --replace-fail "ExecStart=$out/aesm/aesm_service" \ "ExecStart=$out/bin/aesm_service --no-daemon"\ --replace "/bin/mkdir" \ --replace-fail "/bin/mkdir" \ "${coreutils}/bin/mkdir" \ --replace "/bin/chown" \ --replace-fail "/bin/chown" \ "${coreutils}/bin/chown" \ --replace "/bin/chmod" \ --replace-fail "/bin/chmod" \ "${coreutils}/bin/chmod" \ --replace "/bin/kill" \ --replace-fail "/bin/kill" \ "${coreutils}/bin/kill" ''; Loading @@ -178,11 +178,11 @@ stdenv.mkDerivation rec { service = nixosTests.aesmd; }; meta = with lib; { meta = { description = "Intel SGX Architectural Enclave Service Manager"; homepage = "https://github.com/intel/linux-sgx"; maintainers = with maintainers; [ phlip9 veehaitch citadelcore ]; maintainers = with lib.maintainers; [ phlip9 veehaitch citadelcore ]; platforms = [ "x86_64-linux" ]; license = with licenses; [ bsd3 ]; license = [ lib.licenses.bsd3 ]; }; } pkgs/os-specific/linux/sgx/sdk/default.nix +12 −9 Original line number Diff line number Diff line Loading @@ -26,15 +26,15 @@ stdenv.mkDerivation rec { pname = "sgx-sdk"; # Version as given in se_version.h version = "2.23.100.2"; version = "2.24.100.3"; # Version as used in the Git tag versionTag = "2.23"; versionTag = "2.24"; src = fetchFromGitHub { owner = "intel"; repo = "linux-sgx"; rev = "sgx_${versionTag}"; hash = "sha256-i+fE6xKiuljG8LY8TIHgrW15DVpdp46bZdNo/BjgT/I="; hash = "sha256-1urEdfMKNUqqyJ3wQ10+tvtlRuAKELpaCWIOzjCbYKw="; fetchSubmodules = true; }; Loading Loading @@ -121,8 +121,6 @@ stdenv.mkDerivation rec { pushd 'external/ippcp_internal' cp -r ${ipp-crypto-no_mitigation}/include/. inc/ install -D -m a+rw ${ipp-crypto-no_mitigation}/lib/intel64/libippcp.a \ lib/linux/intel64/no_mitigation/libippcp.a install -D -m a+rw ${ipp-crypto-cve_2020_0551_load}/lib/intel64/libippcp.a \ Loading @@ -130,8 +128,13 @@ stdenv.mkDerivation rec { install -D -m a+rw ${ipp-crypto-cve_2020_0551_cf}/lib/intel64/libippcp.a \ lib/linux/intel64/cve_2020_0551_cf/libippcp.a cp -r ${ipp-crypto-no_mitigation}/include/* inc/ mkdir inc/ippcp cp ${ipp-crypto-no_mitigation}/include/fips_cert.h inc/ippcp/ rm inc/ippcp.h patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u7.patch -o inc/ippcp.h patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i ./inc/ippcp21u11.patch -o ./inc/ippcp.h install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE Loading Loading @@ -285,11 +288,11 @@ stdenv.mkDerivation rec { ''; }; meta = with lib; { meta = { description = "Intel SGX SDK for Linux built with IPP Crypto Library"; homepage = "https://github.com/intel/linux-sgx"; maintainers = with maintainers; [ phlip9 sbellem arturcygan veehaitch ]; maintainers = with lib.maintainers; [ phlip9 sbellem arturcygan veehaitch ]; platforms = [ "x86_64-linux" ]; license = with licenses; [ bsd3 ]; license = [ lib.licenses.bsd3 ]; }; } pkgs/os-specific/linux/sgx/sdk/disable-downloads.patch +5 −3 Original line number Diff line number Diff line diff --git a/Makefile b/Makefile index 32433051..2e480efb 100644 index 73502a7..f24bd11 100644 --- a/Makefile +++ b/Makefile @@ -50,8 +50,8 @@ tips: @@ -50,18 +50,18 @@ tips: preparation: # As SDK build needs to clone and patch openmp, we cannot support the mode that download the source from github as zip. # Only enable the download from git Loading @@ -12,8 +12,10 @@ index 32433051..2e480efb 100644 + # ./external/dcap_source/QuoteVerification/prepare_sgxssl.sh nobuild cd external/openmp/openmp_code && git apply ../0001-Enable-OpenMP-in-SGX.patch >/dev/null 2>&1 || git apply ../0001-Enable-OpenMP-in-SGX.patch --check -R cd external/protobuf/protobuf_code && git apply ../sgx_protobuf.patch >/dev/null 2>&1 || git apply ../sgx_protobuf.patch --check -R - cd external/protobuf/protobuf_code && git submodule update --init --recursive && cd third_party/abseil-cpp && git apply ../../../sgx_abseil.patch>/dev/null 2>&1 || git apply ../../../sgx_abseil.patch --check -R + cd external/protobuf/protobuf_code && cd third_party/abseil-cpp && git apply ../../../sgx_abseil.patch>/dev/null 2>&1 || git apply ../../../sgx_abseil.patch --check -R ./external/sgx-emm/create_symlink.sh @@ -59,8 +59,8 @@ preparation: cd external/mbedtls/mbedtls_code && git apply ../sgx_mbedtls.patch >/dev/null 2>&1 || git apply ../sgx_mbedtls.patch --check -R cd external/cbor && cp -r libcbor sgx_libcbor cd external/cbor/libcbor && git apply ../raw_cbor.patch >/dev/null 2>&1 || git apply ../raw_cbor.patch --check -R cd external/cbor/sgx_libcbor && git apply ../sgx_cbor.patch >/dev/null 2>&1 || git apply ../sgx_cbor.patch --check -R Loading pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix +7 −3 Original line number Diff line number Diff line Loading @@ -8,16 +8,20 @@ }: gcc11Stdenv.mkDerivation rec { pname = "ipp-crypto"; version = "2021.10.0"; version = "2021.11.1"; src = fetchFromGitHub { owner = "intel"; repo = "ipp-crypto"; rev = "ippcp_${version}"; hash = "sha256-DfXsJ+4XqyjCD+79LUD53Cx8D46o1a4fAZa2UxGI1Xg="; hash = "sha256-OgNrrPE8jFVD/hcv7A43Bno96r4Z/lb7/SE6TEL7RDI="; }; cmakeFlags = [ "-DARCH=intel64" ] ++ extraCmakeFlags; cmakeFlags = [ "-DARCH=intel64" # sgx-sdk now requires FIPS-compliance mode turned on "-DIPPCP_FIPS_MODE=on" ] ++ extraCmakeFlags; nativeBuildInputs = [ cmake Loading Loading
pkgs/os-specific/linux/sgx/azure-dcap-client/default.nix +6 −6 Original line number Diff line number Diff line Loading @@ -16,7 +16,7 @@ let find "$out" -mindepth 1 -delete cp ${lib.concatStringsSep " " list} "$out/" ''; headers = linkFarmFromDrvs "azure-dcpa-client-intel-headers" [ headers = linkFarmFromDrvs "azure-dcap-client-intel-headers" [ (fetchFromGitHub rec { name = "${repo}-headers"; owner = "intel"; Loading Loading @@ -69,8 +69,8 @@ stdenv.mkDerivation rec { find -L '${headers}' -type f -exec ln -s {} src/Linux/ext/intel \; substitute src/Linux/Makefile{.in,} \ --replace '##CURLINC##' '${curl.dev}/include/curl/' \ --replace '$(TEST_SUITE): $(PROVIDER_LIB) $(TEST_SUITE_OBJ)' '$(TEST_SUITE): $(TEST_SUITE_OBJ)' --replace-fail '##CURLINC##' '${curl.dev}/include/curl/' \ --replace-fail '$(TEST_SUITE): $(PROVIDER_LIB) $(TEST_SUITE_OBJ)' '$(TEST_SUITE): $(TEST_SUITE_OBJ)' ''; env.NIX_CFLAGS_COMPILE = "-Wno-deprecated-declarations"; Loading @@ -84,11 +84,11 @@ stdenv.mkDerivation rec { # $(nix-build -A sgx-azure-dcap-client.tests.suite)/bin/tests passthru.tests.suite = callPackage ./test-suite.nix { }; meta = with lib; { meta = { description = "Interfaces between SGX SDKs and the Azure Attestation SGX Certification Cache"; homepage = "https://github.com/microsoft/azure-dcap-client"; maintainers = with maintainers; [ phlip9 trundle veehaitch ]; maintainers = with lib.maintainers; [ phlip9 trundle veehaitch ]; platforms = [ "x86_64-linux" ]; license = [ licenses.mit ]; license = [ lib.licenses.mit ]; }; }
pkgs/os-specific/linux/sgx/psw/default.nix +19 −19 Original line number Diff line number Diff line Loading @@ -29,11 +29,11 @@ stdenv.mkDerivation rec { # Also include the Data Center Attestation Primitives (DCAP) platform # enclaves. dcap = rec { version = "1.20"; version = "1.21"; filename = "prebuilt_dcap_${version}.tar.gz"; prebuilt = fetchurl { url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}"; hash = "sha256-nPsI89KSBA3cSNTMWyktZP5dkf+BwL3NZ4MuUf6G98o="; hash = "sha256-/PPD2MyNxoCwzNljIFcpkFvItXbyvymsJ7+Uf4IyZuk="; }; }; in Loading Loading @@ -158,19 +158,19 @@ stdenv.mkDerivation rec { # is helpful to have properly patched versions for non-NixOS distributions. echo "Fixing aesmd.service" substituteInPlace $out/lib/systemd/system/aesmd.service \ --replace '@aesm_folder@' \ --replace-fail '@aesm_folder@' \ "$out/aesm" \ --replace 'Type=forking' \ --replace-fail 'Type=forking' \ 'Type=simple' \ --replace "ExecStart=$out/aesm/aesm_service" \ --replace-fail "ExecStart=$out/aesm/aesm_service" \ "ExecStart=$out/bin/aesm_service --no-daemon"\ --replace "/bin/mkdir" \ --replace-fail "/bin/mkdir" \ "${coreutils}/bin/mkdir" \ --replace "/bin/chown" \ --replace-fail "/bin/chown" \ "${coreutils}/bin/chown" \ --replace "/bin/chmod" \ --replace-fail "/bin/chmod" \ "${coreutils}/bin/chmod" \ --replace "/bin/kill" \ --replace-fail "/bin/kill" \ "${coreutils}/bin/kill" ''; Loading @@ -178,11 +178,11 @@ stdenv.mkDerivation rec { service = nixosTests.aesmd; }; meta = with lib; { meta = { description = "Intel SGX Architectural Enclave Service Manager"; homepage = "https://github.com/intel/linux-sgx"; maintainers = with maintainers; [ phlip9 veehaitch citadelcore ]; maintainers = with lib.maintainers; [ phlip9 veehaitch citadelcore ]; platforms = [ "x86_64-linux" ]; license = with licenses; [ bsd3 ]; license = [ lib.licenses.bsd3 ]; }; }
pkgs/os-specific/linux/sgx/sdk/default.nix +12 −9 Original line number Diff line number Diff line Loading @@ -26,15 +26,15 @@ stdenv.mkDerivation rec { pname = "sgx-sdk"; # Version as given in se_version.h version = "2.23.100.2"; version = "2.24.100.3"; # Version as used in the Git tag versionTag = "2.23"; versionTag = "2.24"; src = fetchFromGitHub { owner = "intel"; repo = "linux-sgx"; rev = "sgx_${versionTag}"; hash = "sha256-i+fE6xKiuljG8LY8TIHgrW15DVpdp46bZdNo/BjgT/I="; hash = "sha256-1urEdfMKNUqqyJ3wQ10+tvtlRuAKELpaCWIOzjCbYKw="; fetchSubmodules = true; }; Loading Loading @@ -121,8 +121,6 @@ stdenv.mkDerivation rec { pushd 'external/ippcp_internal' cp -r ${ipp-crypto-no_mitigation}/include/. inc/ install -D -m a+rw ${ipp-crypto-no_mitigation}/lib/intel64/libippcp.a \ lib/linux/intel64/no_mitigation/libippcp.a install -D -m a+rw ${ipp-crypto-cve_2020_0551_load}/lib/intel64/libippcp.a \ Loading @@ -130,8 +128,13 @@ stdenv.mkDerivation rec { install -D -m a+rw ${ipp-crypto-cve_2020_0551_cf}/lib/intel64/libippcp.a \ lib/linux/intel64/cve_2020_0551_cf/libippcp.a cp -r ${ipp-crypto-no_mitigation}/include/* inc/ mkdir inc/ippcp cp ${ipp-crypto-no_mitigation}/include/fips_cert.h inc/ippcp/ rm inc/ippcp.h patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u7.patch -o inc/ippcp.h patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i ./inc/ippcp21u11.patch -o ./inc/ippcp.h install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE Loading Loading @@ -285,11 +288,11 @@ stdenv.mkDerivation rec { ''; }; meta = with lib; { meta = { description = "Intel SGX SDK for Linux built with IPP Crypto Library"; homepage = "https://github.com/intel/linux-sgx"; maintainers = with maintainers; [ phlip9 sbellem arturcygan veehaitch ]; maintainers = with lib.maintainers; [ phlip9 sbellem arturcygan veehaitch ]; platforms = [ "x86_64-linux" ]; license = with licenses; [ bsd3 ]; license = [ lib.licenses.bsd3 ]; }; }
pkgs/os-specific/linux/sgx/sdk/disable-downloads.patch +5 −3 Original line number Diff line number Diff line diff --git a/Makefile b/Makefile index 32433051..2e480efb 100644 index 73502a7..f24bd11 100644 --- a/Makefile +++ b/Makefile @@ -50,8 +50,8 @@ tips: @@ -50,18 +50,18 @@ tips: preparation: # As SDK build needs to clone and patch openmp, we cannot support the mode that download the source from github as zip. # Only enable the download from git Loading @@ -12,8 +12,10 @@ index 32433051..2e480efb 100644 + # ./external/dcap_source/QuoteVerification/prepare_sgxssl.sh nobuild cd external/openmp/openmp_code && git apply ../0001-Enable-OpenMP-in-SGX.patch >/dev/null 2>&1 || git apply ../0001-Enable-OpenMP-in-SGX.patch --check -R cd external/protobuf/protobuf_code && git apply ../sgx_protobuf.patch >/dev/null 2>&1 || git apply ../sgx_protobuf.patch --check -R - cd external/protobuf/protobuf_code && git submodule update --init --recursive && cd third_party/abseil-cpp && git apply ../../../sgx_abseil.patch>/dev/null 2>&1 || git apply ../../../sgx_abseil.patch --check -R + cd external/protobuf/protobuf_code && cd third_party/abseil-cpp && git apply ../../../sgx_abseil.patch>/dev/null 2>&1 || git apply ../../../sgx_abseil.patch --check -R ./external/sgx-emm/create_symlink.sh @@ -59,8 +59,8 @@ preparation: cd external/mbedtls/mbedtls_code && git apply ../sgx_mbedtls.patch >/dev/null 2>&1 || git apply ../sgx_mbedtls.patch --check -R cd external/cbor && cp -r libcbor sgx_libcbor cd external/cbor/libcbor && git apply ../raw_cbor.patch >/dev/null 2>&1 || git apply ../raw_cbor.patch --check -R cd external/cbor/sgx_libcbor && git apply ../sgx_cbor.patch >/dev/null 2>&1 || git apply ../sgx_cbor.patch --check -R Loading
pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix +7 −3 Original line number Diff line number Diff line Loading @@ -8,16 +8,20 @@ }: gcc11Stdenv.mkDerivation rec { pname = "ipp-crypto"; version = "2021.10.0"; version = "2021.11.1"; src = fetchFromGitHub { owner = "intel"; repo = "ipp-crypto"; rev = "ippcp_${version}"; hash = "sha256-DfXsJ+4XqyjCD+79LUD53Cx8D46o1a4fAZa2UxGI1Xg="; hash = "sha256-OgNrrPE8jFVD/hcv7A43Bno96r4Z/lb7/SE6TEL7RDI="; }; cmakeFlags = [ "-DARCH=intel64" ] ++ extraCmakeFlags; cmakeFlags = [ "-DARCH=intel64" # sgx-sdk now requires FIPS-compliance mode turned on "-DIPPCP_FIPS_MODE=on" ] ++ extraCmakeFlags; nativeBuildInputs = [ cmake Loading
