-
Notifications
You must be signed in to change notification settings - Fork 38
Expand file tree
/
Copy pathCMakeLists.txt
More file actions
161 lines (134 loc) · 4.49 KB
/
CMakeLists.txt
File metadata and controls
161 lines (134 loc) · 4.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
cmake_minimum_required(VERSION 3.11)
project(marblerun VERSION 1.9.0)
find_package(OpenEnclave CONFIG REQUIRED)
if (NOT CMAKE_BUILD_TYPE)
set(CMAKE_BUILD_TYPE Debug)
endif ()
if (NOT CMAKE_BUILD_TYPE STREQUAL Debug)
set(TRIMPATH -trimpath)
endif ()
# Generate key
add_custom_command(
OUTPUT private.pem public.pem
COMMAND openssl genrsa -out private.pem -3 3072
COMMAND openssl rsa -in private.pem -pubout -out public.pem)
add_custom_target(
signing-key
DEPENDS private.pem)
#
# Build coordinator
#
add_custom_target(coordinatorlib
COMMAND
${CMAKE_COMMAND} -P ${CMAKE_SOURCE_DIR}/build_with_version.cmake
"ertgo" ${PROJECT_VERSION} "${CMAKE_BINARY_DIR}/libcoordinator.a"
"main"
${TRIMPATH}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cmd/coordinator
)
add_custom_target(coordinator-noenclave ALL
COMMAND
${CMAKE_COMMAND} -P ${CMAKE_SOURCE_DIR}/build_with_version.cmake
"go" ${PROJECT_VERSION} "${CMAKE_BINARY_DIR}/coordinator-noenclave"
"main"
${TRIMPATH}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cmd/coordinator
)
add_executable(coordinator-enclave enclave/main.c)
add_dependencies(coordinator-enclave coordinatorlib)
configure_file(${ERT_SYMCRYPT_SO} . COPYONLY)
target_link_libraries(coordinator-enclave
openenclave::oeenclave
openenclave::oesymcryptprovider
openenclave::ertmeshentry
${CMAKE_BINARY_DIR}/libcoordinator.a
-Wl,-Bdynamic ${CMAKE_BINARY_DIR}/libsymcrypt.so.103 -Wl,-Bstatic
)
# Configure coordinator.conf
set(COORDINATORCONF_DEBUG 1)
if(PRODUCTION)
set(COORDINATORCONF_DEBUG 0)
endif()
configure_file(enclave/coordinator.conf coordinator.conf)
add_custom_command(
OUTPUT coordinator-enclave.signed
DEPENDS coordinator-enclave ${CMAKE_BINARY_DIR}/coordinator.conf signing-key
# Add fips140 verification checksum, which is usually added by the Go linker, which is not used with -buildmode=c-archive
COMMAND go run github.com/edgelesssys/goelffips@latest $<TARGET_FILE:coordinator-enclave>
# Sign enclave
COMMAND openenclave::oesign sign -e $<TARGET_FILE:coordinator-enclave> -c
${CMAKE_BINARY_DIR}/coordinator.conf -k private.pem)
# Create config for remote attestation
add_custom_command(
OUTPUT coordinator-config.json
DEPENDS coordinator-enclave.signed
COMMAND openenclave::oesign eradump -e coordinator-enclave.signed > coordinator-config.json
)
add_custom_target(sign-coordinator ALL DEPENDS coordinator-enclave.signed coordinator-config.json)
#
# Build marble-injector
#
add_custom_target(marble-injector ALL
COMMAND
CGO_ENABLED=0
${CMAKE_COMMAND} -P ${CMAKE_SOURCE_DIR}/build_with_version.cmake
"go" "${PROJECT_VERSION}" "${CMAKE_BINARY_DIR}/marble-injector"
"main"
${TRIMPATH}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cmd/marble-injector
)
#
# Build CLI
#
add_custom_target(cli ALL
COMMAND
${CMAKE_COMMAND} -P ${CMAKE_SOURCE_DIR}/build_with_version.cmake
"go" "${PROJECT_VERSION}" "${CMAKE_BINARY_DIR}/marblerun"
"github.com/edgelesssys/marblerun/cli/internal/cmd"
${TRIMPATH}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cli
)
#
# Build marble-test
#
add_custom_target(marbletestlib
ertgo build ${TRIMPATH} -buildmode=c-archive
-tags enclave,marblerun_ego_enclave -o ${CMAKE_BINARY_DIR}/libmarbletest.a
-buildvcs=false
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cmd/marble-test
)
add_custom_target(marble-test-noenclave ALL
go build ${TRIMPATH}
-tags marblerun_ego_enclave -o ${CMAKE_BINARY_DIR}/marble-test-noenclave
-buildvcs=false
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cmd/marble-test)
add_executable(marble-test-enclave enclave/main_test.c)
add_dependencies(marble-test-enclave marbletestlib)
target_link_libraries(marble-test-enclave
openenclave::oeenclave
openenclave::ertmeshentry
${CMAKE_BINARY_DIR}/libmarbletest.a
)
# Sign enclave
add_custom_command(
OUTPUT marble-test-enclave.signed
DEPENDS marble-test-enclave enclave/marble-test.conf signing-key
COMMAND openenclave::oesign sign -e $<TARGET_FILE:marble-test-enclave> -c
${CMAKE_SOURCE_DIR}/enclave/marble-test.conf -k private.pem)
# Create config for remote attestation
add_custom_command(
OUTPUT marble-test-config.json
DEPENDS marble-test-enclave.signed
COMMAND openenclave::oesign eradump -e marble-test-enclave.signed > marble-test-config.json
)
add_custom_target(sign-marble-test ALL DEPENDS marble-test-enclave.signed marble-test-config.json)
#
# Build premain-libos
#
add_custom_target(
premain-libos ALL
ertgo build ${TRIMPATH}
-buildmode=pie
-buildvcs=false
-o ${CMAKE_BINARY_DIR}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cmd/premain-libos)