Linux 1.8 Open Source Gold release

Signed-off-by: Li, Xun <[email protected]>

Author: llly

License.txt

@@ -1,6 +1,6 @@
 BSD License
 
-Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
@@ -30,14 +30,14 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 =================================================================
 
-SGX Eclipse plug-in is licensed under Eclipse Public License-v1.0
+Intel(R) Software Guard Extensions (Intel(R) SGX) Eclipse plug-in is licensed under Eclipse Public License-v1.0
 http://www.eclipse.org/legal/epl-v10.html
 
 
 
 ==============================================================
 
-libsgx_le.signed.so, libsgx_pce.signed.so, libsgx_pve.signed.so and libsgx_qe.signed.so are licensed as Intel redistributable binary firmware and other blobs.
+libsgx_le.signed.so, libsgx_pce.signed.so, libsgx_pve.signed.so, libsgx_qe.signed.so, libsgx_pse_pr.signed.so and libsgx_pse_op.signed.so are licensed as Intel redistributable binary firmware and other blobs.
 
 
 Copyright (c) Intel Corporation.
@@ -83,7 +83,7 @@ DAMAGE.
 
 ===========================================================================================================================================================
 
-SGX software for Linux also uses third-party projects that may be distributed under different licenses. Please see below for details.
+Intel(R) SGX software for Linux also uses third-party projects that may be distributed under different licenses. Please see below for details.
 
 
 1. Android Open Source Project
@@ -1394,3 +1394,44 @@ All Recipient's rights under this Agreement shall terminate if it fails to compl
 Everyone is permitted to copy and distribute copies of this Agreement, but in order to avoid inconsistency the Agreement is copyrighted and may only be modified in the following manner. The Agreement Steward reserves the right to publish new versions (including revisions) of this Agreement from time to time. No one other than the Agreement Steward has the right to modify this Agreement. The Eclipse Foundation is the initial Agreement Steward. The Eclipse Foundation may assign the responsibility to serve as the Agreement Steward to a suitable separate entity. Each new version of the Agreement will be given a distinguishing version number. The Program (including Contributions) may always be distributed subject to the version of the Agreement under which it was received. In addition, after a new version of the Agreement is published, Contributor may elect to distribute the Program (including its Contributions) under the new version. Except as expressly stated in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to the intellectual property of any Contributor under this Agreement, whether expressly, by implication, estoppel or otherwise. All rights in the Program not expressly granted under this Agreement are reserved.
 
 This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation.
+
+
+
+
+18. TCMALLOC
+
+TCMALLOC is part of Google Perf Tools, which is distributed under the terms of the BSD license.
+
+    http://goog-perftools.sourceforge.net/
+
+
+Copyright (c) 2005, Google Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+    * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+

Linux_SGXEclipsePlugin/build_directory/features/com.intel.sgx.feature/feature.xml

@@ -24,11 +24,11 @@ tools Plug-in to allow ISVs develop secure extensions in C or
 C++. The Plug-in also allows conversion of an Linux Application
 project into an Linux Application project with Software Guard
 Extensions.
-Using the Plug-in features and SGX Plug-in Menu options, a developer
+Using the Plug-in features and Intel(R) SGX Plug-in Menu options, a developer
 can modify the Signing keys and Enclave Configuration for an
 Enclave project and can add enclaves inside a project with SGX Nature.
 Once development is complete, the developer can build the Enclave
-and the Linux project using the SGX SDK for Linux with Release/Debug Configurations in Simulation/Hardware
+and the Linux project using the Intel(R) SGX SDK for Linux with Release/Debug Configurations in Simulation/Hardware
 mode and Hardware Prerelease mode.
    </description>
 

Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/content.html

@@ -214,7 +214,7 @@ <h3>Adding SGX Nature to a non-SGX project</h3>
                 <p class="figcap">Intel(R) SGX Tools</p>
             </li>
             <li>
-                <p>New configurations specific to SGX technology.  You may see the configurations for the project by clicking to the down arrow of button <img src="Resources/Images/Down_Arrow_Button.png" /> usually found at the top of the Eclipse window:</p>
+                <p>New configurations specific to Intel(R) SGX technology.  You may see the configurations for the project by clicking to the down arrow of button <img src="Resources/Images/Down_Arrow_Button.png" /> usually found at the top of the Eclipse window:</p>
                 <p>
                     <img src="Resources/Images/Configurations_Specific_to_Intel_SGX_Technology.png" />
                 </p>

Linux_SGXEclipsePlugin/build_directory/sites/site.xml

@@ -17,7 +17,7 @@
    <feature url="features/com.intel.sgx.feature_1.0.1.qualifier.jar" id="com.intel.sgx.feature" version="1.0.1.qualifier">
       <category name="com.intel.security.sgx"/>
    </feature>
-   <category-def name="com.intel.security.sgx" label="SGX Eclipse Plugin">
-      <description>SGX Eclipse Plugin 1.0.1.qualifier</description>
+   <category-def name="com.intel.security.sgx" label="Intel(R) SGX Eclipse Plugin">
+      <description>Intel(R) SGX Eclipse Plugin 1.0.1.qualifier</description>
    </category-def>
 </site>

Linux_SGXEclipsePlugin/readme.txt

@@ -12,7 +12,7 @@ The following plugins are pre-requisites to be installed in Eclipse before tryin
 run ./build.sh from command line under current directory.
 Once the build script is run, the folder build_directory/updatesite/sgx-eclipse-plugin contains the update site. This is the path that needs to be provided to the eclipse while doing installation.
 
-If the sgx eclipse plugin is already installed to eclipse and to build and install a newer version, uninstall the old version and start eclipse with the -clean option.
+If the Intel(R) Software Guard Extensions (Intel(R) SGX) eclipse plugin is already installed to eclipse and to build and install a newer version, uninstall the old version and start eclipse with the -clean option.
 Then try to build the new version of the plugin and install it in eclipse.
 
 http://wiki.eclipse.org/FAQ_How_do_I_remove_a_plug-in%3F

Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions

README.md

@@ -7,11 +7,11 @@ Introduction
 ------------
 Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification.
 
-The Linux SGX software stack is comprised of the SGX driver, the SGX SDK, and the SGX Platform Software. The SGX SDK and SGX PSW are hosted in the [linux-sgx](https://github.com/01org/linux-sgx) project.
+The Linux Intel SGX software stack is comprised of the Intel SGX driver, the Intel SGX SDK, and the Intel SGX Platform Software. The Intel SGX SDK and Intel SGX PSW are hosted in the [linux-sgx](https://github.com/01org/linux-sgx) project.
 
-The [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project hosts the out-of-tree driver for the Linux SGX software stack, which will be used until the driver upstreaming process is complete. 
+The [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project hosts the out-of-tree driver for the Linux Intel SGX software stack, which will be used until the driver upstreaming process is complete. 
 
-**Note**  This repository includes a subset of the Intel(R) IPP Cryptography library under [external/crypto_px](https://github.com/01org/linux-sgx/external/crypto_px). It is provided as reference implementation for the cryptographic primitives used in SDK and PSW. They are written in pure C and are not optimized for performance. Instructions are provided below for building the SDK and PSW with both precompiled optimized IPP binaries and the non-optimized source code version.
+**Note**  This repository includes a subset of the Intel(R) IPP Cryptography library under [external/crypto_px](https://github.com/01org/linux-sgx/external/crypto_px). It is provided as reference implementation for the cryptographic primitives used in SDK and PSW. They are written in pure C and are not optimized for performance. Instructions are provided below for building the SDK and PSW with both precompiled optimized IPP binaries and the non-optimized source code version. 
 
 License
 -------
@@ -30,21 +30,35 @@ Documentation
 
 Build and Install the Intel(R) SGX Driver
 -----------------------------------------
-Follow the instructions in the [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project to build and install the SGX driver.
+Follow the instructions in the [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project to build and install the Intel SGX driver.
 
 Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package
 -------------------------------------------------------
 ###Prerequisites:
 - Ensure that you have the following required operating systems:  
-  Ubuntu\* Desktop-14.04-LTS 64bits
-- Use the following command to install the required tools to build Intel(R) SGX SDK:  
-```
-  $ sudo apt-get install build-essential ocaml automake autoconf libtool wget python
-```
+  * Ubuntu\* Desktop-16.04-LTS 64bits
+  * Red Hat Enterprise Linux Server release 7.2 64bits
+  * CentOS 7.3.1611 64bits
+
+- Use the following command(s) to install the required tools to build Intel(R) SGX SDK:  
+  * On Ubuntu 16.04:
+  ```
+    $ sudo apt-get install build-essential ocaml automake autoconf libtool wget python
+  ```
+  * On Red Hat Enterprise Linux 7.2 and CentOS 7.3:
+  ```
+    $ sudo yum groupinstall 'Development Tools'
+    $ sudo yum install ocaml wget python
+  ```
 - Use the following command to install additional required tools to build Intel(R) SGX PSW:  
-```
-  $ sudo apt-get install libcurl4-openssl-dev protobuf-compiler protobuf-c-compiler libprotobuf-dev libprotobuf-c0-dev
-```
+  * On Ubuntu 16.04:
+  ```
+    $ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev
+  ```
+  * On Red Hat Enterprise Linux 7.2 and CentOS 7.3:
+  ```
+    $ sudo yum install openssl-devel libcurl-devel protobuf-compiler protobuf-devel
+  ```
 - Use the script ``download_prebuilt.sh`` inside source code package to download prebuilt binaries to prebuilt folder  
   You may need set https proxy for wget tool used by the script (such as ``export https_proxy=http://test-proxy:test-port``)  
 ```
@@ -74,8 +88,8 @@ The following steps describe how to build the Intel SGX SDK and PSW. You can bui
   $ make clean
 ```
 
-- The build above uses prebuilt Intel(R) Architecture Enclaves(LE/PvE/QE/PCE) - the files ``psw/ae/data/prebuilt/libsgx_*.signed.so``, which have been signed by Intel in advance.
-  To build those binaries by yourself (without a signature), first you need to build both Intel SGX SDK and PSW with the default configuration. After that, you can build each Architecture Enclave by using the `make` command from the corresponding folder:
+- The build above uses prebuilt Intel(R) Architecture Enclaves(LE/PvE/QE/PCE/PSE-OP/PSE-PR) and applet(PSDA) - the files ``psw/ae/data/prebuilt/libsgx_*.signed.so`` and ``psw/ae/data/prebuilt/PSDA.dalp``, which have been signed by Intel in advance.
+  To build those enclaves by yourself (without a signature), first you need to build both Intel SGX SDK and PSW with the default configuration. After that, you can build each Architecture Enclave by using the `make` command from the corresponding folder:
 ```
   $ cd psw/ae/le
   $ make
@@ -87,30 +101,31 @@ To build Intel(R) SGX SDK installer, enter the following command:
 $ make sdk_install_pkg
 ```
 You can find the generated Intel SGX SDK installer ``sgx_linux_x64_sdk_${version}.bin`` located under `linux/installer/bin/`, where `${version}` refers to the version number.
-You could also make an SGX SDK installer with non-optimized source code for crypto library by
-```
-$ make sdk_install_pkg USE_OPT_LIBS=0
-```
 
 ###Build Intel(R) SGX PSW Installer
 To build Intel(R) SGX PSW installer, enter the following command:
 ```
 $ make psw_install_pkg
 ```
 You can find the generated Intel SGX PSW installer ``sgx_linux_x64_psw_${version}.bin`` located under `linux/installer/bin/`, where `${version}` refers to the version number.
-You could also make an SGX PSW intaller with non-optimized source code for crypto library by
-```
-$ make psw_install_pkg USE_OPT_LIBS=0
-```
+
 Install Intel(R) SGX SDK
 ------------------------
 ###Prerequisites
 - Ensure that you have the following required operating systems:  
-  Ubuntu\* Desktop-14.04-LTS 64bits
+  * Ubuntu\* Desktop-16.04-LTS 64bits
+  * Red Hat Enterprise Linux Server release 7.2 64bits
+  * CentOS 7.3.1611 64bits
 - Use the following command to install the required tool to use Intel(R) SGX SDK:
-```  
-  $ sudo apt-get install build-essential
-```
+  * On Ubuntu 16.04:
+  ```  
+    $ sudo apt-get install build-essential python
+  ```
+  * On Red Hat Enterprise Linux 7.2 and CentOS 7.3:
+  ```
+     $ sudo yum groupinstall 'Development Tools'
+     $ sudo yum install python 
+  ```
 
 ###Install Intel(R) SGX SDK
 To install Intel(R) SGX SDK, execute the installer with root privilege:
@@ -119,46 +134,65 @@ $ cd linux/installer/bin
 $ sudo ./sgx_linux_x64_sdk_${version}.bin 
 ```
 ###Test Intel(R) SGX SDK Package with the Sample Codes
-- Copy the sample codes installed by Intel(R) SGX SDK package into your work folder, such as  
+- Copy the sample codes installed by Intel(R) SGX SDK package into your work folder, such as:  
 ```
   $ cp -r /opt/intel/sgxsdk/SampleCode ~
 ```
-- Compile and run each sample codes in the simulation mode to make sure the package works well.  
+- Compile and run each sample codes in the simulation mode to make sure the package works well:    
 ```
   $ cd SampleCode/LocalAttestation
-  $ make
+  $ make SGX_MODE=SIM
   $ ./app
 ```
    Use similar commands for other sample codes.
-
 ###Compile and Run the Sample Codes in the Hardware Mode
-If you use an SGX hardware enabled machine, you need to run the sample codes in the hardware mode.
-Ensure that you install SGX driver and Intel(R) SGX PSW installer on the machine.  
+If you use an Intel SGX hardware enabled machine, you can run the sample codes in the hardware mode.
+Ensure that you install Intel(R) SGX driver and Intel(R) SGX PSW installer on the machine.  
+See the topic, Build and Install the Intel(R) SGX Driver, on how to install the Intel(R) SGX driver.  
 See the topic, Install Intel(R) SGX PSW, on how to install the PSW package.
-- Copy the sample codes installed by the Intel(R) SGX SDK package into your work folder, such as  
+- Copy the sample codes installed by the Intel(R) SGX SDK package into your work folder, such as:   
 ```
   $ cp -r /opt/intel/sgxsdk/SampleCode ~
 ```
-- Compile and run each sample codes in the debug mode.  
+- Compile and run each sample codes in the hardware mode, debug build:  
 ```
   $ cd SampleCode/LocalAttestation
-  $ make SGX_MODE=HW SGX_DEBUG=1
+  $ make
   $ ./app
 ```
    Use similar commands for other sample codes.
-
 Install Intel(R) SGX PSW
 ------------------------
 ###Prerequisites
 - Ensure that you have the following required operating systems:  
-  Ubuntu\* Desktop-14.04-LTS 64bits
+  * Ubuntu\* Desktop-16.04-LTS 64bits
+  * Red Hat Enterprise Linux Server release 7.2 64bits
+  * CentOS 7.3.1611 64bits
 - Ensure that you have the following required hardware:  
   6th Generation Intel(R) Core(TM) Processor (code named Skylake)
-- Configure the system with the **SGX hardware enabled** option and install SGX driver in advance.  
-  See the topic, Build and Install the Intel(R) SGX Driver, on how to install the SGX driver.
+- Configure the system with the **Intel SGX hardware enabled** option and install Intel SGX driver in advance.  
+  See the topic, Build and Install the Intel(R) SGX Driver, on how to install the Intel SGX driver.
 - Install the library using the following command:  
-```
-  $ sudo apt-get install libcurl4-openssl-dev libprotobuf-dev libprotobuf-c0-dev
+  * On Ubuntu 16.04:
+  ```
+    $ sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev
+  ```
+  * On Red Hat Enterprise Linux 7.2 and CentOS 7.3:
+  ```
+    $ sudo yum install openssl-devel libcurl-devel protobuf-devel
+  ```
+- To use trusted platform service on Ubuntu 16.04  
+  Ensure mei_me driver is enabled and /dev/mei0 exists.  
+  [Download iclsClient](https://software.intel.com/en-us/sgx-sdk/download) and install it using the following commands:  
+```
+$ sudo apt-get install alien
+$ sudo alien --scripts iclsClient-1.45.449.12-1.x86_64.rpm
+$ sudo dpkg -i iclsclient_1.45.449.12-2_amd64.deb
+```
+  Download source code from [dynamic-application-loader-host-interface](https://github.com/01org/dynamic-application-loader-host-interface) project. In the source code folder build and install JHI service using the following commands:
+```
+$ sudo apt-get install uuid-dev libxml2-dev
+$ cmake .;make;sudo make install;sudo systemclt enable jhi
 ```
 
 ###Install Intel(R) SGX PSW

SampleCode/LocalAttestation/App/App.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave1/Enclave1.config.xml

@@ -1,11 +1,12 @@
-<EnclaveConfiguration> 
-  <ProdID>0</ProdID> 
-  <ISVSVN>0</ISVSVN> 
-  <StackMaxSize>0x40000</StackMaxSize> 
-  <HeapMaxSize>0x100000</HeapMaxSize> 
-  <TCSNum>1</TCSNum> 
-  <TCSPolicy>1</TCSPolicy> 
-  <DisableDebug>0</DisableDebug> 
-  <MiscSelect>0</MiscSelect>
-  <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
+<EnclaveConfiguration> 
+  <ProdID>0</ProdID> 
+  <ISVSVN>0</ISVSVN> 
+  <StackMaxSize>0x40000</StackMaxSize> 
+  <HeapMaxSize>0x100000</HeapMaxSize> 
+  <TCSNum>1</TCSNum> 
+  <TCSPolicy>1</TCSPolicy> 
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug> 
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>