You are not logged in.
Instead of properly moving the .so files I modified the LD_LIBRARY_PATH to use the psw files before the sdk files.
Moving the .so files is how this should be installed, but moving around the loader order essentially gives the same effect without modifying /usr/lib.
Offline
Generated psw installer: ./linux/installer/bin/sgx_linux_x64_psw_2.8.100.3.bin
==> Entering fakeroot environment...
==> Starting package()...
/home/phung/Downloads/intel_sgx/intel_sgx_psw/PKGBUILD: line 40: 17908 Segmentation fault (core dumped) "$pkgdir/opt/intel/sgxpsw/lib64/libsgx_enclave_common.so"
==> ERROR: A failure occurred in package().
Aborting...
[promach@archlinux intel_sgx_psw]$
I have the above error when I try to use the following PKGBUILD. Why ?
# Maintainer: promach
pkgname=linux-sgx-psw
pkgver=r300.9ddec08f
pkgrel=1
pkgdesc="Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification"
arch=('i686' 'x86_64')
url="https://01.org/intel-softwareguard-extensions"
license=('GPL')
groups=()
depends=()
makedepends=('cmake' 'protobuf' 'libunwind' 'ocaml' 'ocamlbuild' 'automake' 'autoconf' 'libtool' 'wget' 'python' 'openssl' 'git')
optdepends=()
provides=()
conflicts=()
replaces=()
backup=()
options=('!buildflags')
install=
changelog=
source=('git+https://github.com/intel/linux-sgx.git')
noextract=()
md5sums=('SKIP') #generate with 'makepkg -g'
build() {
cd "$srcdir/linux-sgx"
./download_prebuilt.sh
make clean
make psw DEBUG=1
make psw_install_pkg DEBUG=1
}
pkgver() {
cd "$srcdir/linux-sgx"
printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
}
package() {
cd "$srcdir/linux-sgx"
install -dm 755 "$pkgdir/opt/intel/sgxpsw"
bsdtar -xf linux/installer/common/psw/output/sgxpsw_1.0.orig.tar.gz -C "$pkgdir/opt/intel/sgxpsw" \
--strip-components 1 --no-same-owner package
ln -s "$pkgdir/opt/intel/sgxpsw/lib64/libsgx_enclave_common.so.1" \
"$pkgdir/opt/intel/sgxpsw/lib64/libsgx_enclave_common.so"
}
Offline
==> Starting package()...
/home/phung/Downloads/intel_sgx/intel_sgx_psw/PKGBUILD: line 48: /home/phung/Downloads/intel_sgx/intel_sgx_psw/pkg/linux-sgx-psw/opt/intel/sgxpsw/lib64/libsgx_enclave_common.so.1: No such file or directory
==> ERROR: A failure occurred in package().
If I use cp "$pkgdir/opt/intel/sgxpsw/lib64/libsgx_enclave_common.so" "$pkgdir/opt/intel/sgxpsw/lib64/libsgx_enclave_common.so.1" instead of ln command, then I have the above error.
[phung@archlinux intel_sgx_psw]$ ls -al /home/phung/Downloads/intel_sgx/intel_sgx_psw/pkg/linux-sgx-psw/opt/intel/sgxpsw/lib64/
total 14940
drwxr-xr-x 2 phung phung 4096 Mar 11 15:17 .
drwxr-xr-x 5 phung phung 4096 Mar 11 15:17 ..
-rwxr-xr-x 1 phung phung 439160 Mar 11 15:17 libsgx_enclave_common.so
-rwxr-xr-x 1 phung phung 4450952 Mar 11 15:17 libsgx_epid.so
-rwxr-xr-x 1 phung phung 4439728 Mar 11 15:17 libsgx_launch.so
-rwxr-xr-x 1 phung phung 4449240 Mar 11 15:17 libsgx_quote_ex.so
-rwxr-xr-x 1 phung phung 68336 Mar 11 15:17 libsgx_uae_service.so
-rwxr-xr-x 1 phung phung 1432344 Mar 11 15:17 libsgx_urts.so
[phung@archlinux intel_sgx_psw]$
[phung@archlinux intel_sgx_psw]$ ldd /home/phung/Downloads/intel_sgx/intel_sgx_psw/pkg/linux-sgx-psw/opt/intel/sgxpsw/lib64/libsgx_enclave_common.so
linux-vdso.so.1 (0x00007ffc279f5000)
libdl.so.2 => /usr/lib/libdl.so.2 (0x00007f6b2a130000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f6b29f47000)
libm.so.6 => /usr/lib/libm.so.6 (0x00007f6b29e01000)
libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x00007f6b29de7000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007f6b29c21000)
/usr/lib64/ld-linux-x86-64.so.2 (0x00007f6b2a1b4000)
[phung@archlinux intel_sgx_psw]$
[phung@archlinux intel_sgx_psw]$ readelf -d /home/phung/Downloads/intel_sgx/intel_sgx_psw/pkg/linux-sgx-psw/opt/intel/sgxpsw/lib64/libsgx_enclave_common.so
Dynamic section at offset 0x12c88 contains 31 entries:
Tag Type Name/Value
0x0000000000000001 (NEEDED) Shared library: [libdl.so.2]
0x0000000000000001 (NEEDED) Shared library: [libstdc++.so.6]
0x0000000000000001 (NEEDED) Shared library: [libm.so.6]
0x0000000000000001 (NEEDED) Shared library: [libgcc_s.so.1]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
0x000000000000000e (SONAME) Library soname: [libsgx_enclave_common.so.1]
0x000000000000000c (INIT) 0x2000
0x000000000000000d (FINI) 0xce20
0x0000000000000019 (INIT_ARRAY) 0x13c60
0x000000000000001b (INIT_ARRAYSZ) 24 (bytes)
0x000000000000001a (FINI_ARRAY) 0x13c78
0x000000000000001c (FINI_ARRAYSZ) 16 (bytes)
0x000000006ffffef5 (GNU_HASH) 0x260
0x0000000000000005 (STRTAB) 0x6f0
0x0000000000000006 (SYMTAB) 0x2a0
0x000000000000000a (STRSZ) 969 (bytes)
0x000000000000000b (SYMENT) 24 (bytes)
0x0000000000000003 (PLTGOT) 0x13eb8
0x0000000000000002 (PLTRELSZ) 768 (bytes)
0x0000000000000014 (PLTREL) RELA
0x0000000000000017 (JMPREL) 0xd10
0x0000000000000007 (RELA) 0xbd8
0x0000000000000008 (RELASZ) 312 (bytes)
0x0000000000000009 (RELAENT) 24 (bytes)
0x0000000000000018 (BIND_NOW)
0x000000006ffffffb (FLAGS_1) Flags: NOW
0x000000006ffffffe (VERNEED) 0xb18
0x000000006fffffff (VERNEEDNUM) 4
0x000000006ffffff0 (VERSYM) 0xaba
0x000000006ffffff9 (RELACOUNT) 6
0x0000000000000000 (NULL) 0x0
[phung@archlinux intel_sgx_psw]$
Last edited by promach (2020-03-11 08:05:11)
Offline
I tried running just the linux-sgx-sdk PKGBUILD found in this thread (see below for convenience). I get this error. I get the same error when running `make sgx DEBUG=1` manually from the cloned repo.
make[3]: *** Waiting for unfinished jobs....
g++ -c -Wnon-virtual-dtor -std=c++11 -fstack-protector -O0 -ggdb -DDEBUG -UNDEBUG -DSE_DEBUG_LEVEL=SE_TRACE_DEBUG -ffunction-sections -fdata-sections -Wall -Wextra -Winit-self -Wpointer-arith -Wreturn-type -Waddress -Wsequence-point -Wformat-security -Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow -Wcast-align -Wconversion -Wredundant-decls -DITT_ARCH_IA64 -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks -mindirect-branch-register -mfunction-return=thunk-extern -fno-plt -Wa,-mlfence-after-load=yes -Wa,-mlfence-before-ret=not -nostdinc++ -Werror -fno-rtti -fno-exceptions -I/home/user/src/aur/linux-sgx-sdk/src/linux-sgx/common/inc/ -I/home/user/src/aur/linux-sgx-sdk/src/linux-sgx/common/inc/internal/ -I/home/user/src/aur/linux-sgx-sdk/src/linux-sgx/common/inc/tlibc -I/home/user/src/aur/linux-sgx-sdk/src/linux-sgx/sdk/trts/ sgx_rsrv_mem.cpp -o sgx_rsrv_mem.o
as: unrecognized option '-mlfence-after-load=yes'
make[3]: *** [Makefile:56: mm_vrd.o] Error 1
make[3]: *** Waiting for unfinished jobs....
as: unrecognized option '-mlfence-after-load=yes'
make[3]: *** [Makefile:55: sethread_cond.o] Error 1
From what I can tell, mlfence-after-load is a new as option (see: https://www.phoronix.com/scan.php?page= … tack-perf). I do not have these in my configuration.
-momit-lock-prefix=[no|yes] (default: no)
strip all lock prefixes
-mfence-as-lock-add=[no|yes] (default: no)
encode lfence, mfence and sfence as
lock addl $0x0, (%{re}sp)
-mrelax-relocations=[no|yes] (default: yes)
generate relax relocations
-malign-branch-boundary=NUM (default: 0)
align branches within NUM byte boundary
-malign-branch=TYPE[+TYPE...] (default: jcc+fused+jmp)
TYPE is combination of jcc, fused, jmp, call, ret,
indirect
specify types of branches to align
-malign-branch-prefix-size=NUM (default: 5)
align branches with NUM prefixes per instruction
-mbranches-within-32B-boundaries
align branches within 32 byte boundary
-mamd64 accept only AMD64 ISA [default]
-mintel64 accept only Intel64 ISA
Report bugs to <https://bugs.archlinux.org/>
➜ linux-sgx-sdk as --version
GNU assembler (GNU Binutils) 2.34.0
Copyright (C) 2020 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or later.
This program has absolutely no warranty.
This assembler was configured for a target of `x86_64-pc-linux-gnu'.
I can see that binutils is outdated (despite having the latest from pacman). Here is the version on the sgx-approved Ubuntu 18.04.
root@609418c96f9a:~# as --version
GNU assembler (GNU Binutils) 2.34.50.20200320
Copyright (C) 2020 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or later.
This program has absolutely no warranty.
This assembler was configured for a target of `x86_64-pc-linux-gnu'.
The PKGBUILD:
# Maintainer: promach
pkgname=linux-sgx-sdk
pkgver=r335.3ea0560d
pkgrel=1
pkgdesc="Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification"
arch=('i686' 'x86_64')
url="https://01.org/intel-softwareguard-extensions"
license=('GPL')
groups=()
depends=()
makedepends=('cmake' 'protobuf' 'libunwind' 'ocaml' 'ocamlbuild' 'automake' 'autoconf' 'libtool' 'wget' 'python' 'openssl' 'git')
optdepends=()
provides=()
conflicts=()
replaces=()
backup=()
options=('!buildflags')
install=
changelog=
source=('git+https://github.com/intel/linux-sgx.git')
noextract=()
md5sums=('SKIP') #generate with 'makepkg -g'
build() {
cd "$srcdir/linux-sgx"
./download_prebuilt.sh
make clean
make sdk DEBUG=1
make sdk_install_pkg DEBUG=1
}
pkgver() {
cd "$srcdir/linux-sgx"
printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
}
package() {
cd "$srcdir/linux-sgx"
#echo "no\n/opt/intel/sgxsdk\n" > ./sgx_linux_x64_sdk_*.bin
#make DESTDIR="$pkgdir/opt/intel/sgxsdk" install
install -dm 755 "$pkgdir/opt/intel/sgxsdk"
bsdtar -xf linux/installer/common/sdk/output/sgxsdk_1.0.orig.tar.gz -C "$pkgdir/opt/intel/sgxsdk" --strip-components 1 --no-same-owner package
}
Last edited by conatus (2020-06-30 00:02:25)
Offline
I managed to successfully complete the install by re-installing binutils using this: https://aur.archlinux.org/packages/gdb-git/ The linux-sgx-sdk PKGBUILD now works for me.
Offline
@conatus
https://packages.ubuntu.com/bionic-updates/binutils and https://packages.ubuntu.com/bionic/binutils show the version as 2.30-21ubuntu1
2.34.50.20200512 does match https://packages.debian.org/source/expe … l/binutils which is based on an upstream snapshot.
https://sourceware.org/git/?p=binutils- … 11c84f027f
Last edited by loqs (2020-06-30 01:39:47)
Offline
I've managed to install everything but I'm having trouble running the aesmd service.
I've changed the systemd unit file so that the paths match, but the main Process simply exits with 1.
If I set up the environment like in the unit file and run it manually, the process does start, but programs cannot connect to it (they fail to connect to the socket).
This is my unit file:
[Unit]
Description=Intel(R) Architectural Enclave Service Manager
After=syslog.target network.target auditd.service
After=remount-dev-exec.service
Wants=remount-dev-exec.service
[Service]
User=aesmd
Type=forking
Environment=NAME=aesm_service
Environment=AESM_PATH=/opt/intel/sgxpsw/aesm
Environment=LD_LIBRARY_PATH=/opt/intel/sgxpsw/aesm
WorkingDirectory=/opt/intel/sgxpsw/aesm
PermissionsStartOnly=true
ExecStartPre=/opt/intel/sgxpsw/aesm/linksgx.sh
ExecStartPre=/bin/mkdir -p /var/run/aesmd/
ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/
ExecStartPre=/bin/chmod 0755 /var/run/aesmd/
ExecStartPre=/bin/mkdir -p /var/opt/aesmd/
ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/
ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/
ExecStart=/opt/intel/sgxpsw/aesm/aesm_service
InaccessibleDirectories=/home
ExecReload=/bin/kill -SIGHUP $MAINPID
Restart=on-failure
RestartSec=15s
DevicePolicy=closed
DeviceAllow=/dev/isgx rw
DeviceAllow=/dev/sgx rw
DeviceAllow=/dev/sgx/enclave rw
DeviceAllow=/dev/sgx/provision rw
[Install]
WantedBy=multi-user.target
Any suggestions on what I could do?
Offline