进入/opt/intel/sgxsdk/SampleCode 文件夹中的示例文件,复制一个项目cp -r SampleEnclave HelloEnclave SampleEnclave示例实现了安全printf函数,可以被用来安全打印我们需要打印的字符串。我们把SampleEnclave示例复制到自己的文件夹中,基于该示例,我们开发一个使用Enclave打印Hello Enclave的应用程序。我们把复制得到的SampleEnclave文件夹名称改成HelloEnclave文件夹
需要修改的文件为`Enclave.edl文件、Enclave.cpp文件、Enclave.h文件、App.cpp文件
修改Enclave.edl
我们要在Enclave.edl文件中定义不可信代码调用可信函数的接口,比如我们定义的可信函数是printf_helloenclave,在该函数中我们打印”Hello Enclave“,该函数没有参数也没有返回值。
进入HelloEnclave/Enclave 修改Enclave.edl添加一个可信方法public void printf_helloenclave() 具体代码如下
enclave {
include "user_types.h" /* buffer_t */
/* Import ECALL/OCALL from sub-directory EDLs.
* [from]: specifies the location of EDL file.
* [import]: specifies the functions to import,
* [*]: implies to import all functions.
*/
from "Edger8rSyntax/Types.edl" import *;
from "Edger8rSyntax/Pointers.edl" import *;
from "Edger8rSyntax/Arrays.edl" import *;
from "Edger8rSyntax/Functions.edl" import *;
from "TrustedLibrary/Libc.edl" import *;
from "TrustedLibrary/Libcxx.edl" import ecall_exception, ecall_map;
from "TrustedLibrary/Thread.edl" import *;
trusted{
public void printf_helloenclave();
};
/*
* ocall_print_string - invokes OCALL to display string buffer inside the enclave.
* [in]: copy the string buffer to App outside.
* [string]: specifies 'str' is a NULL terminated buffer.
*/
untrusted {
void ocall_print_string([in, string] const char *str);
};
};
修改Enclave.cpp
我们在Enclave.cpp文件中实现printf_helloenclave函数,该函数比较简单,就是打印Hello Enclave。
具体方法如下
#include "Enclave.h"
#include "Enclave_t.h" /* print_string */
#include <stdarg.h>
#include <stdio.h> /* vsnprintf */
#include <string.h>
/*
* printf:
* Invokes OCALL to display the enclave buffer to the terminal.
*/
int printf(const char* fmt, ...)
{
char buf[BUFSIZ] = { '\0' };
va_list ap;
va_start(ap, fmt);
vsnprintf(buf, BUFSIZ, fmt, ap);
va_end(ap);
ocall_print_string(buf);
return (int)strnlen(buf, BUFSIZ - 1) + 1;
}
void printf_helloenclave()
{
printf("Hello enclave\n");
}
修改Enclave.h
我们在Enclave.h文件中添加printf_helloenclave函数声明,该文件修改比较简单。具体代码如下
#ifndef _ENCLAVE_H_
#define _ENCLAVE_H_
#include <assert.h>
#include <stdlib.h>
#if defined(__cplusplus)
extern "C" {
#endif
int printf(const char* fmt, ...);
void printf_helloenclave();
#if defined(__cplusplus)
}
#endif
#endif /* !_ENCLAVE_H_ */
修改main方法
进入 cd HelloEnclave/App
vim App.cpp
//找到main方法
具体代码如下
/* Application entry */
int SGX_CDECL main(int argc, char *argv[])
{
(void)(argc);
(void)(argv);
/* Initialize the enclave */
if(initialize_enclave() < 0){
printf("Enter a character before exit ...\n");
getchar();
return -1;
}
/* Utilize edger8r attributes */
// edger8r_array_attributes();
// edger8r_pointer_attributes();
// edger8r_type_attributes();
// edger8r_function_attributes();
/* Utilize trusted libraries */
//ecall_libc_functions();
//ecall_libcxx_functions();
// ecall_thread_functions();
/* Destroy the enclave */
printf_helloenclave(global_eid);
sgx_destroy_enclave(global_eid);
printf("Info: SampleEnclave successfully returned.\n");
printf("Enter a character before exit ...\n");
getchar();
return 0;
}
退回到HelloEnclave目录下 执行make编译
root@iZ2zefgt7bxps4bisz90chZ:/opt/intel/sgxsdk/SampleCode/HelloEnclave# make
...
//看到以下信息表示编译成功
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>10</TCSNum>
<TCSPolicy>1</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>
tcs_num 10, tcs_max_num 10, tcs_min_pool 1
The required memory is 4063232B.
The required memory is 0x3e0000, 3968 KB.
Succeed.
SIGN => enclave.signed.so
The project has been built in debug hardware mode.
make[1]: Leaving directory '/opt/intel/sgxsdk/SampleCode/HelloEnclave'
编译成功后 会生成一个app可执行文件,运行它
root@iZ2zefgt7bxps4bisz90chZ:/opt/intel/sgxsdk/SampleCode/HelloEnclave# ./app
Hello enclave
Info: SampleEnclave successfully returned.
Enter a character before exit ...
此时表示SGX 环境安装完成并且可用
引用https://www.cnblogs.com/coderzjz/p/14481548.html
