Skip to content

Commit

Permalink
Add 2.22
Browse files Browse the repository at this point in the history
  • Loading branch information
@delneg
delneg committed Nov 27, 2023
1 parent d572ab8 commit c7ee5af
Show file tree
Hide file tree
Showing 4 changed files with 250 additions and 2 deletions.
10 changes: 9 additions & 1 deletion .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
sgx:
strategy:
matrix:
version: [2.18, 2.19]
version: [2.18, 2.19, 2.22]
distro: [focal]
dockerfile: [Dockerfile]
image_name: [sigmagmbh/sgx]
Expand All @@ -35,6 +35,14 @@ jobs:
distro: buster
dockerfile: aesm.Dockerfile
image_name: sigmagmbh/sgx-aesm
- version: 2.22
distro: focal
dockerfile: Dockerfile
image_name: sigmagmbh/sgx
- version: 2.22
distro: jammy
dockerfile: Dockerfile
image_name: sigmagmbh/sgx

runs-on: ubuntu-latest

Expand Down
10 changes: 9 additions & 1 deletion .github/workflows/build_and_push.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
sgx:
strategy:
matrix:
version: [2.18, 2.19]
version: [2.18, 2.19, 2.22]
distro: [focal]
dockerfile: [Dockerfile]
image_name: [sigmagmbh/sgx]
Expand All @@ -38,6 +38,14 @@ jobs:
distro: buster
dockerfile: aesm.Dockerfile
image_name: sigmagmbh/sgx-aesm
- version: 2.22
distro: focal
dockerfile: Dockerfile
image_name: sigmagmbh/sgx
- version: 2.22
distro: jammy
dockerfile: Dockerfile
image_name: sigmagmbh/sgx

runs-on: ubuntu-latest

Expand Down
116 changes: 116 additions & 0 deletions 2.22/focal/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
FROM ubuntu:20.04 as sdk

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
build-essential \
libcurl4-openssl-dev \
libprotobuf-dev \
libssl-dev \
pkg-config \
wget \
&& rm -rf /var/lib/apt/lists/*


ENV INTEL_SGX_URL "https://download.01.org/intel-sgx"
ENV LINUX_SGX_VERSION "2.22"

ARG INSTALL_ROOT_DIR="/opt/intel"
ARG SGX_SDK="${INSTALL_ROOT_DIR}/sgxsdk"
ENV SGX_SDK ${SGX_SDK}

# prebuilt binutils
RUN set -eux; \
pkg="as.ld.objdump.r4.tar.gz"; \
url="${INTEL_SGX_URL}/sgx-linux/${LINUX_SGX_VERSION}/${pkg}"; \
sha256="1c4ab5814db1e79516985c6128405f92d131b0125e5f3fc5948e94a319e92985"; \
wget "${url}" --progress=dot:giga; \
echo "${sha256} *${pkg}" | sha256sum --strict --check -; \
tar -xvf ${pkg} --directory /usr/local/bin/; \
rm -f ${pkg};

# SDK
RUN set -eux; \
distro="ubuntu20.04-server"; \
version="2.22.100.3"; \
pkg="sgx_linux_x64_sdk_${version}.bin"; \
url="${INTEL_SGX_URL}/sgx-linux/${LINUX_SGX_VERSION}/distro/${distro}/${pkg}"; \
sha256="7f6d8a0ece65757ccd714c46c0e8baa7f1c6a8428bc7b85bf42b5fd834bf19d0"; \
wget -O sdk.bin "${url}" --progress=dot:giga; \
echo "$sha256 *sdk.bin" | sha256sum --strict --check -; \
chmod +x sdk.bin; \
echo -e "no\n/${INSTALL_ROOT_DIR}" | ./sdk.bin; \
echo "source ${SGX_SDK}/environment" >> /root/.bashrc; \
rm -f sdk.bin;

WORKDIR ${SGX_SDK}


# PSW
FROM sdk as psw

RUN set -eux; \
distro="focal"; \
url="${INTEL_SGX_URL}/sgx_repo/ubuntu"; \
echo "deb [arch=amd64] ${url} ${distro} main" \
| tee /etc/apt/sources.list.d/intel-sgx.list; \
wget -qO - "${url}/intel-sgx-deb.key" | apt-key add -; \
apt-get update; \
apt-get install -y --no-install-recommends \
libsgx-headers \
libsgx-ae-epid \
libsgx-ae-le \
libsgx-ae-pce \
libsgx-aesm-epid-plugin \
libsgx-aesm-launch-plugin \
libsgx-aesm-pce-plugin \
libsgx-aesm-quote-ex-plugin \
libsgx-enclave-common \
libsgx-enclave-common-dev \
libsgx-epid \
libsgx-epid-dev \
libsgx-launch \
libsgx-launch-dev \
libsgx-quote-ex \
libsgx-quote-ex-dev \
libsgx-uae-service \
libsgx-urts \
sgx-aesm-service; \
rm -rf /var/lib/apt/lists/*;


# SGX SSL
FROM psw as ssl

# NOTE Versions for openssl and sgx ssl should match.
# See the intel-sgx-ssl repo tags for more information.
ARG OPENSSL_VERSION="3.0.10"
ARG SGX_SSL_COMMIT="ef50655895c869146bf73a889604fe462867a7ce"
ARG SGX_MODE=SIM
ARG SGX_SSL="${INSTALL_ROOT_DIR}/sgxssl"

ENV SGX_SSL ${SGX_SSL}

RUN apt-get update && apt-get install -y \
git \
nasm \
&& rm -rf /var/lib/apt/lists/*

WORKDIR ${SGX_SSL}

ENV PKG_CONFIG_PATH ${SGX_SDK}/pkgconfig
ENV LD_LIBRARY_PATH ${SGX_SDK}/sdk_libs
ENV PATH ${PATH}:${SGX_SDK}/bin:${SGX_SDK}/bin/x64

RUN set -eux; \
git clone https://github.com/intel/intel-sgx-ssl.git ${SGX_SSL}; \
git checkout ${SGX_SSL_COMMIT}; \
\
pkg="openssl-${OPENSSL_VERSION}.tar.gz"; \
openssl_url="https://www.openssl.org/source/${pkg}"; \
sha256="d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca"; \
wget ${openssl_url} -P openssl_source; \
echo "${sha256} openssl_source/${pkg}" | sha256sum --strict --check -; \
\
make -C Linux sgxssl_no_mitigation SGX_MODE=${SGX_MODE}; \
DESTDIR=${SGX_SSL} make -C Linux install;
116 changes: 116 additions & 0 deletions 2.22/jammy/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
FROM ubuntu:22.04 as sdk

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
build-essential \
libcurl4-openssl-dev \
libprotobuf-dev \
libssl-dev \
pkg-config \
wget \
&& rm -rf /var/lib/apt/lists/*


ENV INTEL_SGX_URL "https://download.01.org/intel-sgx"
ENV LINUX_SGX_VERSION "2.22"

ARG INSTALL_ROOT_DIR="/opt/intel"
ARG SGX_SDK="${INSTALL_ROOT_DIR}/sgxsdk"
ENV SGX_SDK ${SGX_SDK}

# prebuilt binutils
RUN set -eux; \
pkg="as.ld.objdump.r4.tar.gz"; \
url="${INTEL_SGX_URL}/sgx-linux/${LINUX_SGX_VERSION}/${pkg}"; \
sha256="1c4ab5814db1e79516985c6128405f92d131b0125e5f3fc5948e94a319e92985"; \
wget "${url}" --progress=dot:giga; \
echo "${sha256} *${pkg}" | sha256sum --strict --check -; \
tar -xvf ${pkg} --directory /usr/local/bin/; \
rm -f ${pkg};

# SDK
RUN set -eux; \
distro="ubuntu22.04-server"; \
version="2.22.100.3"; \
pkg="sgx_linux_x64_sdk_${version}.bin"; \
url="${INTEL_SGX_URL}/sgx-linux/${LINUX_SGX_VERSION}/distro/${distro}/${pkg}"; \
sha256="7f6d8a0ece65757ccd714c46c0e8baa7f1c6a8428bc7b85bf42b5fd834bf19d0"; \
wget -O sdk.bin "${url}" --progress=dot:giga; \
echo "$sha256 *sdk.bin" | sha256sum --strict --check -; \
chmod +x sdk.bin; \
echo -e "no\n/${INSTALL_ROOT_DIR}" | ./sdk.bin; \
echo "source ${SGX_SDK}/environment" >> /root/.bashrc; \
rm -f sdk.bin;

WORKDIR ${SGX_SDK}


# PSW
FROM sdk as psw

RUN set -eux; \
distro="jammy"; \
url="${INTEL_SGX_URL}/sgx_repo/ubuntu"; \
echo "deb [arch=amd64] ${url} ${distro} main" \
| tee /etc/apt/sources.list.d/intel-sgx.list; \
wget -qO - "${url}/intel-sgx-deb.key" | apt-key add -; \
apt-get update; \
apt-get install -y --no-install-recommends \
libsgx-headers \
libsgx-ae-epid \
libsgx-ae-le \
libsgx-ae-pce \
libsgx-aesm-epid-plugin \
libsgx-aesm-launch-plugin \
libsgx-aesm-pce-plugin \
libsgx-aesm-quote-ex-plugin \
libsgx-enclave-common \
libsgx-enclave-common-dev \
libsgx-epid \
libsgx-epid-dev \
libsgx-launch \
libsgx-launch-dev \
libsgx-quote-ex \
libsgx-quote-ex-dev \
libsgx-uae-service \
libsgx-urts \
sgx-aesm-service; \
rm -rf /var/lib/apt/lists/*;


# SGX SSL
FROM psw as ssl

# NOTE Versions for openssl and sgx ssl should match.
# See the intel-sgx-ssl repo tags for more information.
ARG OPENSSL_VERSION="3.0.10"
ARG SGX_SSL_COMMIT="ef50655895c869146bf73a889604fe462867a7ce"
ARG SGX_MODE=SIM
ARG SGX_SSL="${INSTALL_ROOT_DIR}/sgxssl"

ENV SGX_SSL ${SGX_SSL}

RUN apt-get update && apt-get install -y \
git \
nasm \
&& rm -rf /var/lib/apt/lists/*

WORKDIR ${SGX_SSL}

ENV PKG_CONFIG_PATH ${SGX_SDK}/pkgconfig
ENV LD_LIBRARY_PATH ${SGX_SDK}/sdk_libs
ENV PATH ${PATH}:${SGX_SDK}/bin:${SGX_SDK}/bin/x64

RUN set -eux; \
git clone https://github.com/intel/intel-sgx-ssl.git ${SGX_SSL}; \
git checkout ${SGX_SSL_COMMIT}; \
\
pkg="openssl-${OPENSSL_VERSION}.tar.gz"; \
openssl_url="https://www.openssl.org/source/${pkg}"; \
sha256="d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca"; \
wget ${openssl_url} -P openssl_source; \
echo "${sha256} openssl_source/${pkg}" | sha256sum --strict --check -; \
\
make -C Linux sgxssl_no_mitigation SGX_MODE=${SGX_MODE}; \
DESTDIR=${SGX_SSL} make -C Linux install;

0 comments on commit c7ee5af

Please sign in to comment.