Bionic for 2.19

SigmaGmbH · Nov 28, 2023 · d11e9d9 · d11e9d9
1 parent 00f714b
commit d11e9d9
Show file tree

Hide file tree

Showing 3 changed files with 128 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -27,6 +27,10 @@ jobs:
             distro: jammy
             dockerfile: Dockerfile
             image_name: sigmagmbh/sgx
+          - version: 2.19
+            distro: bionic
+            dockerfile: Dockerfile
+            image_name: sigmagmbh/sgx
           - version: 2.19
             distro: focal
             dockerfile: Dockerfile

diff --git a/.github/workflows/build_and_push.yml b/.github/workflows/build_and_push.yml
@@ -30,6 +30,10 @@ jobs:
             distro: focal
             dockerfile: Dockerfile
             image_name: sigmagmbh/sgx
+          - version: 2.19
+            distro: bionic
+            dockerfile: Dockerfile
+            image_name: sigmagmbh/sgx
           - version: 2.19
             distro: jammy
             dockerfile: Dockerfile

diff --git a/2.19/bionic/Dockerfile b/2.19/bionic/Dockerfile
@@ -0,0 +1,120 @@
+FROM ubuntu:18.04 as sdk
+
+LABEL org.opencontainers.image.source=https://github.com/sigmagmbh/sgx/tree/master/2.19/ubuntu-18.04
+LABEL org.opencontainers.image.description="Linux SGX v2.19 for Ubuntu 18.04 (focal)"
+LABEL org.opencontainers.image.licenses=BSD-3-Clause
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y \
+                build-essential \
+                libcurl4-openssl-dev \
+                libprotobuf-dev \
+                libssl-dev \
+                pkg-config \
+                wget \
+        && rm -rf /var/lib/apt/lists/*
+
+
+ENV INTEL_SGX_URL "https://download.01.org/intel-sgx"
+ENV LINUX_SGX_VERSION "2.19"
+
+ARG INSTALL_ROOT_DIR="/opt/intel"
+ARG SGX_SDK="${INSTALL_ROOT_DIR}/sgxsdk"
+ENV SGX_SDK ${SGX_SDK}
+
+# prebuilt binutils
+RUN set -eux; \
+    pkg="as.ld.objdump.r4.tar.gz"; \
+    url="${INTEL_SGX_URL}/sgx-linux/${LINUX_SGX_VERSION}/${pkg}"; \
+    sha256="1c4ab5814db1e79516985c6128405f92d131b0125e5f3fc5948e94a319e92985"; \
+    wget "${url}" --progress=dot:giga; \
+    echo "${sha256} *${pkg}" | sha256sum --strict --check -; \
+    tar -xvf ${pkg} --directory /usr/local/bin/; \
+    rm -f ${pkg};
+
+# SDK
+RUN set -eux; \
+    distro="ubuntu18.04-server"; \
+    version="2.19.100.3"; \
+    pkg="sgx_linux_x64_sdk_${version}.bin"; \
+    url="${INTEL_SGX_URL}/sgx-linux/${LINUX_SGX_VERSION}/distro/${distro}/${pkg}"; \
+    sha256="e3b787be3d53151c7bec728aaa90a3159586c511b87fb8b7201e69326131b572"; \
+    wget -O sdk.bin "${url}" --progress=dot:giga; \
+    echo "$sha256 *sdk.bin" | sha256sum --strict --check -; \
+    chmod +x sdk.bin; \
+    echo -e "no\n/${INSTALL_ROOT_DIR}" | ./sdk.bin; \
+    echo "source ${SGX_SDK}/environment" >> /root/.bashrc; \
+    rm -f sdk.bin;
+
+WORKDIR ${SGX_SDK}
+
+
+# PSW
+FROM sdk as psw
+
+RUN set -eux; \
+    distro="focal"; \
+    url="${INTEL_SGX_URL}/sgx_repo/ubuntu"; \
+    echo "deb [arch=amd64] ${url} ${distro} main" \
+                | tee /etc/apt/sources.list.d/intel-sgx.list; \
+    wget -qO - "${url}/intel-sgx-deb.key" | apt-key add -; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+                libsgx-headers \
+                libsgx-ae-epid \
+                libsgx-ae-le \
+                libsgx-ae-pce \
+                libsgx-aesm-epid-plugin \
+                libsgx-aesm-launch-plugin \
+                libsgx-aesm-pce-plugin \
+                libsgx-aesm-quote-ex-plugin \
+                libsgx-enclave-common \
+                libsgx-enclave-common-dev \
+                libsgx-epid \
+                libsgx-epid-dev \
+                libsgx-launch \
+                libsgx-launch-dev \
+                libsgx-quote-ex \
+                libsgx-quote-ex-dev \
+                libsgx-uae-service \
+                libsgx-urts \
+                sgx-aesm-service; \
+    rm -rf /var/lib/apt/lists/*;
+
+
+# SGX SSL
+FROM psw as ssl
+
+# NOTE Versions for openssl and sgx ssl should match.
+# See the intel-sgx-ssl repo tags for more information.
+ARG OPENSSL_VERSION="1.1.1t"
+ARG SGX_SSL_COMMIT="7d78500f312a6cebeeb1b398ee6639bf01d8746d"
+ARG SGX_MODE=SIM
+ARG SGX_SSL="${INSTALL_ROOT_DIR}/sgxssl"
+
+ENV SGX_SSL ${SGX_SSL}
+
+RUN apt-get update && apt-get install -y \
+                git \
+                nasm \
+        && rm -rf /var/lib/apt/lists/*
+
+WORKDIR ${SGX_SSL}
+
+ENV PKG_CONFIG_PATH ${SGX_SDK}/pkgconfig
+ENV LD_LIBRARY_PATH ${SGX_SDK}/sdk_libs
+ENV PATH ${PATH}:${SGX_SDK}/bin:${SGX_SDK}/bin/x64
+
+RUN set -eux; \
+    git clone https://github.com/intel/intel-sgx-ssl.git ${SGX_SSL}; \
+    git checkout ${SGX_SSL_COMMIT}; \
+    \
+    pkg="openssl-${OPENSSL_VERSION}.tar.gz"; \
+    openssl_url="https://www.openssl.org/source/${pkg}"; \
+    sha256="8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b"; \
+    wget ${openssl_url} -P openssl_source; \
+    echo "${sha256} openssl_source/${pkg}" | sha256sum --strict --check -; \
+    \
+    make -C Linux sgxssl_no_mitigation SGX_MODE=${SGX_MODE}; \
+    DESTDIR=${SGX_SSL} make -C Linux install;