Update cmake macros for more consistent processing of SGX configuration

* Simplify and document the PDO_DEBUG_BUILD configuration checks * Move all of the configuration template processing into a single cmake FUNCTION * Cmake now uses the configure_file command to perform variable substitution (no more sed) Signed-off-by: Mic Bowman <[email protected]>
hyperledger-labs · May 22, 2024 · 0b782f1 · 0b782f1
1 parent c13eee8
commit 0b782f1
Show file tree

Hide file tree

Showing 10 changed files with 66 additions and 62 deletions.
diff --git a/build/cmake/ProjectVariables.cmake b/build/cmake/ProjectVariables.cmake
@@ -20,7 +20,7 @@
 ADD_COMPILE_OPTIONS(-m64 -fvisibility=hidden -fpie -fPIC -fstack-protector)
 ADD_COMPILE_OPTIONS($<$<COMPILE_LANGUAGE:CXX>:-std=c++11>)
 
-OPTION(PDO_DEBUG_BUILD "Build with debugging turned on" FALSE)
+OPTION(PDO_DEBUG_BUILD "Build with debugging turned on" 0)
 
 IF (DEFINED ENV{PDO_DEBUG_BUILD})
   SET(PDO_DEBUG_BUILD $ENV{PDO_DEBUG_BUILD})
@@ -36,12 +36,6 @@ ELSE()
   MESSAGE(STATUS "Compiling with optimizations (-O2). To use debug flags, set the DEBUG environment variable.")
 ENDIF()
 
-IF (DEFINED CMAKE_BUILD_TYPE)
-    MESSAGE(STATUS "Building with CMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}")
-ELSE()
-    MESSAGE(STATUS "CMAKE_BUILD_TYPE not defined")
-ENDIF()
-
 # The verbose build flag allows warning messages
 # to be turned off. This removes a lot of the verbosity
 # of the OpenSSL/SGXSSL deprecation warnings. In general

diff --git a/build/cmake/SGX.cmake b/build/cmake/SGX.cmake
@@ -26,20 +26,25 @@ IF (NOT DEFINED ENV{SGX_MODE})
 ENDIF()
 SET(SGX_MODE $ENV{SGX_MODE})
 
+# There are effectively three build modes for SGX:
+#   1) SIM mode with PDO_DEBUG_BUILD enabled
+#   2) HW mode with PDO_DEBUG_BUILD enabled
+#   3) HW mode with PDO_DEBUG_BUILD disabled (release mode)
+# For now we just check the consistency of the variables (SGX_MODE, PDO_DEBUG_BUILD and CMAKE_BUIDL_TYPE)
 IF (${SGX_MODE} STREQUAL "SIM")
-    SET(SGX_USE_SIMULATOR TRUE)
-
-    IF (${PDO_DEBUG_BUILD} STREQUAL "0")
+    IF (NOT ${PDO_DEBUG_BUILD})
         MESSAGE(FATAL_ERROR "SGX_MODE=SIM does not accept PDO_DEBUG_BUILD=0")
     ENDIF()
-ELSE()
-    SET(SGX_USE_SIMULATOR FALSE)
 
+    SET(SGX_USE_SIMULATOR TRUE)
+ELSE()
     IF (${CMAKE_BUILD_TYPE} STREQUAL "Release")
-        IF (${PDO_DEBUG_BUILD} STREQUAL "1")
+        IF (${PDO_DEBUG_BUILD})
             MESSAGE(FATAL_ERROR "SGX_MODE=HW and CMAKE_BUILD_TYPE=Release do not accept PDO_DEBUG_BUILD=1")
         ENDIF()
     ENDIF()
+
+    SET(SGX_USE_SIMULATOR FALSE)
 ENDIF()
 
 IF (NOT DEFINED ENV{SGX_SDK})
@@ -253,19 +258,32 @@ FUNCTION(SGX_DEPLOY_FILES TARGET HEADER_NAME)
 ENDFUNCTION()
 
 # -----------------------------------------------------------------
-# SGX_PREPARE_ENCLAVE_XML
+# SGX_CONFIGURE_ENCLAVE
+#
 # Generate the xml configuration file which can be then used by
-# SGX_SIGN. For now, this is only necessary to set the DisableDebug field.
+# SGX_SIGN. For now, the only field that is changed is the flag to
+# disable debugging. Note that this uses the configure_file cmake
+# command which expands references to variables like ${DISABLE_DEBUG}
 # -----------------------------------------------------------------
-FUNCTION(SGX_PREPARE_ENCLAVE_XML XML_IN XML_OUT)
-    IF (${PDO_DEBUG_BUILD} STREQUAL "0")
-        SET(DISABLE_DEBUG "1")
-    ELSE()
-        SET(DISABLE_DEBUG "0")
-    ENDIF()
-    ADD_CUSTOM_COMMAND(
-        OUTPUT ${XML_OUT}
-        COMMAND "sed"
-            "'s/<DisableDebug>.*<\\/DisableDebug>/<DisableDebug>${DISABLE_DEBUG}<\\/DisableDebug>/'"
-            "${XML_IN}>${XML_OUT}")
+FUNCTION(SGX_CONFIGURE_ENCLAVE TARGET CONFIG)
+  # the flag in the configuration file is used to DISABLE debugging,
+  # precisely the opposite of the PDO_DEBUG_BUILD flag
+  IF (${PDO_DEBUG_BUILD})
+    SET(DISABLE_DEBUG "0")
+  ELSE()
+    SET(DISABLE_DEBUG "1")
+  ENDIF()
+
+  CONFIGURE_FILE(${CONFIG}.in ${CONFIG})
+
+  ADD_CUSTOM_TARGET(
+    generate-configuration-file
+    DEPENDS ${CONFIG})
+
+  SET_PROPERTY(
+    TARGET generate-configuration-file
+    APPEND
+    PROPERTY ADDITIONAL_CLEAN_FILES ${CONFIG})
+
+  ADD_DEPENDENCIES(${TARGET} generate-configuration-file)
 ENDFUNCTION()
diff --git a/eservice/.gitignore b/eservice/.gitignore
@@ -6,3 +6,4 @@ dist
 *.pyc
 *.so
 deps
+pdo_enclave.config.xml
diff --git a/eservice/Makefile b/eservice/Makefile
@@ -85,10 +85,16 @@ test:
 	cd tests && pdo-test-request --no-ledger --iterations 10 --logfile $(TEST_LOG_FILE) --loglevel $(TEST_LOG_LEVEL)
 
 clean:
-	rm -f $(addprefix pdo/eservice/enclave/, pdo_enclave_internal.py pdo_enclave_internal_wrap.cpp)
-	rm -rf build deps dist *.egg-info
-	find . -iname '*.pyc' -delete
-	find . -iname '__pycache__' -delete
+	@ echo Remove build directory
+	@ if [ -d build ]; then \
+		make -C build clean; \
+		rm -rf build deps dist *.egg-info ; \
+	fi
+	@ echo clean swig files
+	@ rm -f $(addprefix pdo/eservice/enclave/, pdo_enclave_internal.py pdo_enclave_internal_wrap.cpp)
+	@ echo Clean up python caches
+	@ find . -iname '*.pyc' -delete
+	@ find . -iname '__pycache__' -delete
 
 print_enclave_files:
 	@echo $(ENCLAVE_FILES)

diff --git a/eservice/lib/libpdo_enclave/CMakeLists.txt b/eservice/lib/libpdo_enclave/CMakeLists.txt
@@ -23,23 +23,12 @@ FILE(GLOB PROJECT_HEADERS *.h)
 FILE(GLOB PROJECT_SOURCES *.cpp)
 FILE(GLOB PROJECT_EDL enclave.edl)
 FILE(GLOB PROJECT_LDS *.lds)
-SET(PROJECT_CONFIG pdo_enclave.config.xml)
+SET(PROJECT_CONFIG ${CMAKE_CURRENT_SOURCE_DIR}/pdo_enclave.config.xml)
 
 SGX_EDGE_TRUSTED(${PROJECT_EDL} PROJECT_EDGE_SOURCES)
 SET (LIBPDO_ENCLAVE_EDL ${PROJECT_EDL} PARENT_SCOPE)
 
 
-# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-# Enclave configuration file
-# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
-SGX_PREPARE_ENCLAVE_XML(${CMAKE_CURRENT_SOURCE_DIR}/${PROJECT_CONFIG}.in ${PROJECT_CONFIG})
-ADD_CUSTOM_TARGET(prepare_enclave_xml DEPENDS ${PROJECT_CONFIG})
-SET_PROPERTY(
-    TARGET prepare_enclave_xml
-    APPEND
-    PROPERTY ADDITIONAL_CLEAN_FILES ${PROJECT_CONFIG})
-
 # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 # Compile targets
 # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
@@ -57,6 +46,6 @@ TARGET_LINK_LIBRARIES(${PROJECT_NAME} -Wl,--end-group)
 SGX_PREPARE_TRUSTED_LINK(${PROJECT_NAME})
 
 # add dependency to ensure that enclave configuration file is created before post-build sgx-sign
-ADD_DEPENDENCIES(${PROJECT_NAME} prepare_enclave_xml)
+SGX_CONFIGURE_ENCLAVE(${PROJECT_NAME} ${PROJECT_CONFIG})
 SGX_SIGN_ENCLAVE(${PROJECT_NAME} ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem ${PROJECT_CONFIG})
 SGX_DEPLOY_FILES(${PROJECT_NAME} eservice)
diff --git a/eservice/lib/libpdo_enclave/pdo_enclave.config.xml.in b/eservice/lib/libpdo_enclave/pdo_enclave.config.xml.in
@@ -23,7 +23,7 @@ limitations under the License.
   <ReservedMemExecutable>1</ReservedMemExecutable>
   <TCSNum>2</TCSNum>
   <TCSPolicy>1</TCSPolicy>
-  <DisableDebug>1</DisableDebug>
+  <DisableDebug>${DISABLE_DEBUG}</DisableDebug>
   <MiscSelect>0</MiscSelect>
   <MiscMask>0xFFFFFFFF</MiscMask>
 </EnclaveConfiguration>
diff --git a/pservice/.gitignore b/pservice/.gitignore
@@ -6,3 +6,4 @@ dist
 *.pyc
 *.so
 deps
+pdo_enclave.config.xml
diff --git a/pservice/Makefile b/pservice/Makefile
@@ -79,10 +79,16 @@ install: $(EGG_FILE)
 		python3 setup.py install
 
 clean:
-	rm -f $(addprefix pdo/pservice/enclave/, pdo_enclave_internal.py pdo_enclave_internal_wrap.cpp)
-	rm -rf build deps dist *.egg-info
-	find . -iname '*.pyc' -delete
-	find . -iname '__pycache__' -delete
+	@ echo Remove build directory
+	@ if [ -d build ]; then \
+		make -C build clean; \
+		rm -rf build deps dist *.egg-info ; \
+	fi
+	@ echo clean swig files
+	@ rm -f $(addprefix pdo/eservice/enclave/, pdo_enclave_internal.py pdo_enclave_internal_wrap.cpp)
+	@ echo Clean up python caches
+	@ find . -iname '*.pyc' -delete
+	@ find . -iname '__pycache__' -delete
 
 .phony : all
 .phony : clean

diff --git a/pservice/lib/libpdo_enclave/CMakeLists.txt b/pservice/lib/libpdo_enclave/CMakeLists.txt
@@ -23,7 +23,7 @@ FILE(GLOB PROJECT_HEADERS *.h)
 FILE(GLOB PROJECT_SOURCES *.cpp)
 FILE(GLOB PROJECT_EDL enclave.edl)
 FILE(GLOB PROJECT_LDS *.lds)
-SET(PROJECT_CONFIG pdo_enclave.config.xml)
+SET(PROJECT_CONFIG ${CMAKE_CURRENT_SOURCE_DIR}/pdo_enclave.config.xml)
 
 SGX_EDGE_TRUSTED(${PROJECT_EDL} PROJECT_EDGE_SOURCES)
 SET (LIBPDO_ENCLAVE_EDL ${PROJECT_EDL} PARENT_SCOPE)
@@ -32,17 +32,6 @@ IF(NOT EXISTS "${PDO_SOURCE_ROOT}/eservice/deps/include/eservice_mrenclave.h")
   MESSAGE(FATAL_ERROR "complete eservice build first; eservice mrenclave is missing")
 ENDIF()
 
-# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-# Enclave configuration file
-# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
-SGX_PREPARE_ENCLAVE_XML(${CMAKE_CURRENT_SOURCE_DIR}/${PROJECT_CONFIG}.in ${PROJECT_CONFIG})
-ADD_CUSTOM_TARGET(prepare_enclave_xml DEPENDS ${PROJECT_CONFIG})
-SET_PROPERTY(
-    TARGET prepare_enclave_xml
-    APPEND
-    PROPERTY ADDITIONAL_CLEAN_FILES ${PROJECT_CONFIG})
-
 # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 # Compile targets
 # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
@@ -62,6 +51,6 @@ TARGET_LINK_LIBRARIES(${PROJECT_NAME} -Wl,--end-group)
 SGX_PREPARE_TRUSTED_LINK(${PROJECT_NAME})
 
 # add dependency to ensure that enclave configuration file is created before post-build sgx-sign
-ADD_DEPENDENCIES(${PROJECT_NAME} prepare_enclave_xml)
+SGX_CONFIGURE_ENCLAVE(${PROJECT_NAME} ${PROJECT_CONFIG})
 SGX_SIGN_ENCLAVE(${PROJECT_NAME} ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem ${PROJECT_CONFIG})
 SGX_DEPLOY_FILES(${PROJECT_NAME} pservice)
diff --git a/pservice/lib/libpdo_enclave/pdo_enclave.config.xml.in b/pservice/lib/libpdo_enclave/pdo_enclave.config.xml.in
@@ -21,7 +21,7 @@ limitations under the License.
   <HeapMaxSize>0x800000</HeapMaxSize>
   <TCSNum>1</TCSNum>
   <TCSPolicy>1</TCSPolicy>
-  <DisableDebug>1</DisableDebug>
+  <DisableDebug>${DISABLE_DEBUG}</DisableDebug>
   <MiscSelect>0</MiscSelect>
   <MiscMask>0xFFFFFFFF</MiscMask>
 </EnclaveConfiguration>