Fixes for making PDO work in SGX HW-mode

bin/lib/common_service.sh

@@ -125,7 +125,7 @@ service_start() {
 			     ${F_LOGLEVEL} 2> $EFILE > $OFILE &
             echo $! > ${F_LOGDIR}/${IDENTITY}.pid
 	else
-            ${F_SERVICE_CMD} --identity ${IDENTITY} --config ${IDENTITY}.toml enclave.toml --config-dir ${F_CONFDIR} \
+            ${F_SERVICE_CMD} --identity ${IDENTITY} --config ${IDENTITY}.toml --config-dir ${F_CONFDIR} \
                              ${F_LEDGERURL} ${F_LOGLEVEL} 2> $EFILE > $OFILE &
             echo $! > ${F_LOGDIR}/${IDENTITY}.pid
 	fi

build/Makefile

@@ -21,8 +21,8 @@ ifndef PDO_INSTALL_ROOT
 $(error Incomplete configuration, PDO_INSTALL_ROOT is not defined)
 endif
 
-ifndef PDO_ENCLAVE_CODE_SIGN_PEM
-$(error Incomplete configuration, PDO_ENCLAVE_CODE_SIGN_PEM is not defined)
+ifndef PDO_SGX_KEY_ROOT
+$(error Incomplete configuration, PDO_SGX_KEY_ROOT is not defined)
 endif
 
 ifndef SGX_MODE
@@ -43,7 +43,6 @@ SRCDIR ?= $(abspath $(SCRIPTDIR)/..)
 
 BUILD = $(abspath $(SCRIPTDIR)/__tools__/build.sh)
 VERIFY_PRE_BUILD = $(abspath $(SCRIPTDIR)/__tools__/verify-pre-build.sh)
-VERIFY_PRE_CONF = $(abspath $(SCRIPTDIR)/__tools__/verify-pre-conf.sh)
 CLEAN = $(abspath $(SCRIPTDIR)/__tools__/clean.sh)
 TESTSCRIPT = $(abspath $(SCRIPTDIR)/__tools__/run-tests.sh)
 BENCHMARKSCRIPT = $(abspath $(SCRIPTDIR)/__tools__/run-benchmarks.sh)
@@ -95,9 +94,6 @@ $(DSTDIR) :
 verify-pre-build :
 	$(VERIFY_PRE_BUILD)
 
-verify-pre-config :
-	$(VERIFY_PRE_CONF)
-
 build : $(PYTHON_DIR)
 	. $(abspath $(DSTDIR)/bin/activate) && $(BUILD)
 
@@ -106,16 +102,16 @@ verified-build : verify-pre-build
 
 rebuild : clean-build build $(CONDITIONAL_REGISTER_TARGET)
 
-system-keys : ${PDO_ENCLAVE_CODE_SIGN_PEM}
+system-keys : ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem
 
-${PDO_ENCLAVE_CODE_SIGN_PEM} :
-	openssl genrsa -3 -out ${PDO_ENCLAVE_CODE_SIGN_PEM} 3072
+${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem :
+	openssl genrsa -3 -out ${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem 3072
 
 # SERVICES_COUNT is the number of services of each type to create
 # First value is the number of eservices, then pservices, then
 # sservices, 5 of each is the default
 SERVICES_COUNT ?= 5 5 5
-SERVICES_CONF_TEMPLATES = $(addprefix $(SCRIPTDIR)/template/, eservice.toml pservice.toml enclave.toml)
+SERVICES_CONF_TEMPLATES = $(addprefix $(SCRIPTDIR)/template/, eservice.toml pservice.toml)
 SERVICES_CONF_TARGET = $(DSTDIR)/opt/pdo/.services_configured
 
 $(SERVICES_CONF_TARGET) : $(PYTHON_DIR) $(SERVICE_CONF_TEMPLATES)
@@ -125,18 +121,18 @@ $(SERVICES_CONF_TARGET) : $(PYTHON_DIR) $(SERVICE_CONF_TEMPLATES)
 
 config-services : $(SERVICES_CONF_TARGET)
 
-verified-config : verify-pre-config
+verified-config :
 	${MAKE} config
 
 config : config-services config-client
 
-force-config : verify-pre-config
+force-config :
 	- rm -f $(SERVICES_CONF_TARGET) $(CLIENT_CONF_TARGET)
 	${MAKE} config
 
 ifeq ($(SGX_MODE),HW)
 register : $(PYTHON_DIR)
-	@ echo registering enclave and IAS public key on the ledger
+	@ echo Register the enclave registration policy on the ledger
 	. $(abspath $(DSTDIR)/bin/activate) && $(SRCDIR)/eservice/bin/register-with-ledger.sh
 
 else
@@ -171,6 +167,6 @@ benchmark : $(PYTHON_DIR)
 .PHONY : all environment register system-keys
 .PHONY : build rebuild verified-build verify-pre-build
 .PHONY : clean clean-build clean-install
-.PHONY : config config-services force-config verified-config verify-pre-config
+.PHONY : config config-services force-config verified-config
 .PHONY : client build-client config-client
 .PHONY : benchmark test

build/__tools__/verify-pre-build.sh

@@ -41,7 +41,6 @@ yell --------------- CONFIG AND ENVIRONMENT PRE-BUILD CHECK ---------------
 
 : "${PDO_INSTALL_ROOT:-$(warn Missing environment variable PDO_INSTALL_ROOT)}"
 : "${PDO_HOME:-$(warn Missing environment variable PDO_HOME)}"
-: "${PDO_ENCLAVE_CODE_SIGN_PEM:-$(warn Missing environment variable PDO_ENCLAVE_CODE_SIGN_PEM)}"
 ([ ! -z "${SGX_SSL}" ] && [ -f ${SGX_SSL}/include/openssl/err.h ] ) || warn "Missing or invalid environment variable SGX_SSL"
 ([ ! -z "${SGX_SDK}" ] && [ -f ${SGX_SDK}/include/sgx.h ] ) || warn "Missing or invalid environment variable SGX_SDK"
 : "${SGX_MODE:-$(warn Missing environment variable SGX_MODE, set it to HW or SIM)}"
@@ -59,8 +58,4 @@ if [ ! -d "${PDO_INSTALL_ROOT}" ]; then
     warn "PDO_INSTALL_ROOT directory does not exist"
 fi
 
-if [ ! -f "${PDO_ENCLAVE_CODE_SIGN_PEM}" ]; then
-    warn "PDO_ENCLAVE_CODE_SIGN_PEM file does not exist"
-fi
-
 exit $F_VERIFIED

build/cmake/SGX.cmake

@@ -16,10 +16,10 @@
 # Environment Variables
 ################################################################################
 
-IF (NOT DEFINED ENV{PDO_ENCLAVE_CODE_SIGN_PEM})
-  MESSAGE(FATAL_ERROR "PDO_ENCLAVE_CODE_SIGN_PEM not defined")
+IF (NOT DEFINED ENV{PDO_SGX_KEY_ROOT})
+  MESSAGE(FATAL_ERROR "PDO_SGX_KEY_ROOT not defined")
 ENDIF()
-SET(PDO_ENCLAVE_CODE_SIGN_PEM "$ENV{PDO_ENCLAVE_CODE_SIGN_PEM}")
+SET(PDO_SGX_KEY_ROOT "$ENV{PDO_SGX_KEY_ROOT}")
 
 IF (NOT DEFINED ENV{SGX_MODE})
   MESSAGE(FATAL_ERROR "SGX_MODE not defined")

build/cmake/Test.cmake

@@ -34,8 +34,8 @@ SET(PDO_TEST_CONTRACT
   --logfile ${TEST_LOG_FILE})
 
 # NOTE: we override the default configuration here because clients
-# do not have the full configuration files (eservice1.toml and
-# enclave.toml) and when running with services these are not required.
+# do not have the full configuration file (eservice1.toml) and
+# when running with services these are not required.
 SET(PDO_TEST_CONTRACT_WITH_SERVICES
   ${PDO_TEST_CONTRACT}
   --ledger ${TEST_LEDGER}