Skip to content

Commit

Permalink
SGX reproducible builds (#219)
Browse files Browse the repository at this point in the history 
- Updates SGX Docker base image to `2024.10.2391`
- Removes unnecessary dependencies from SGX Dockerfile
- Freezes open-enclave version to `0.19.4`
- Ensures deterministic build order
  • Loading branch information
@italo-sampaio
italo-sampaio authored Nov 14, 2024
1 parent a3d2716 commit aa6489a
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 19 deletions.
16 changes: 2 additions & 14 deletions docker/sgx/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,11 @@
FROM openenclavedockerregistry.azurecr.io/oetools-20.04:2023.11.21100
FROM openenclavedockerregistry.azurecr.io/oetools-20.04:2024.10.2391

# Install dependencies
RUN apt-get update && \
apt-get install -y apt-utils vim && \
apt-get install -y tar && \
apt-get install -y xz-utils && \
apt-get install -y curl && \
apt-get install -y git && \
apt-get install -y clang-11 && \
apt-get install -y libssl-dev && \
apt-get install -y gdb && \
apt-get install -y libsgx-enclave-common && \
apt-get install -y libsgx-quote-ex && \
apt-get install -y libprotobuf17 && \
apt-get install -y libsgx-dcap-ql && \
apt-get install -y libsgx-dcap-ql-dev && \
apt-get install -y az-dcap-client && \
apt-get install -y open-enclave && \
apt-get install -y gcc && \
apt-get install -y open-enclave=0.19.4 && \
apt-get install -y make

# Create directory to host symlinks to Open Enclave static libraries
Expand Down
10 changes: 5 additions & 5 deletions firmware/src/sgx/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,13 @@ POWHSM_SRC_DIR = ../powhsm/src
COMMON_SRC_DIR = ../common/src

## Untrusted source files
UNTRUSTED_SRC = $(wildcard $(SGX_UNTRUSTED_SRC_DIR)/*.c)
UNTRUSTED_SRC = $(sort $(wildcard $(SGX_UNTRUSTED_SRC_DIR)/*.c))

## Trusted source files
TRUSTED_SRC = $(wildcard $(SGX_TRUSTED_SRC_DIR)/*.c)
TRUSTED_SRC += $(wildcard $(HAL_TRUSTED_SRC_DIR)/*.c)
TRUSTED_SRC += $(wildcard $(POWHSM_SRC_DIR)/*.c)
TRUSTED_SRC += $(wildcard $(COMMON_SRC_DIR)/*.c)
TRUSTED_SRC = $(sort $(wildcard $(SGX_TRUSTED_SRC_DIR)/*.c))
TRUSTED_SRC += $(sort $(wildcard $(HAL_TRUSTED_SRC_DIR)/*.c))
TRUSTED_SRC += $(sort $(wildcard $(POWHSM_SRC_DIR)/*.c))
TRUSTED_SRC += $(sort $(wildcard $(COMMON_SRC_DIR)/*.c))

# Enclave definition files
EDL_FILE = $(SGX_SRC_DIR)/$(ENCLAVE_NAME).edl
Expand Down

0 comments on commit aa6489a

Please sign in to comment.