!24 backport patch

From: @zgzxx Reviewed-by: @whzhe,@chenmaodong Signed-off-by: @chenmaodong
2021-03-15 20:37:41 +08:00 · 2021-03-15 20:37:41 +08:00 · 069220c4b9
commit 069220c4b9
parent b56e946e33 5b70e532bf
7 changed files with 194 additions and 1 deletions
--- a/0009-fix-sgxssl-edl.patch
+++ b/0009-fix-sgxssl-edl.patch
@ -0,0 +1,23 @@
+From 171ab61244c87058ab7b4a9f5ea0fbb1d5a84bbc Mon Sep 17 00:00:00 2001
+From: liwei3013 <liwei3013@126.com>
+Date: Sat, 27 Feb 2021 11:32:50 +0800
+Subject: [PATCH 1/6] fix sgxssl edl
+
+Signed-off-by: liwei3013 <liwei3013@126.com>
+---
+ inc/host_inc/sgx/secgear_tssl.edl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/inc/host_inc/sgx/secgear_tssl.edl b/inc/host_inc/sgx/secgear_tssl.edl
+index 707c344..2ae7d85 100644
+--- a/inc/host_inc/sgx/secgear_tssl.edl
+++ b/inc/host_inc/sgx/secgear_tssl.edl
+@@ -1,4 +1,4 @@
+ // To do: develop key libraries of secGear version, to be compatible with SGX and GP.
+ enclave {
+-    from "sgx_tstdc.edl" import *;
+    from "sgx_tsgxssl.edl" import *;
+ };
+-- 
+2.27.0
+
--- a/0010-update-docs-build_install.md.patch
+++ b/0010-update-docs-build_install.md.patch
@ -0,0 +1,25 @@
+From a960391b449cdc9dc081dbab28e9fbc0aa093cf0 Mon Sep 17 00:00:00 2001
+From: liwei3013 <liwei3013@126.com>
+Date: Mon, 8 Mar 2021 10:19:54 +0800
+Subject: [PATCH 2/6] update docs/build_install.md.
+
+---
+ docs/build_install.md | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs/build_install.md b/docs/build_install.md
+index 9ba1adb..482e8c2 100644
+--- a/docs/build_install.md
+++ b/docs/build_install.md
+@@ -3,7 +3,7 @@ Install secGear
+ openEuler x86
+ 
+ 1. Refer to https://01.org/intel-software-guard-extensions/downloads download and install the 2.11 
+-   sgx  driver, sgx psw, sgx sdx. In the directory of sgx sdk, source environment(for use sgx-sign)
+   sgx  driver, sgx psw, sgx sdk. In the directory of sgx sdk, source environment(for use sgx-sign)
+    
+ 2. Refer to https://github.com/ocaml/opam/releases download and install the  opam-2.0.7-x86_64-linux.
+    Run "./opam-2.0.7-x86_64-linux init"
+-- 
+2.27.0
+
--- a/0011-modify-the-prompt-information.patch
+++ b/0011-modify-the-prompt-information.patch
@ -0,0 +1,25 @@
+From 4fc7411abfeef1d80b1ff97ef674322e7391e55d Mon Sep 17 00:00:00 2001
+From: zgzxx <zhangguangzhi3@huawei.com>
+Date: Wed, 10 Mar 2021 09:37:54 +0800
+Subject: [PATCH 3/6] modify the prompt information
+
+---
+ tools/codegener/intel/Util.ml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/codegener/intel/Util.ml b/tools/codegener/intel/Util.ml
+index 9629e54..f5f9afc 100644
+--- a/tools/codegener/intel/Util.ml
+++ b/tools/codegener/intel/Util.ml
+@@ -62,7 +62,7 @@ let dedup_list lst =
+ let usage (progname: string) =
+   eprintf "usage: %s [options] <file> ...\n" progname;
+   eprintf "\n[options]\n\
+---search-path <path>  Specify the search path of EDL files\n\
+--search-path <path>  Specify the search path of the dependent files of the EDL files\n\
+ --use-prefix          Prefix untrusted proxy with Enclave name\n\
+ --header-only         Only generate header files\n\
+ --untrusted           Generate untrusted proxy and bridge\n\
+-- 
+2.27.0
+
--- a/0012-parse-new-error-code-and-del-redundant-print.patch
+++ b/0012-parse-new-error-code-and-del-redundant-print.patch
@ -0,0 +1,62 @@
+From c11313e25c077743ec9fb88d4463a18370dcb881 Mon Sep 17 00:00:00 2001
+From: zgzxx <zhangguangzhi3@huawei.com>
+Date: Thu, 11 Mar 2021 10:46:05 +0800
+Subject: [PATCH 4/6] parse new error code and del redundant print
+
+---
+ inc/host_inc/status.h           | 2 +-
+ src/host_src/enclave_internal.c | 2 +-
+ src/host_src/sgx/sgx_enclave.c  | 4 +++-
+ 3 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h
+index 84c092a..1d18d2e 100644
+--- a/inc/host_inc/status.h
+++ b/inc/host_inc/status.h
+@@ -56,7 +56,7 @@ typedef enum _enclave_result_t
+     CC_ERROR_INVALID_ISVSVN,         /* The isv svn is greater than the enclave's isv svn */
+     CC_ERROR_INVALID_KEYNAME,        /* The key name is an unsupported value */  
+     CC_ERROR_AE_INVALID_EPIDBLOB,    /* Indicates epid blob verification error */
+-    CC_ERROR_SERVICE_INVALID_PRIVILEGE,  /* Enclave has no privilege to get launch token */
+    CC_ERROR_SERVICE_INVALID_PRIVILEGE,  /* Enclave not authorized to run */
+     CC_ERROR_EPID_MEMBER_REVOKED,        /* The EPID group membership is revoked */
+     CC_ERROR_UPDATE_NEEDED,          /* SDK need to be update*/
+     CC_ERROR_MC_NOT_FOUND,           /* The Monotonic Counter doesn't exist or has been invalided */
+diff --git a/src/host_src/enclave_internal.c b/src/host_src/enclave_internal.c
+index 9a172bd..962fc07 100644
+--- a/src/host_src/enclave_internal.c
+++ b/src/host_src/enclave_internal.c
+@@ -64,7 +64,7 @@ static err2str g_secgearerror [] =
+     {CC_ERROR_INVALID_ISVSVN,             "The isv svn is greater than the enclave's isv svn."},
+     {CC_ERROR_INVALID_KEYNAME,            "The key name is an unsupported value."},
+     {CC_ERROR_AE_INVALID_EPIDBLOB,        "Indicates epid blob verification error."},
+-    {CC_ERROR_SERVICE_INVALID_PRIVILEGE,  "Enclave has no privilege to get launch token."},
+    {CC_ERROR_SERVICE_INVALID_PRIVILEGE,  "Enclave not authorized to run."},
+     {CC_ERROR_EPID_MEMBER_REVOKED,        "The EPID group membership is revoked."},
+     {CC_ERROR_UPDATE_NEEDED,              "SDK need to be update."},
+     {CC_ERROR_MC_NOT_FOUND,               "The Monotonic Counter doesn't exist or has been invalided."},
+diff --git a/src/host_src/sgx/sgx_enclave.c b/src/host_src/sgx/sgx_enclave.c
+index b37c748..a40c408 100644
+--- a/src/host_src/sgx/sgx_enclave.c
+++ b/src/host_src/sgx/sgx_enclave.c
+@@ -59,6 +59,8 @@ cc_enclave_result_t conversion_res_status(uint32_t enclave_res, enclave_type_ver
+                 return CC_ERROR_OUT_OF_TCS;
+             case SGX_ERROR_ENCLAVE_CRASHED:
+                 return CC_ERROR_ENCLAVE_DEAD;
+            case SGX_ERROR_SERVICE_INVALID_PRIVILEGE:
+                return CC_ERROR_SERVICE_INVALID_PRIVILEGE;
+             default:
+                 return CC_ERROR_UNEXPECTED;
+         }
+@@ -131,7 +133,7 @@ cc_enclave_result_t _sgx_create(cc_enclave_t **enclave, const enclave_features_t
+                     NULL, &(l_context->edi), NULL);
+             if (sgx_res != SGX_SUCCESS) {
+                 res = conversion_res_status(sgx_res, (*enclave)->type);
+-                print_error_goto("Failed to create sgx enclave %s\n",cc_enclave_res2_str(res));
+                print_error_goto("Failed to create sgx enclave\n");
+             }
+             break;
+         case 1:
+-- 
+2.27.0
+
--- a/0013-fix-error-print.patch
+++ b/0013-fix-error-print.patch
@ -0,0 +1,25 @@
+From c9938ba0cf6b79b341efb18501827daea67c96ad Mon Sep 17 00:00:00 2001
+From: whzhe <wanghongzhe@huawei.com>
+Date: Thu, 11 Mar 2021 16:45:20 +0800
+Subject: [PATCH 5/6] fix error print
+
+---
+ tools/codegener/intel/Util.ml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/codegener/intel/Util.ml b/tools/codegener/intel/Util.ml
+index f5f9afc..a77637e 100644
+--- a/tools/codegener/intel/Util.ml
+++ b/tools/codegener/intel/Util.ml
+@@ -187,7 +187,7 @@ let get_file_path (fname: string) =
+     try
+       List.find Sys.file_exists fn_list
+     with
+-      Not_found -> failwithf "File not found within search paths: %s\n" fname
+      Not_found -> failwithf "File not found within search paths or search paths is permisson denied: %s\n" fname
+ 
+ (* Get the short name of the given file name.
+  * ------------------------------------------
+-- 
+2.27.0
+
--- a/0014-set-umask-in-sign_tool.sh.patch
+++ b/0014-set-umask-in-sign_tool.sh.patch
@ -0,0 +1,24 @@
+From c5b813e96262f2af0596d8c5e164aafcd64fb60c Mon Sep 17 00:00:00 2001
+From: yanlu <yanlu14@huawei.com>
+Date: Fri, 12 Mar 2021 11:42:11 +0800
+Subject: [PATCH 6/6] set umask in sign_tool.sh
+
+---
+ tools/sign_tool/sign_tool.sh | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
+index 9aaf663..8f2189c 100755
+--- a/tools/sign_tool/sign_tool.sh
+++ b/tools/sign_tool/sign_tool.sh
+@@ -265,6 +265,7 @@ if [ -z $OUT_FILE ]; then
+     echo "Error: missing out file"
+     exit -1
+ fi
+umask 0077
+ check_results=`uname -m`
+ if [ "${ENCLAVE_TYPE}"x == "sgx"x ]; then
+     if [ "${check_results}"x != "x86_64"x ]; then
+-- 
+2.27.0
+
--- a/secGear.spec
+++ b/secGear.spec
@ -1,6 +1,6 @@
 Name:		secGear
 Version:	0.1.0
-Release:	6%{?dist}
+Release:	7%{?dist}
 Summary:	secGear is an SDK to develop confidential computing apps based on hardware enclave features
 ExclusiveArch:	x86_64

@ -17,6 +17,12 @@ Patch4:		0005-delete-unnecessary-README.cn.md.patch
 Patch5:		0006-fix-issues-about-double-create-destory.patch
 Patch6:		0007-to-make-secGear-log-more-clear.patch
 Patch7:		0008-modify-path-error.patch
+Patch8:		0009-fix-sgxssl-edl.patch
+Patch9:		0010-update-docs-build_install.md.patch
+Patch10:	0011-modify-the-prompt-information.patch
+Patch11:	0012-parse-new-error-code-and-del-redundant-print.patch
+Patch12:	0013-fix-error-print.patch
+Patch13:	0014-set-umask-in-sign_tool.sh.patch

 BuildRequires:	gcc python3 automake autoconf libtool
 BUildRequires:	glibc glibc-devel
@ -109,6 +115,9 @@ rm %{buildroot}/home* -rf
 %endif

 %changelog
+* Mon Mar 15 2021 zhangguangzhi<zhangguangzhi3@huawei.com> - 0.1.0-7
+- DESC: backport patch
+
 * Wed Mar 10 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-6
 - DESC: change requires from linux-sgx-sdk to sgxsdk