update some bugfixs and adaptations from openeuler secGear

Signed-off-by: chenmaodong <chenmaodong@huawei.com>

0009-fix-cmake-error-of-missing-CMAKE_CXX_COMPILER.patch

@@ -0,0 +1,43 @@
+From ca6b3ab02bd3d1853a88d637b38daf45c737e15e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=E7=AB=A0=E6=9F=B3=E7=87=95?= <zhangliuyan@huawei.com>
+Date: Thu, 4 Mar 2021 11:16:05 +0800
+Subject: [PATCH 1/1] =?UTF-8?q?=E4=BF=AE=E6=94=B9cmake=E9=94=99=E8=AF=AF?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: root <root@localhost.localdomain>
+---
+ src/enclave_src/CMakeLists.txt | 2 +-
+ tools/codegener/CMakeLists.txt | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/enclave_src/CMakeLists.txt b/src/enclave_src/CMakeLists.txt
+index cb09b5c..66a36ea 100644
+--- a/src/enclave_src/CMakeLists.txt
++++ b/src/enclave_src/CMakeLists.txt
+@@ -8,7 +8,7 @@
+ # PURPOSE.
+ # See the Mulan PSL v2 for more details.
+ 
+-project(secgear_tee)
++project(secgear_tee C)
+ 
+ set(target_lib secgear_tee)
+ set(LIBRARY_INSTALL /lib64)
+diff --git a/tools/codegener/CMakeLists.txt b/tools/codegener/CMakeLists.txt
+index c5fd618..0f8b5af 100644
+--- a/tools/codegener/CMakeLists.txt
++++ b/tools/codegener/CMakeLists.txt
+@@ -10,7 +10,7 @@
+ 
+ include(ExternalProject)
+ 
+-project(CodeGen)
++project(CodeGen C)
+ 
+ find_program(DUNE dune)
+ 
+-- 
+2.27.0
+

0018-update-sign_tool.doc.patch

@@ -0,0 +1,50 @@
+From 8a586fc5fa249ced59ae495357c64baa7c6201f0 Mon Sep 17 00:00:00 2001
+From: yanlu <yanlu14@huawei.com>
+Date: Thu, 25 Mar 2021 15:27:32 +0800
+Subject: [PATCH 01/14] update sign_tool.doc
+
+---
+ docs/sign_tool.md | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/docs/sign_tool.md b/docs/sign_tool.md
+index 3a49d5b..26805bd 100644
+--- a/docs/sign_tool.md
++++ b/docs/sign_tool.md
+@@ -4,7 +4,7 @@ The sign_tool.sh helps to sign the enclave.
+ 
+ ## The sign_tool.sh
+ 
+-The sign_tool.sh uses the 'sgx_sign' tool in SGX SDK for signing the sgx enclave and the 'sign_too.py' for signing the trustzone enclave.
++The sign_tool.sh uses the 'sgx_sign' tool in SGX SDK for signing the sgx enclave and the 'sign_tool.py' for signing the trustzone enclave.
+ 
+ The tool supports the following two modes:
+ 
+@@ -13,21 +13,21 @@ The tool supports the following two modes:
+ 
+     For example:    
+ 
+-    `$ ./signtool.sh –d sign –x trustzone –i test.enclave -m manifest.txt –e device_pubkey.pem –o signed.enclave `
++    `$ ./sign_tool.sh –d sign –x trustzone –i test.enclave -m manifest.txt –e device_pubkey.pem –o signed.enclave `
+ 
+ 
+ - two-step method, it is used when the signature needs to be obtained from the signing organization or the private key is stored on another secure platform.  
+ 
+     For example:  
+     (1) generate the digest value.  
+-    `$ ./signtool.sh –d digest –x trustzone –i input -m manifest.txt –e device_pubkey.pem –o digest.data `
++    `$ ./sign_tool.sh –d digest –x trustzone –i input -m manifest.txt –e device_pubkey.pem –o digest.data `
+ 
+     For trustzone, temporary files KeyInfo.enc, rawData.enc, and rawDataHash.bin are generated in the current directory. And for sgx, a temporary file signdata is generated in the current directory. The temporary file is required when generating the signed enclave in step 3 and is deleted after the signed enclave is generated.  
+ 
+     (2) send the digest.data to the signing organization or platform and get the signature.  
+ 
+     (3) use the signature to generate the signed enclave.  
+-    `$ ./signtool.sh –d sign –x trustzone –i input -m manifest.txt –p pub.pem –e device_pubkey.pem –s signature –o signed.enclave `
++    `$ ./sign_tool.sh –d sign –x trustzone –i input -m manifest.txt –p pub.pem –e device_pubkey.pem –s signature –o signed.enclave `
+ 
+ ## sign_tool.sh parameter
+ 
+-- 
+2.27.0
+

0019-normalized-codegen-from-arm-and-x86.patch

@@ -0,0 +1,157 @@
+From 3b7651a53017e41726b80b24fc1757c06cf73ba7 Mon Sep 17 00:00:00 2001
+From: whzhe <wanghongzhe@huawei.com>
+Date: Mon, 12 Apr 2021 10:33:17 +0800
+Subject: [PATCH 02/14] normalized codegen from arm and x86
+
+---
+ README.en.md                       |  3 +--
+ README.md                          |  5 ++---
+ docs/codegener.md                  | 14 +++++---------
+ examples/helloworld/CMakeLists.txt |  3 +--
+ examples/seal_data/CMakeLists.txt  |  3 +--
+ tools/codegener/CMakeLists.txt     |  8 +-------
+ 6 files changed, 11 insertions(+), 25 deletions(-)
+
+diff --git a/README.en.md b/README.en.md
+index fa47d03..909358f 100644
+--- a/README.en.md
++++ b/README.en.md
+@@ -50,16 +50,15 @@ Then save as test.edl
+ 	set(EDL_FILE test.edl)
+ 	set(LOCAL_ROOT_PATH "$ENV{CC_SDK}")
+         set(SECGEAR_INSTALL_PATH /lib64/)
++	set(CODEGEN codegen)
+ 	if(CC_GP)
+ 		set(CODETYPE trustzone)
+-		set(CODEGEN codegen_arm64)
+ 		execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
+ 		string(REPLACE "\n" "" UUID ${UUID})
+ 		add_definitions(-DPATH="/data/${UUID}.sec")
+ 	endif()
+ 	if(CC_SGX)
+ 		set(CODETYPE sgx)
+-		set(CODEGEN codegen_x86_64)
+ 		add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
+ 	endif()
+ 	add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
+diff --git a/README.md b/README.md
+index 54c32e3..fafe3f9 100644
+--- a/README.md
++++ b/README.md
+@@ -42,16 +42,15 @@ SecGear则是面向计算产业的机密计算安全应用开发套件。旨在
+ 	set(EDL_FILE test.edl)
+ 	set(LOCAL_ROOT_PATH "$ENV{CC_SDK}")
+         set(SECGEAR_INSTALL_PATH /lib64/)
++	set(CODEGEN codegen)
+ 	if(CC_GP)
+ 		set(CODETYPE trustzone)
+-		set(CODEGEN codegen_arm64)
+ 		execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
+ 		string(REPLACE "\n" "" UUID ${UUID})
+ 		add_definitions(-DPATH="/data/${UUID}.sec")
+ 	endif()
+ 	if(CC_SGX)
+ 		set(CODETYPE sgx)
+-		set(CODEGEN codegen_x86_64)
+ 		add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
+ 	endif()
+ 	add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
+diff --git a/docs/codegener.md b/docs/codegener.md
+index cc20013..85fc6a0 100644
+--- a/docs/codegener.md
++++ b/docs/codegener.md
+@@ -1,19 +1,15 @@
+-# Getting started with the codegen_x86_64/codegen_arm64
++# Getting started with the codegen
+ 
+-The codegen_x86_64/codegen_arm64 helps to define these special functions through the `edl` files and assist user to using enclave.
++The codegen helps to define these special functions through the `edl` files and assist user to using enclave.
+ 
+-## The codegen_x86_64/codegen_arm64
++## The codegen
+ 
+-The codegen_x86_64/codegen_arm64 is based on the 'edger8r' tool in SGX SDK.
++The codegen is based on the 'edger8r' tool in SGX SDK.
+ - For example
+ ```
+ $ codegen_arm64 --trustzone test.edl 
+ ```
+-OR
+-```
+-$ codegen_x86_64 --sgx test.edl
+-```
+-**Note**: using the `codegen_x86_64/codegen_arm64 --help` to get more details.
++**Note**: using the `codegen --help` to get more details.
+ 
+ ## EDL format
+ - For SGX(x86) 
+diff --git a/examples/helloworld/CMakeLists.txt b/examples/helloworld/CMakeLists.txt
+index a758f1c..5da2a6b 100644
+--- a/examples/helloworld/CMakeLists.txt
++++ b/examples/helloworld/CMakeLists.txt
+@@ -16,10 +16,10 @@ set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+ 
+ #set edl name
+ set(EDL_FILE helloworld.edl)
++set(CODEGEN codegen)
+ 
+ if(CC_GP)
+     set(CODETYPE trustzone)
+-    set(CODEGEN codegen_arm64)
+     execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
+     string(REPLACE "\n" "" UUID ${UUID})
+     add_definitions(-DPATH="/data/${UUID}.sec")
+@@ -27,7 +27,6 @@ endif()
+ 
+ if(CC_SGX)
+     set(CODETYPE sgx)
+-    set(CODEGEN codegen_x86_64)
+     add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
+ endif()
+ 
+diff --git a/examples/seal_data/CMakeLists.txt b/examples/seal_data/CMakeLists.txt
+index 20e2fd5..503fe0d 100644
+--- a/examples/seal_data/CMakeLists.txt
++++ b/examples/seal_data/CMakeLists.txt
+@@ -17,10 +17,10 @@ set(CMAKE_C_STANDARD 99)
+ set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+ 
+ set(EDL_FILE seal_data.edl)
++set(CODEGEN codegen)
+ 
+ if(CC_GP)
+     set(CODETYPE trustzone)
+-    set(CODEGEN codegen_arm64)
+     execute_process(COMMAND uuidgen -r 
+ 	OUTPUT_VARIABLE UUID)
+     string(REPLACE "\n" "" UUID ${UUID})
+@@ -29,7 +29,6 @@ endif()
+ 
+ if(CC_SGX)
+     set(CODETYPE sgx)
+-    set(CODEGEN codegen_x86_64)
+     add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/seal_data.signed.so")
+ endif()
+ 
+diff --git a/tools/codegener/CMakeLists.txt b/tools/codegener/CMakeLists.txt
+index 0f8b5af..e52d894 100644
+--- a/tools/codegener/CMakeLists.txt
++++ b/tools/codegener/CMakeLists.txt
+@@ -18,13 +18,7 @@ if(NOT DUNE)
+ 	message(FATAL_ERROR "Please check your dune installation")
+ endif()
+ 
+-if(CC_SGX)
+-	set(code codegen_x86_64)
+-endif()
+-
+-if(CC_GP)
+-	set(code codegen_arm64)
+-endif()
++set(code codegen)
+ 
+ ExternalProject_Add(codegen
+ 		SOURCE_DIR ${LOCAL_ROOT_PATH}/tools/codegener
+-- 
+2.27.0
+

0020-rm-e-parameter-normalize-c-parameter.patch

@@ -1,75 +1,26 @@
-From ace83320ad722deae65672e9801b1e58c62f7a81 Mon Sep 17 00:00:00 2001
+From f7995d756490c966659976153630403ba9941c18 Mon Sep 17 00:00:00 2001
 From: yanlu <yanlu14@huawei.com>
-Date: Wed, 12 May 2021 10:44:12 +0800
-Subject: [PATCH] patch
+Date: Mon, 12 Apr 2021 11:17:16 +0800
+Subject: [PATCH 03/14] rm -e parameter, normalize -c parameter
 
 ---
- CMakeLists.txt                             |  2 +-
- README.en.md                               | 21 ++++--------
- README.md                                  | 15 +++------
- docs/build_install.md                      |  4 +++
- docs/codegener.md                          | 14 +++-----
- docs/sign_tool.md                          | 14 ++++----
- examples/helloworld/CMakeLists.txt         |  3 +-
- examples/helloworld/enclave/CMakeLists.txt |  6 ++--
- examples/helloworld/host/main.c            | 18 +++++++++-
- examples/seal_data/CMakeLists.txt          |  5 ++-
- examples/seal_data/enclave/CMakeLists.txt  |  7 ++--
- src/enclave_src/CMakeLists.txt             |  2 +-
- tools/codegener/CMakeLists.txt             | 10 ++----
- tools/sign_tool/sign_tool.sh               | 39 ++++++++--------------
- 14 files changed, 69 insertions(+), 91 deletions(-)
+ README.en.md                                  | 12 ++----
+ README.md                                     | 10 ++---
+ docs/sign_tool.md                             | 12 +++---
+ examples/helloworld/enclave/CMakeLists.txt    |  6 +--
+ examples/seal_data/enclave/CMakeLists.txt     |  7 +---
+ .../enclave/rsa_public_key_cloud.pem          | 11 ------
+ .../sign_tool}/rsa_public_key_cloud.pem       |  0
+ tools/sign_tool/sign_tool.sh                  | 39 +++++++------------
+ 8 files changed, 29 insertions(+), 68 deletions(-)
+ delete mode 100644 examples/seal_data/enclave/rsa_public_key_cloud.pem
+ rename {examples/helloworld/enclave => tools/sign_tool}/rsa_public_key_cloud.pem (100%)
 
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 98862a3..edb7d80 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -8,7 +8,7 @@
- # PURPOSE.
- # See the Mulan PSL v2 for more details.
- 
--cmake_minimum_required(VERSION 3.12 FATAL_ERROR)
-+cmake_minimum_required(VERSION 3.10 FATAL_ERROR)
- project(secGear C)
-  
- set(CMAKE_C_STANDARD 99)
 diff --git a/README.en.md b/README.en.md
-index fa47d03..aa8c4a8 100644
+index fa47d03..0acc4f8 100644
 --- a/README.en.md
 +++ b/README.en.md
-@@ -1,4 +1,4 @@
--<img src="docs/logo.png" alt="secGear" style="zoom:100%;" />
-+<img src="docs/logo.png" alt="secGear" style="zoom:100%;" />
- 
- secGear
- ============================
-@@ -43,23 +43,22 @@ Then save as test.edl
- 
- ### 2 Write the top-level CMakeLists.txt
- 
--	cmake_minimum_required(VERSION 3.12 FATAL_ERROR)
-+	cmake_minimum_required(VERSION 3.10 FATAL_ERROR)
- 	project(TEST  C)
- 	set(CMAKE_C_STANDARD 99)
- 	set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
- 	set(EDL_FILE test.edl)
- 	set(LOCAL_ROOT_PATH "$ENV{CC_SDK}")
-         set(SECGEAR_INSTALL_PATH /lib64/)
-+	set(CODEGEN codegen)
- 	if(CC_GP)
- 		set(CODETYPE trustzone)
--		set(CODEGEN codegen_arm64)
- 		execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
- 		string(REPLACE "\n" "" UUID ${UUID})
- 		add_definitions(-DPATH="/data/${UUID}.sec")
- 	endif()
- 	if(CC_SGX)
- 		set(CODETYPE sgx)
--		set(CODEGEN codegen_x86_64)
- 		add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
- 	endif()
- 	add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
-@@ -254,8 +253,6 @@ Set sign tool and the security side log printing level
+@@ -254,8 +254,6 @@ Set sign tool and the security side log printing level
  	if(CC_GP)
              #set signed output
              set(OUTPUT ${UUID}.sec)
@@ -78,7 +29,7 @@ index fa47d03..aa8c4a8 100644
  
              set(WHITE_LIST_0 /vendor/bin/helloworld)
              set(WHITE_LIST_1 /vendor/bin/secgear_test)
-@@ -270,8 +267,7 @@ Set sign tool and the security side log printing level
+@@ -270,8 +268,7 @@ Set sign tool and the security side log printing level
  
  WHITE_LIS_X sets the whitelist of itrustee, only the host binary of these paths can call this secure image,
  and up to 8 list paths can be configured. WHITE_LIST_OWNER set user, this user will be applied to all whitelist paths.
@@ -88,7 +39,7 @@ index fa47d03..aa8c4a8 100644
  generate auxiliary code.
  
  	if(CC_SGX)
-@@ -339,8 +335,8 @@ so -nostdinc -nodefaultlibs -nostdlib -nodefaultlibs compile link options was in
+@@ -339,8 +336,8 @@ so -nostdinc -nodefaultlibs -nostdlib -nodefaultlibs compile link options was in
  
  		add_custom_command(TARGET ${PREFIX}
  			POST_BUILD
@@ -99,7 +50,7 @@ index fa47d03..aa8c4a8 100644
  
  		install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT}
  			DESTINATION /data
-@@ -425,9 +421,6 @@ configuration file.  For details, please refer to the official development docum
+@@ -425,9 +422,6 @@ configuration file.  For details, please refer to the official development docum
  Write itrustee related configuration files
  The gpd.ta.appID in the manifest.txt.in file is the uuid configuration item, which is dynamically generated, 
  and the other configuration items can refer to the itrustee development document.
@@ -109,44 +60,11 @@ index fa47d03..aa8c4a8 100644
  	
  ### 5 build and install test
  
-@@ -509,5 +502,5 @@ secGear introduce the signing tool to sign the enclave.
- 
- Milestone
- ---------
--<img src="docs/milestone.png" alt="secGear" style="zoom:80%;" />
-+<img src="docs/milestone_en.png" alt="secGear" style="zoom:80%;" />
- 
 diff --git a/README.md b/README.md
-index 54c32e3..a90450b 100644
+index 54c32e3..77bebd6 100644
 --- a/README.md
 +++ b/README.md
-@@ -35,23 +35,22 @@ SecGear则是面向计算产业的机密计算安全应用开发套件。旨在
- 
- ### 2 编写最外层CMakeLists.txt文件
- 
--	cmake_minimum_required(VERSION 3.12 FATAL_ERROR)
-+	cmake_minimum_required(VERSION 3.10 FATAL_ERROR)
- 	project(TEST  C)
- 	set(CMAKE_C_STANDARD 99)
- 	set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
- 	set(EDL_FILE test.edl)
- 	set(LOCAL_ROOT_PATH "$ENV{CC_SDK}")
-         set(SECGEAR_INSTALL_PATH /lib64/)
-+	set(CODEGEN codegen)
- 	if(CC_GP)
- 		set(CODETYPE trustzone)
--		set(CODEGEN codegen_arm64)
- 		execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
- 		string(REPLACE "\n" "" UUID ${UUID})
- 		add_definitions(-DPATH="/data/${UUID}.sec")
- 	endif()
- 	if(CC_SGX)
- 		set(CODETYPE sgx)
--		set(CODEGEN codegen_x86_64)
- 		add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
- 	endif()
- 	add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
-@@ -236,8 +235,6 @@ test_t.h：该头文件为自动生成代码工具codegen通过edl文件生成
+@@ -236,8 +236,6 @@ test_t.h：该头文件为自动生成代码工具codegen通过edl文件生成
  	if(CC_GP)
              #set signed output
              set(OUTPUT ${UUID}.sec)
@@ -155,7 +73,7 @@ index 54c32e3..a90450b 100644
  
              set(WHITE_LIST_0 /vendor/bin/helloworld)
              set(WHITE_LIST_1 /vendor/bin/secgear_test)
-@@ -252,7 +249,6 @@ test_t.h：该头文件为自动生成代码工具codegen通过edl文件生成
+@@ -252,7 +250,6 @@ test_t.h：该头文件为自动生成代码工具codegen通过edl文件生成
  
  WHITE_LIST_x：为设置iTrustee的二进制白名单，只有这里定义的白名单，在非安全侧的二进制才可以调用安全侧的动态库。上限为8个。
  WHITE_LIST_OWNER：为设置运行二进制的用户，只有该用户才可以调用安全侧动态库。
@@ -163,7 +81,7 @@ index 54c32e3..a90450b 100644
  AUTO_FILES：由edl文件生成的安全侧二进制文件
  
          if(CC_SGX)
-@@ -319,8 +315,8 @@ AUTO_FILES：由edl文件生成的安全侧二进制文件
+@@ -319,8 +316,8 @@ AUTO_FILES：由edl文件生成的安全侧二进制文件
  
  		add_custom_command(TARGET ${PREFIX}
  			POST_BUILD
@@ -174,7 +92,7 @@ index 54c32e3..a90450b 100644
  
  		install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT}
  			DESTINATION /data
-@@ -391,7 +387,6 @@ itrustee需要链接secgear_tee动态库，提供seal接口等。
+@@ -391,7 +388,6 @@ itrustee需要链接secgear_tee动态库，提供seal接口等。
  编写itrustee enclave相关配置文件
  mainfest.txt.in:其中gpd.ta.appID 为动态生成uuid。其他配置参见itrustee开发文档。
  
@@ -182,75 +100,15 @@ index 54c32e3..a90450b 100644
  
  #### 5 构建 安装
  
-@@ -451,4 +446,4 @@ secGear引入EDL(Enclave Description Language)和中间代码辅助生成工具c
- 
- 里程碑
- ---------
--<img src="docs/milestone.png" alt="secGear" style="zoom:80%;" />
-\ No newline at end of file
-+<img src="docs/milestone.png" alt="secGear" style="zoom:80%;" />
-diff --git a/docs/build_install.md b/docs/build_install.md
-index 482e8c2..760ceaa 100644
---- a/docs/build_install.md
-+++ b/docs/build_install.md
-@@ -13,6 +13,10 @@ openEuler x86
- 3. source environment && mkdir debug && cd debug 
-    && cmake -DCMAKE_BUILD_TYPE=Debug -DCC_SGX=ON -DSGXSDK="sgx_sdk path" .. &&  make && sudo make install
- 
-+4. To run example tls_enclave, refer to https://gitee.com/src-openeuler/intel-sgx-ssl 
-+   download and install intel-sgx-ssl firstly.
-+   source environment && mkdir debug && cd debug && cmake -DCMAKE_BUILD_TYPE=Debug -DCC_SGX=ON -DSGXSDK="sgx_sdk path"
-+   && -DENCLAVE_SSL="sgxssl path" .. &&  make && sudo make install
-    
- openEuler arm
- 
-diff --git a/docs/codegener.md b/docs/codegener.md
-index cc20013..85fc6a0 100644
---- a/docs/codegener.md
-+++ b/docs/codegener.md
-@@ -1,19 +1,15 @@
--# Getting started with the codegen_x86_64/codegen_arm64
-+# Getting started with the codegen
- 
--The codegen_x86_64/codegen_arm64 helps to define these special functions through the `edl` files and assist user to using enclave.
-+The codegen helps to define these special functions through the `edl` files and assist user to using enclave.
- 
--## The codegen_x86_64/codegen_arm64
-+## The codegen
- 
--The codegen_x86_64/codegen_arm64 is based on the 'edger8r' tool in SGX SDK.
-+The codegen is based on the 'edger8r' tool in SGX SDK.
- - For example
- ```
- $ codegen_arm64 --trustzone test.edl 
- ```
--OR
--```
--$ codegen_x86_64 --sgx test.edl
--```
--**Note**: using the `codegen_x86_64/codegen_arm64 --help` to get more details.
-+**Note**: using the `codegen --help` to get more details.
- 
- ## EDL format
- - For SGX(x86) 
 diff --git a/docs/sign_tool.md b/docs/sign_tool.md
-index 3a49d5b..ccaa2e6 100644
+index 26805bd..ccaa2e6 100644
 --- a/docs/sign_tool.md
 +++ b/docs/sign_tool.md
-@@ -4,7 +4,7 @@ The sign_tool.sh helps to sign the enclave.
- 
- ## The sign_tool.sh
- 
--The sign_tool.sh uses the 'sgx_sign' tool in SGX SDK for signing the sgx enclave and the 'sign_too.py' for signing the trustzone enclave.
-+The sign_tool.sh uses the 'sgx_sign' tool in SGX SDK for signing the sgx enclave and the 'sign_tool.py' for signing the trustzone enclave.
- 
- The tool supports the following two modes:
- 
 @@ -13,36 +13,34 @@ The tool supports the following two modes:
  
      For example:    
  
--    `$ ./signtool.sh –d sign –x trustzone –i test.enclave -m manifest.txt –e device_pubkey.pem –o signed.enclave `
+-    `$ ./sign_tool.sh –d sign –x trustzone –i test.enclave -m manifest.txt –e device_pubkey.pem –o signed.enclave `
 +    `$ ./sign_tool.sh –d sign –x trustzone –i test.enclave -c manifest.txt –o signed.enclave `
  
  
@@ -258,7 +116,7 @@ index 3a49d5b..ccaa2e6 100644
  
      For example:  
      (1) generate the digest value.  
--    `$ ./signtool.sh –d digest –x trustzone –i input -m manifest.txt –e device_pubkey.pem –o digest.data `
+-    `$ ./sign_tool.sh –d digest –x trustzone –i input -m manifest.txt –e device_pubkey.pem –o digest.data `
 +    `$ ./sign_tool.sh –d digest –x trustzone –i input -c manifest.txt –o digest.data `
  
      For trustzone, temporary files KeyInfo.enc, rawData.enc, and rawDataHash.bin are generated in the current directory. And for sgx, a temporary file signdata is generated in the current directory. The temporary file is required when generating the signed enclave in step 3 and is deleted after the signed enclave is generated.  
@@ -266,7 +124,7 @@ index 3a49d5b..ccaa2e6 100644
      (2) send the digest.data to the signing organization or platform and get the signature.  
  
      (3) use the signature to generate the signed enclave.  
--    `$ ./signtool.sh –d sign –x trustzone –i input -m manifest.txt –p pub.pem –e device_pubkey.pem –s signature –o signed.enclave `
+-    `$ ./sign_tool.sh –d sign –x trustzone –i input -m manifest.txt –p pub.pem –e device_pubkey.pem –s signature –o signed.enclave `
 +    `$ ./sign_tool.sh –d sign –x trustzone –i input -c manifest.txt –p pub.pem –s signature –o signed.enclave `
  
  ## sign_tool.sh parameter
@@ -288,30 +146,6 @@ index 3a49d5b..ccaa2e6 100644
      -o <file>       output parameters, the sign command outputs sigend enclave, the digest command outputs digest value.
      -p <file>       signing server public key certificate, required for two-step method.
      -s <file>       the signed digest value required for two-step method, this parameter is empty to indicate single-step method.
-diff --git a/examples/helloworld/CMakeLists.txt b/examples/helloworld/CMakeLists.txt
-index a758f1c..5da2a6b 100644
---- a/examples/helloworld/CMakeLists.txt
-+++ b/examples/helloworld/CMakeLists.txt
-@@ -16,10 +16,10 @@ set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
- 
- #set edl name
- set(EDL_FILE helloworld.edl)
-+set(CODEGEN codegen)
- 
- if(CC_GP)
-     set(CODETYPE trustzone)
--    set(CODEGEN codegen_arm64)
-     execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
-     string(REPLACE "\n" "" UUID ${UUID})
-     add_definitions(-DPATH="/data/${UUID}.sec")
-@@ -27,7 +27,6 @@ endif()
- 
- if(CC_SGX)
-     set(CODETYPE sgx)
--    set(CODEGEN codegen_x86_64)
-     add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
- endif()
- 
 diff --git a/examples/helloworld/enclave/CMakeLists.txt b/examples/helloworld/enclave/CMakeLists.txt
 index c1638f8..0aefdae 100644
 --- a/examples/helloworld/enclave/CMakeLists.txt
@@ -336,75 +170,6 @@ index c1638f8..0aefdae 100644
  
      install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}  
          DESTINATION /data
-diff --git a/examples/helloworld/host/main.c b/examples/helloworld/host/main.c
-index e4c4ec4..51993ce 100644
---- a/examples/helloworld/host/main.c
-+++ b/examples/helloworld/host/main.c
-@@ -11,6 +11,8 @@
-  */
- 
- #include <stdio.h>
-+#include <unistd.h>
-+#include <linux/limits.h>
- #include "enclave.h"
- #include "helloworld_u.h"
- 
-@@ -26,7 +28,21 @@ int main()
- 
-     printf("Create secgear enclave\n");
- 
--    res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
-+    char real_p[PATH_MAX];
-+    /* check file exists, if not exist then use absolute path */
-+    if (realpath(path, real_p) == NULL) {
-+	    if (getcwd(real_p, sizeof(real_p)) == NULL) {
-+		    printf("Cannot find enclave.sign.so");
-+		    return -1;
-+	    }
-+	    if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) {
-+		    printf("Failed to strcat enclave.sign.so path");
-+		    return -1;
-+	    }
-+	    (void)strcat(real_p, "/enclave.signed.so");
-+    }
-+
-+    res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
-     if (res != CC_SUCCESS) {
-         printf("Create enclave error\n");
-         return res;
-diff --git a/examples/seal_data/CMakeLists.txt b/examples/seal_data/CMakeLists.txt
-index 20e2fd5..3577301 100644
---- a/examples/seal_data/CMakeLists.txt
-+++ b/examples/seal_data/CMakeLists.txt
-@@ -8,7 +8,7 @@
- # PURPOSE.
- # See the Mulan PSL v2 for more details.
- 
--cmake_minimum_required(VERSION 3.12)
-+cmake_minimum_required(VERSION 3.10)
- 
- project(SealData C)
- 
-@@ -17,10 +17,10 @@ set(CMAKE_C_STANDARD 99)
- set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
- 
- set(EDL_FILE seal_data.edl)
-+set(CODEGEN codegen)
- 
- if(CC_GP)
-     set(CODETYPE trustzone)
--    set(CODEGEN codegen_arm64)
-     execute_process(COMMAND uuidgen -r 
- 	OUTPUT_VARIABLE UUID)
-     string(REPLACE "\n" "" UUID ${UUID})
-@@ -29,7 +29,6 @@ endif()
- 
- if(CC_SGX)
-     set(CODETYPE sgx)
--    set(CODEGEN codegen_x86_64)
-     add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/seal_data.signed.so")
- endif()
- 
 diff --git a/examples/seal_data/enclave/CMakeLists.txt b/examples/seal_data/enclave/CMakeLists.txt
 index 20851bd..0ddcbd5 100644
 --- a/examples/seal_data/enclave/CMakeLists.txt
@@ -430,47 +195,27 @@ index 20851bd..0ddcbd5 100644
  
      install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} 
          DESTINATION /data
-diff --git a/src/enclave_src/CMakeLists.txt b/src/enclave_src/CMakeLists.txt
-index cb09b5c..66a36ea 100644
---- a/src/enclave_src/CMakeLists.txt
-+++ b/src/enclave_src/CMakeLists.txt
-@@ -8,7 +8,7 @@
- # PURPOSE.
- # See the Mulan PSL v2 for more details.
- 
--project(secgear_tee)
-+project(secgear_tee C)
- 
- set(target_lib secgear_tee)
- set(LIBRARY_INSTALL /lib64)
-diff --git a/tools/codegener/CMakeLists.txt b/tools/codegener/CMakeLists.txt
-index c5fd618..e52d894 100644
---- a/tools/codegener/CMakeLists.txt
-+++ b/tools/codegener/CMakeLists.txt
-@@ -10,7 +10,7 @@
- 
- include(ExternalProject)
- 
--project(CodeGen)
-+project(CodeGen C)
- 
- find_program(DUNE dune)
- 
-@@ -18,13 +18,7 @@ if(NOT DUNE)
- 	message(FATAL_ERROR "Please check your dune installation")
- endif()
- 
--if(CC_SGX)
--	set(code codegen_x86_64)
--endif()
--
--if(CC_GP)
--	set(code codegen_arm64)
--endif()
-+set(code codegen)
- 
- ExternalProject_Add(codegen
- 		SOURCE_DIR ${LOCAL_ROOT_PATH}/tools/codegener
+diff --git a/examples/seal_data/enclave/rsa_public_key_cloud.pem b/examples/seal_data/enclave/rsa_public_key_cloud.pem
+deleted file mode 100644
+index a321f63..0000000
+--- a/examples/seal_data/enclave/rsa_public_key_cloud.pem
++++ /dev/null
+@@ -1,11 +0,0 @@
+------BEGIN PUBLIC KEY-----
+-MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzAPwbnbgBg7JgXERA9Bx
+-p7GLI1S3e1zL83RMd2+GXb6kO4yMKUL3NUCE2HhA2BtQYmLyGovx59UUcKnU58is
+-Xux++kH+A2shmOPjYvEFuX0Kt8tc19b8M9b/iHsY8ZmKykqia2a5U+IrECRFJo5p
+-DWUnl7jrHVtq78BSR1c7iXG1frrEC0AYCuqKJo/fxfmOKL0Y9mENCB3nAwjn9unD
+-BsO/OhkqvvB3nkeuMfNKPh4wCqtQPve13eTojbuxjX/3ePijplTI5X2Gr+n6Ximn
+-fYRlytQmMgMl/db0ARSKNApq9bmwzVNrnGWWZWJksdRvf6iL7t17Gs4L9AApOuC9
+-WkzxPvwp5ZUqjsGd4oJGWeC6ZE6BTw2vxE+xMFI9uAKHxq9pBKkcGMa0g4fANNNV
+-+W+8JZGanxEXKB3y/M7BCyQAPCWOHC/RNjmRA1gczLYCPzC4pWu935UZdF1RR6zY
+-CD3t+FoOGGET/g4CwWgyhb5qkp65Hs6ayYt/DUAqo+yBAgMBAAE=
+------END PUBLIC KEY-----
+diff --git a/examples/helloworld/enclave/rsa_public_key_cloud.pem b/tools/sign_tool/rsa_public_key_cloud.pem
+similarity index 100%
+rename from examples/helloworld/enclave/rsa_public_key_cloud.pem
+rename to tools/sign_tool/rsa_public_key_cloud.pem
 diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
 index 8f2189c..212db5d 100755
 --- a/tools/sign_tool/sign_tool.sh

0021-example-use-absolute-path-to-find-enclave.sign.so.patch

@@ -0,0 +1,49 @@
+From 19d48667d6220aaa150f052e66a1847e3ba8f8d4 Mon Sep 17 00:00:00 2001
+From: Li Feng <lifeng68@huawei.com>
+Date: Tue, 13 Apr 2021 06:40:43 +0000
+Subject: [PATCH 04/14] example: use absolute path to find enclave.sign.so
+
+Signed-off-by: Li Feng <lifeng68@huawei.com>
+---
+ examples/helloworld/host/main.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/examples/helloworld/host/main.c b/examples/helloworld/host/main.c
+index e4c4ec4..51993ce 100644
+--- a/examples/helloworld/host/main.c
++++ b/examples/helloworld/host/main.c
+@@ -11,6 +11,8 @@
+  */
+ 
+ #include <stdio.h>
++#include <unistd.h>
++#include <linux/limits.h>
+ #include "enclave.h"
+ #include "helloworld_u.h"
+ 
+@@ -26,7 +28,21 @@ int main()
+ 
+     printf("Create secgear enclave\n");
+ 
+-    res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
++    char real_p[PATH_MAX];
++    /* check file exists, if not exist then use absolute path */
++    if (realpath(path, real_p) == NULL) {
++	    if (getcwd(real_p, sizeof(real_p)) == NULL) {
++		    printf("Cannot find enclave.sign.so");
++		    return -1;
++	    }
++	    if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) {
++		    printf("Failed to strcat enclave.sign.so path");
++		    return -1;
++	    }
++	    (void)strcat(real_p, "/enclave.signed.so");
++    }
++
++    res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
+     if (res != CC_SUCCESS) {
+         printf("Create enclave error\n");
+         return res;
+-- 
+2.27.0
+

0022-add-example-of-using-sgxssl-lib.patch

@@ -0,0 +1,942 @@
+From 607634479a08e5150482990343c19e2e45efc583 Mon Sep 17 00:00:00 2001
+From: yanlu <yanlu14@huawei.com>
+Date: Fri, 19 Feb 2021 11:09:51 +0800
+Subject: [PATCH 05/14] add example of using sgxssl lib
+
+---
+ CMakeLists.txt                                |   1 +
+ docs/build_install.md                         |   4 +
+ examples/tls_enclave/CMakeLists.txt           |  30 +++
+ examples/tls_enclave/client/CMakeLists.txt    |  38 +++
+ examples/tls_enclave/client/tls_client.c      | 100 +++++++
+ examples/tls_enclave/enclave/CMakeLists.txt   |  96 +++++++
+ .../tls_enclave/enclave/Enclave.config.xml    |  12 +
+ examples/tls_enclave/enclave/Enclave.lds      |  11 +
+ examples/tls_enclave/enclave/enclave_server.c | 249 ++++++++++++++++++
+ examples/tls_enclave/host/CMakeLists.txt      |  56 ++++
+ examples/tls_enclave/host/main.c              | 179 +++++++++++++
+ examples/tls_enclave/tls_enclave.edl          |  26 ++
+ examples/tls_enclave/tls_enclave.md           |  17 ++
+ 13 files changed, 819 insertions(+)
+ create mode 100644 examples/tls_enclave/CMakeLists.txt
+ create mode 100644 examples/tls_enclave/client/CMakeLists.txt
+ create mode 100644 examples/tls_enclave/client/tls_client.c
+ create mode 100644 examples/tls_enclave/enclave/CMakeLists.txt
+ create mode 100644 examples/tls_enclave/enclave/Enclave.config.xml
+ create mode 100644 examples/tls_enclave/enclave/Enclave.lds
+ create mode 100644 examples/tls_enclave/enclave/enclave_server.c
+ create mode 100644 examples/tls_enclave/host/CMakeLists.txt
+ create mode 100644 examples/tls_enclave/host/main.c
+ create mode 100644 examples/tls_enclave/tls_enclave.edl
+ create mode 100644 examples/tls_enclave/tls_enclave.md
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 98862a3..1653287 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -57,6 +57,7 @@ endif()
+ if(CC_SGX)
+     add_subdirectory(${LOCAL_ROOT_PATH}/examples/helloworld)
+     add_subdirectory(${LOCAL_ROOT_PATH}/examples/seal_data)
++    add_subdirectory(${LOCAL_ROOT_PATH}/examples/tls_enclave)
+ endif()
+ 
+ install(FILES ${LOCAL_ROOT_PATH}/conf/logrotate.d/secgear
+diff --git a/docs/build_install.md b/docs/build_install.md
+index 9ba1adb..636df90 100644
+--- a/docs/build_install.md
++++ b/docs/build_install.md
+@@ -13,6 +13,10 @@ openEuler x86
+ 3. source environment && mkdir debug && cd debug 
+    && cmake -DCMAKE_BUILD_TYPE=Debug -DCC_SGX=ON -DSGXSDK="sgx_sdk path" .. &&  make && sudo make install
+ 
++4. To run example tls_enclave, refer to https://gitee.com/src-openeuler/intel-sgx-ssl 
++   download and install intel-sgx-ssl firstly.
++   source environment && mkdir debug && cd debug && cmake -DCMAKE_BUILD_TYPE=Debug -DCC_SGX=ON -DSGXSDK="sgx_sdk path"
++   && -DENCLAVE_SSL="sgxssl path" .. &&  make && sudo make install
+    
+ openEuler arm
+ 
+diff --git a/examples/tls_enclave/CMakeLists.txt b/examples/tls_enclave/CMakeLists.txt
+new file mode 100644
+index 0000000..5b1693a
+--- /dev/null
++++ b/examples/tls_enclave/CMakeLists.txt
+@@ -0,0 +1,30 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++# secGear is licensed under the Mulan PSL v2.
++# You can use this software according to the terms and conditions of the Mulan PSL v2.
++# You may obtain a copy of Mulan PSL v2 at:
++#     http://license.coscl.org.cn/MulanPSL2
++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# PURPOSE.
++# See the Mulan PSL v2 for more details.
++
++project(TlsEnclave  C)
++
++set(CMAKE_C_STANDARD 99)
++
++set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
++
++#set edl name
++set(EDL_FILE tls_enclave.edl)
++#set auto code prefix
++set(PREFIX tls_enclave)
++set(CODEGEN codegen)
++
++if(CC_SGX)
++    set(CODETYPE sgx)
++    add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
++endif()
++
++add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
++add_subdirectory(${CURRENT_ROOT_PATH}/host)
++add_subdirectory(${CURRENT_ROOT_PATH}/client)
+diff --git a/examples/tls_enclave/client/CMakeLists.txt b/examples/tls_enclave/client/CMakeLists.txt
+new file mode 100644
+index 0000000..a83b5e3
+--- /dev/null
++++ b/examples/tls_enclave/client/CMakeLists.txt
+@@ -0,0 +1,38 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++# secGear is licensed under the Mulan PSL v2.
++# You can use this software according to the terms and conditions of the Mulan PSL v2.
++# You may obtain a copy of Mulan PSL v2 at:
++#     http://license.coscl.org.cn/MulanPSL2
++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# PURPOSE.
++# See the Mulan PSL v2 for more details.
++
++set(OUTPUT tls_client)
++set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/tls_client.c)
++
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE")
++set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
++
++if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
++    link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
++endif()
++    
++add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
++
++if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
++    target_link_directories(${OUTPUT} PRIVATE 
++	    ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
++endif()
++
++target_link_libraries(${OUTPUT} ssl crypto)
++
++set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
++
++if(CC_SGX)
++	install(TARGETS  ${OUTPUT}
++        	RUNTIME
++        	DESTINATION ${CMAKE_BINARY_DIR}/bin/
++       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)  
++endif()
++	
+diff --git a/examples/tls_enclave/client/tls_client.c b/examples/tls_enclave/client/tls_client.c
+new file mode 100644
+index 0000000..e05425b
+--- /dev/null
++++ b/examples/tls_enclave/client/tls_client.c
+@@ -0,0 +1,100 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++ * secGear is licensed under the Mulan PSL v2.
++ * You can use this software according to the terms and conditions of the Mulan PSL v2.
++ * You may obtain a copy of Mulan PSL v2 at:
++ *     http://license.coscl.org.cn/MulanPSL2
++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++ * PURPOSE.
++ * See the Mulan PSL v2 for more details.
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <ctype.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <sys/socket.h>
++#include <arpa/inet.h>
++#include "openssl/evp.h"
++#include "openssl/x509.h"
++#include "openssl/pem.h"
++#include "openssl/ssl.h"
++
++#define BUF_LEN 1024
++
++int main(int argc, const char *argv[])
++{
++    struct sockaddr_in client_addr;
++    int fd = 0;
++    const SSL_METHOD *meth = NULL;
++    SSL_CTX *ctx = NULL;
++    SSL *ssl = NULL;
++    char buf[BUF_LEN] = {0};   
++    int ret = -1;
++    
++    if (argc != 3) {
++        printf("usage: %s port ca_file\n", argv[0]);
++        return -1;
++    }
++
++    SSL_load_error_strings();
++    SSLeay_add_ssl_algorithms();
++    meth = TLS_method();
++    if (meth == NULL) {
++        return -1;
++    }
++    ctx = SSL_CTX_new(meth);
++    if (ctx == NULL) {
++        return -1;
++    }
++    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
++    if (SSL_CTX_load_verify_locations(ctx, argv[2], NULL) <= 0) {
++        goto end;
++    }
++    memset(&client_addr, 0, sizeof(client_addr));
++    client_addr.sin_family = AF_INET;
++    client_addr.sin_port = htons(atoi(argv[1]));
++    client_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
++    fd = socket(AF_INET, SOCK_STREAM, 0);
++    if (fd < 0) {
++        goto end;
++    } 
++    ret = connect(fd, (struct sockaddr *)&client_addr, sizeof(client_addr));
++    if (ret < 0) {
++        goto end;
++    }
++    ssl = SSL_new(ctx);
++    if (ssl == NULL) {
++        goto end;
++    }
++    SSL_set_fd(ssl, fd);
++    if (SSL_connect(ssl) <= 0) {
++        goto end;
++    }
++    if (SSL_write(ssl, "hello enclave!", sizeof("hello enclave!")) <= 0) {
++        goto end;
++    }
++    printf("send data: %s\n", "hello enclave!");
++    if (SSL_read(ssl, buf, BUF_LEN - 1) <= 0) {
++        goto end;
++    }
++    printf("receive data: %s\n", buf);
++    ret = 0;
++
++end:
++    if (ssl != NULL) {
++        SSL_shutdown(ssl);
++        SSL_free(ssl);
++    }
++    if (ctx != NULL) {
++        SSL_CTX_free(ctx);
++    }
++    if (fd > 0) {
++        close(fd);
++    }
++    return ret;
++}
+diff --git a/examples/tls_enclave/enclave/CMakeLists.txt b/examples/tls_enclave/enclave/CMakeLists.txt
+new file mode 100644
+index 0000000..5002e1b
+--- /dev/null
++++ b/examples/tls_enclave/enclave/CMakeLists.txt
+@@ -0,0 +1,96 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++# secGear is licensed under the Mulan PSL v2.
++# You can use this software according to the terms and conditions of the Mulan PSL v2.
++# You may obtain a copy of Mulan PSL v2 at:
++#     http://license.coscl.org.cn/MulanPSL2
++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# PURPOSE.
++# See the Mulan PSL v2 for more details.
++
++#set sign key
++set(PEM Enclave_private.pem)
++
++#set sign tool
++set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh)
++
++#set enclave src code
++set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/enclave_server.c)
++
++#set log level
++set(PRINT_LEVEL 3)
++add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL})
++
++if(NOT IS_DIRECTORY ${ENCLAVE_SSL})
++    message(FATAL_ERROR "Please provide the correct ENCLAVE_SSL path")
++endif()
++
++if(CC_SGX)
++    #set signed output
++    set(OUTPUT enclave.signed.so)
++    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c)
++    add_custom_command(OUTPUT ${AUTO_FILES}
++    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
++    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SGXSDK}/include --search-path ${ENCLAVE_SSL}/include)
++endif()
++
++set(COMMON_C_FLAGS "-W -Wall -Werror  -fno-short-enums  -fno-omit-frame-pointer -fstack-protector \
++	-Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \
++	-fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \
++	-Wno-error=unused-but-set-variable -Wno-error=format-truncation=")
++
++set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles")
++    
++if(CC_SGX)
++    set(SGX_MODE HW)
++    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden -include${ENCLAVE_SSL}/include/tsgxsslio.h")
++    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
++
++    if(${SGX_MODE} STREQUAL HW)
++        set(Trts_Library_Name sgx_trts)
++        set(Service_Library_Name sgx_tservice)
++    else()
++        set(Trts_Library_Name sgx_trts_sim)
++        set(Service_Library_Name sgx_tservice_sim)
++    endif()
++
++    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \
++	-Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds")
++
++    if(${CMAKE_VERSION} VERSION_LESS "3.13.0") 
++	link_directories(${ENCLAVE_SSL}/lib64
++           ${SGXSDK}/lib64
++           ${CMAKE_BINARY_DIR}/lib)
++    endif()
++
++    add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES})
++
++    target_include_directories(${PREFIX} PRIVATE
++	    ${CMAKE_CURRENT_BINARY_DIR}
++	    ${SGXSDK}/include/tlibc
++	    ${SGXSDK}/include/libcxx
++	    ${SGXSDK}/include
++	    ${ENCLAVE_SSL}/include
++	    ${LOCAL_ROOT_PATH}/inc/host_inc
++	    ${LOCAL_ROOT_PATH}/inc/host_inc/sgx
++	    ${LOCAL_ROOT_PATH}/inc/enclave_inc
++	    ${LOCAL_ROOT_PATH}/inc/enclave_inc/sgx
++	    )
++    
++    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") 
++        target_link_directories(${PREFIX} PRIVATE
++	   ${ENCLAVE_SSL}/lib64
++	   ${SGXSDK}/lib64
++	   ${CMAKE_BINARY_DIR}/lib)
++    endif()
++
++    target_link_libraries(${PREFIX} -lsecgear_tee -Wl,--whole-archive ${Trts_Library_Name} -lsgx_tsgxssl -Wl,--no-whole-archive -Wl,--start-group -lsgx_tsgxssl_ssl -lsgx_tsgxssl_crypto -lsgx_tstdc -lsgx_tcxx -lsgx_tcrypto -lsgx_pthread -l${Service_Library_Name} -Wl,--end-group)
++ 
++    add_custom_command(TARGET ${PREFIX} 
++    POST_BUILD
++    COMMAND umask 0177
++    COMMAND openssl genrsa -3 -out ${PEM} 3072
++    COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml)
++endif()
++
++set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE)
+diff --git a/examples/tls_enclave/enclave/Enclave.config.xml b/examples/tls_enclave/enclave/Enclave.config.xml
+new file mode 100644
+index 0000000..e94c9bc
+--- /dev/null
++++ b/examples/tls_enclave/enclave/Enclave.config.xml
+@@ -0,0 +1,12 @@
++<EnclaveConfiguration>
++  <ProdID>0</ProdID>
++  <ISVSVN>0</ISVSVN>
++  <StackMaxSize>0x40000</StackMaxSize>
++  <HeapMaxSize>0x100000</HeapMaxSize>
++  <TCSNum>10</TCSNum>
++  <TCSPolicy>1</TCSPolicy>
++  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
++  <DisableDebug>0</DisableDebug>
++  <MiscSelect>0</MiscSelect>
++  <MiscMask>0xFFFFFFFF</MiscMask>
++</EnclaveConfiguration>
+diff --git a/examples/tls_enclave/enclave/Enclave.lds b/examples/tls_enclave/enclave/Enclave.lds
+new file mode 100644
+index 0000000..ab77e64
+--- /dev/null
++++ b/examples/tls_enclave/enclave/Enclave.lds
+@@ -0,0 +1,11 @@
++enclave.so
++{
++    global:
++        g_global_data_sim;
++        g_global_data;
++        enclave_entry;
++        g_peak_heap_used;
++    local:
++        *;
++};
++
+diff --git a/examples/tls_enclave/enclave/enclave_server.c b/examples/tls_enclave/enclave/enclave_server.c
+new file mode 100644
+index 0000000..848eb9c
+--- /dev/null
++++ b/examples/tls_enclave/enclave/enclave_server.c
+@@ -0,0 +1,249 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++ * secGear is licensed under the Mulan PSL v2.
++ * You can use this software according to the terms and conditions of the Mulan PSL v2.
++ * You may obtain a copy of Mulan PSL v2 at:
++ *     http://license.coscl.org.cn/MulanPSL2
++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++ * PURPOSE.
++ * See the Mulan PSL v2 for more details.
++ */
++
++#include <stdio.h>
++#include <string.h>
++#include <stdbool.h>
++#include <openssl/evp.h>
++#include <openssl/x509.h>
++#include <openssl/pem.h>
++#include <openssl/ssl.h>
++#include "tls_enclave_t.h"
++#include "status.h"
++#include "secgear_dataseal.h"
++
++#define BUF_SIZE 1024
++#define MAX_ENC_KEY_LEN 4096
++#define ADD_DATA_RAW "add mac text"
++
++size_t seal_key(const char *file_name, size_t file_name_len, char *password, size_t pw_len, 
++                char *enc_buf, size_t enc_buf_len)
++{
++    BIO *r_key = NULL;
++    BIO *r_prikey = NULL;
++    RSA *rsa_key = NULL;
++    uint8_t *buf = NULL;
++    uint32_t buf_len, sealed_data_len;
++    int res = 0;
++    int retval = CC_FAIL;
++
++    if (file_name == NULL || file_name_len == 0 || password == NULL || pw_len == 0 || enc_buf == NULL) {
++        return 0;
++    }
++    r_key = BIO_new_file(file_name, "r");
++    if (r_key == NULL) {
++        goto end;
++    };
++    rsa_key = PEM_read_bio_RSAPrivateKey(r_key, NULL, NULL, password);
++    if (rsa_key == NULL) {
++        goto end;
++    };
++    r_prikey = BIO_new(BIO_s_mem());
++    if (r_prikey == NULL) {
++        goto end;
++    }
++    if (!PEM_write_bio_RSAPrivateKey(r_prikey, rsa_key, NULL, NULL, 0, NULL, NULL)) {
++        goto end;
++    }
++    buf_len = BIO_ctrl_pending(r_prikey);
++    if (buf_len == 0) {
++        goto end;
++    }
++    buf = (uint8_t *)malloc(buf_len);
++    if (buf == NULL) {
++        goto end;
++    }
++    if ((size_t)BIO_read(r_prikey, buf, buf_len) != buf_len) {
++        goto end;
++    }
++    sealed_data_len = cc_enclave_get_sealed_data_size(buf_len, strlen((const char *)ADD_DATA_RAW));
++    if (sealed_data_len == UINT32_MAX || enc_buf_len < sealed_data_len) {
++        goto end;
++    }
++    retval = cc_enclave_seal_data((uint8_t *)buf, buf_len, (cc_enclave_sealed_data_t *)enc_buf, enc_buf_len, 
++                                  (uint8_t*)ADD_DATA_RAW, strlen((const char*)ADD_DATA_RAW));
++    if (retval != CC_SUCCESS) {
++        goto end;
++    }
++    res = sealed_data_len;
++
++end:
++    BIO_free(r_key);
++    BIO_free(r_prikey);
++    RSA_free(rsa_key);
++    if (buf != NULL) {
++        memset(buf, 0, buf_len);
++        free(buf);
++    };
++    memset(password, 0, pw_len);
++    return res;
++}
++
++int unseal_enc_data(char **data_p, size_t *data_len_p, const char *enc_data)
++{
++    char *add_data = NULL;
++    char *data = NULL;
++    size_t add_len = 0;
++    size_t data_len = 0;
++    int retval = CC_FAIL;
++    
++    add_len = cc_enclave_get_add_text_size((const cc_enclave_sealed_data_t *)enc_data);
++    data_len = cc_enclave_get_encrypted_text_size((const cc_enclave_sealed_data_t *)enc_data);
++    if (data_len == 0 || add_len != strlen((const char*)ADD_DATA_RAW)) {
++        return CC_FAIL;
++    }
++    data = malloc(data_len);
++    add_data = malloc(add_len);
++    if (data == NULL || add_data == NULL) {
++        goto end;
++    }
++    memset(data, 0, data_len);
++    retval = cc_enclave_unseal_data((cc_enclave_sealed_data_t *)enc_data, (uint8_t *)data, (uint32_t *)&data_len,
++                                    (uint8_t *)add_data, (uint32_t *)&add_len);
++    if (retval != CC_SUCCESS) {
++        goto end;
++    }
++    if (strncmp((const char *)add_data, (const char*)ADD_DATA_RAW, strlen((const char*)ADD_DATA_RAW)) != 0) {
++        retval = CC_FAIL;
++        goto end;
++    }
++    *data_p = data;
++    *data_len_p = data_len;
++    retval = CC_SUCCESS;
++
++end:
++    if (add_data != NULL) { 
++        memset(add_data, 0, add_len);
++        free(add_data);
++    }
++    if (retval != CC_SUCCESS && data != NULL) {
++        memset(data, 0, data_len);
++        free(data);
++    }
++    return retval;
++}
++
++int set_ctx_key(SSL_CTX *ctx, const char *enc_key_file_name)
++{
++    BIO *in_bio = NULL;
++    EVP_PKEY *pkey = NULL;
++    char *raw_key = NULL;
++    size_t raw_key_len = 0;
++    BIO *key_bio = NULL;
++    char *enc_key = NULL;
++    int retval = CC_FAIL;
++    int res = CC_FAIL;
++
++    key_bio = BIO_new_file(enc_key_file_name, "r");
++    if (key_bio == NULL) {
++        goto end;
++    };
++    enc_key = (char *)malloc(MAX_ENC_KEY_LEN);
++    if (enc_key == NULL) {
++        goto end;
++    }
++    if (BIO_read(key_bio, enc_key, MAX_ENC_KEY_LEN) <= 0) {
++        goto end;
++    }
++    res = unseal_enc_data(&raw_key, &raw_key_len, enc_key);
++    if (res != CC_SUCCESS || raw_key_len == 0) {
++        goto end;
++    }
++    in_bio = BIO_new_mem_buf(raw_key, raw_key_len);
++    if (in_bio == NULL) {
++        goto end;
++    }
++    pkey = PEM_read_bio_PrivateKey(in_bio, NULL, NULL, NULL);
++    if (pkey == NULL) {
++        goto end;
++    }
++    if (!SSL_CTX_use_PrivateKey(ctx, pkey)) {
++        goto end;
++    }
++    retval = CC_SUCCESS;
++
++end: 
++    EVP_PKEY_free(pkey);
++    BIO_free(in_bio);
++    BIO_free(key_bio);
++    if (enc_key != NULL) {
++        free(enc_key);
++    }
++    if (raw_key != NULL) {
++        memset(raw_key, 0, raw_key_len);
++        free(raw_key);
++    }
++    return retval;
++}
++
++int start_enclave_tls(int client_fd,const char *cert, size_t cert_len, const char *enc_key, size_t enc_key_len)
++{
++    char buf[BUF_SIZE] = {0};
++    const SSL_METHOD *meth = NULL;
++    SSL_CTX *ctx = NULL;
++    SSL *ssl = NULL;
++    int res = 0;
++    int retval = CC_FAIL;
++
++    if (client_fd <= 0 || cert == NULL || cert_len == 0 || enc_key == NULL || enc_key_len == 0) {
++        return CC_ERROR_BAD_PARAMETERS;
++    }
++    SSL_load_error_strings();
++    SSLeay_add_ssl_algorithms();
++    meth = TLS_method();
++    if (meth == NULL) {
++        return CC_FAIL;
++    }
++    ctx = SSL_CTX_new(meth);
++    if (ctx == NULL) {
++        return CC_FAIL;
++    }
++    if (SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM) <= 0) {
++        goto end;
++    }
++    if (set_ctx_key(ctx, enc_key) != CC_SUCCESS){
++        goto end;
++    }
++    if (!SSL_CTX_check_private_key(ctx)) {
++        goto end;
++    }
++    ssl = SSL_new(ctx);
++    if (ssl == NULL) {
++        goto end;
++    }
++    SSL_set_fd(ssl, client_fd);
++    if (SSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256") != 1) {
++        goto end;
++    }
++    if (SSL_accept(ssl) <= 0) {
++        goto end;
++    }
++    res = SSL_read(ssl, buf, BUF_SIZE -1); 
++    if (res <= 0) {
++        goto end;
++    }
++    if (SSL_write(ssl, buf, res) <= 0) {
++        goto end;
++    }
++    retval = CC_SUCCESS;
++
++end:
++    if (ssl != NULL) {
++        SSL_shutdown(ssl);
++        SSL_free(ssl);
++    }
++    if (ctx != NULL) {
++        SSL_CTX_free(ctx);
++    }
++    memset(buf, 0, BUF_SIZE);
++    return retval;
++}
+diff --git a/examples/tls_enclave/host/CMakeLists.txt b/examples/tls_enclave/host/CMakeLists.txt
+new file mode 100644
+index 0000000..2f4c8ac
+--- /dev/null
++++ b/examples/tls_enclave/host/CMakeLists.txt
+@@ -0,0 +1,56 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++# secGear is licensed under the Mulan PSL v2.
++# You can use this software according to the terms and conditions of the Mulan PSL v2.
++# You may obtain a copy of Mulan PSL v2 at:
++#     http://license.coscl.org.cn/MulanPSL2
++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# PURPOSE.
++# See the Mulan PSL v2 for more details.
++
++#set host exec name
++set(OUTPUT secgear_tls)
++#set host src code
++set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c)
++
++#set auto code
++if(CC_SGX)
++    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
++    add_custom_command(OUTPUT ${AUTO_FILES}
++    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
++    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx  --search-path ${SGXSDK}/include --search-path ${ENCLAVE_SSL}/include)
++endif()
++
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE")
++set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
++
++if(CC_SGX)
++    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
++        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY} ${SGXSSL}/lib64)
++    endif()
++    set(SGX_MODE HW)
++    if(${SGX_MODE} STREQUAL HW)
++        set(Urts_Library_Name sgx_urts)
++    else()
++        set(Urts_Library_Name sgx_urts_sim)
++    endif()
++    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
++    target_include_directories(${OUTPUT} PRIVATE
++			${LOCAL_ROOT_PATH}/inc/host_inc 
++			${LOCAL_ROOT_PATH}/inc/host_inc/sgx
++            ${CMAKE_CURRENT_BINARY_DIR})
++    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
++	    target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} ${ENCLAVE_SSL}/lib64)
++    endif()
++    target_link_libraries(${OUTPUT} secgear ${Urts_Library_Name} pthread ssl crypto sgx_usgxssl)
++endif()
++
++set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
++
++if(CC_SGX)
++	install(TARGETS  ${OUTPUT}
++        	RUNTIME
++        	DESTINATION ${CMAKE_BINARY_DIR}/bin/
++       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)  
++endif()
++	
+diff --git a/examples/tls_enclave/host/main.c b/examples/tls_enclave/host/main.c
+new file mode 100644
+index 0000000..4407e64
+--- /dev/null
++++ b/examples/tls_enclave/host/main.c
+@@ -0,0 +1,179 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++ * secGear is licensed under the Mulan PSL v2.
++ * You can use this software according to the terms and conditions of the Mulan PSL v2.
++ * You may obtain a copy of Mulan PSL v2 at:
++ *     http://license.coscl.org.cn/MulanPSL2
++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++ * PURPOSE.
++ * See the Mulan PSL v2 for more details.
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <ctype.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <sys/socket.h>
++#include <arpa/inet.h>
++#include <termios.h>
++#include "openssl/evp.h"
++#include "openssl/x509.h"
++#include "openssl/pem.h"
++#include "openssl/ssl.h"
++#include "tls_enclave_u.h"
++#include "enclave.h"
++
++#define BUF_LEN 1024
++#define MAX_LISTEN_FD 64
++#define PASS_MAX 32
++#define MAX_ENC_KEY_LEN 4096
++#define ENC_KEY_FILE_NAME "enc_key"
++
++int set_echo_mode(int fd, int option)
++{
++    struct termios term;
++    if (tcgetattr(fd, &term) != 0) {
++        return CC_FAIL;
++    }
++    if (option) {
++        term.c_lflag |= (ECHO | ECHOE | ECHOK | ECHONL);
++    } else {
++        term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
++    }
++    if (tcsetattr(fd, TCSAFLUSH, &term) != 0) {
++        return CC_FAIL;
++    }
++    return CC_SUCCESS;
++}
++
++int get_password_and_seal_key(cc_enclave_t *context, const char *key_file_name, const char *enc_key_file_name)
++{
++    int res = CC_FAIL;
++    size_t retval = 0;
++    size_t pw_len = 0;
++    char password[PASS_MAX] = {0};
++    char *enc_key = NULL;
++    FILE *fp = NULL;
++
++    printf("Please input password:\n");
++    if (set_echo_mode(STDIN_FILENO, 0)) {
++        return CC_FAIL;
++    }
++    if (fgets((char *)password, PASS_MAX, stdin) == NULL) {
++        return CC_FAIL;
++    }
++    pw_len = strlen((const char *)password);
++    if (password[pw_len - 1] == '\n') {
++        password[pw_len-1] = 0;
++        pw_len--;
++    }
++    if (set_echo_mode(STDIN_FILENO, 1)) {
++        goto end;
++    }
++    enc_key = malloc(MAX_ENC_KEY_LEN);
++    if (enc_key == NULL) {
++        goto end;
++    }
++    res = seal_key(context, &retval, key_file_name, strlen(key_file_name) + 1, password, pw_len + 1, 
++                   enc_key, MAX_ENC_KEY_LEN);
++    if (res != CC_SUCCESS || retval == 0) {
++        res = CC_FAIL;
++        goto end;
++    }
++    fp = fopen(enc_key_file_name, "w+");
++    if (fp == NULL) {
++        res = CC_FAIL;
++        goto end;
++    }
++    if (fwrite(enc_key, sizeof(char), retval, fp) != retval) {
++        fclose(fp);
++        res = CC_FAIL;
++        goto end;
++    }
++    fclose(fp);
++    if (remove(key_file_name) == 0) {
++        printf("delete origin key file success!\n");
++    } else {
++        printf("delete origin key file error!\n");
++        res = CC_FAIL;
++    }
++
++end:
++    memset(password, 0, pw_len);
++    return res;
++}
++
++int start_server(int port)
++{
++    int server_fd = socket(AF_INET, SOCK_STREAM, 0);
++    struct sockaddr_in serv_addr;
++    memset(&serv_addr, 0, sizeof(serv_addr));
++    serv_addr.sin_family = AF_INET;
++    serv_addr.sin_port = htons(port);
++    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
++    if (bind(server_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) {
++        return -1;
++    }
++    listen(server_fd, MAX_LISTEN_FD);
++    return server_fd;
++}
++
++int main(int argc, const char *argv[])
++{
++    char *path = PATH;
++    cc_enclave_t *context = NULL;
++    struct sockaddr_in client_addr;
++    socklen_t client_len;
++    int server_fd = -1;
++    int tlsc_fd = -1;
++    cc_enclave_result_t res = CC_FAIL;
++    int retval = 0;
++
++    if (argc != 4) {
++        printf("usage: %s port cert_file key_file\n", argv[0]);
++        return CC_FAIL;
++    }
++
++    server_fd = start_server(atoi(argv[1]));
++    if (server_fd < 0) {
++        return CC_FAIL;
++    } 
++    tlsc_fd = accept(server_fd, (struct sockaddr *)&client_addr, &client_len);
++    if (tlsc_fd < 0) {
++        return CC_FAIL;
++    }
++    printf("Create secgear enclave\n");
++    res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
++    if (res != CC_SUCCESS) {
++        printf("Create enclave error\n");
++        goto end;
++    }
++    res = get_password_and_seal_key(context, argv[3], ENC_KEY_FILE_NAME);
++    if (res !=  CC_SUCCESS) {
++        printf("get_password_and_seal_key error\n");
++        goto end;
++    }
++    res = start_enclave_tls(context, &retval, tlsc_fd, argv[2], strlen(argv[2]) + 1, ENC_KEY_FILE_NAME, 
++                            strlen(ENC_KEY_FILE_NAME) + 1);
++    if (res !=  CC_SUCCESS || retval !=  CC_SUCCESS) {
++        printf("start_enclave_tls error\n");			        
++        goto end;
++    }
++
++    printf("enclve tls finish\n");
++
++end:
++    if (context != NULL) {
++        res = cc_enclave_destroy(context);
++        if(res != CC_SUCCESS) {
++            printf("Destroy enclave error\n");
++        }
++    }
++    close(tlsc_fd);
++    close(server_fd);
++    return res;
++}
+diff --git a/examples/tls_enclave/tls_enclave.edl b/examples/tls_enclave/tls_enclave.edl
+new file mode 100644
+index 0000000..93e9a70
+--- /dev/null
++++ b/examples/tls_enclave/tls_enclave.edl
+@@ -0,0 +1,26 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++ * secGear is licensed under the Mulan PSL v2.
++ * You can use this software according to the terms and conditions of the Mulan PSL v2.
++ * You may obtain a copy of Mulan PSL v2 at:
++ *     http://license.coscl.org.cn/MulanPSL2
++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++ * PURPOSE.
++ * See the Mulan PSL v2 for more details.
++ */
++
++enclave {
++    include "stdbool.h"
++    include "secgear_urts.h"
++    from "secgear_tstdc.edl" import *; 
++    from "secgear_tssl.edl" import *;
++    trusted {
++        public size_t seal_key([in, size = file_name_len] const char *file_name, size_t file_name_len,
++                               [in, size = pw_len] char *password, size_t pw_len,
++                               [out, size = enc_buf_len] char *enc_buf, size_t enc_buf_len);
++        public int start_enclave_tls(int client_fd,
++                                 [in, size = cert_len] const char *cert, size_t cert_len,
++                                 [in, size = enc_key_len] const char *enc_key, size_t enc_key_len);
++    };
++};
+diff --git a/examples/tls_enclave/tls_enclave.md b/examples/tls_enclave/tls_enclave.md
+new file mode 100644
+index 0000000..e81d70c
+--- /dev/null
++++ b/examples/tls_enclave/tls_enclave.md
+@@ -0,0 +1,17 @@
++#Getting started with the tls_enclave example
++
++In the scenario where a user already has a certificate and private on the host side, the tls_enclve provides an example how to protect the private key and how to estabilish a TLS connection with enclave in Linux SGX environment. 
++
++1. Install secGear and intel-sgx-ssl(http://gitee.com/src-openEuler/intel-sgx-ssl).
++2. Enter the development directory ../secGear, source environment &&  mkdir debug && cd debug
++&& cmake -DCMAKE_BUILD_TYPE=Debug -DCC_SGX=on -DSGXSDK="sgx_sdk path" -DENCLAVE_SSL="sgxssl path" ..
++3. To run secgear_tls, the certificate and key used by the TLS server needs to be generated, the following example generate signed certificate only for testing.
++(1) generate RSA key:
++    openssl genrsa -f4 -aes256 -out server.key 3072
++    follow the screen instructions to enter the pass phrase for protecting private key, the pass phrase should meet certain complexity requirements.
++(2) generate self-signed certificate
++    openssl req -new -x509 -days 365 -key server.key -out server.pem -sha256 -subj "/C=CN/ST=GD/L=SZ/O=test/OU=test/CN=test"
++4. start secgear_tls, sudo debug/bin/secgear_tls 9090 server.pem server.key &
++   start tls_client, sudo debug/bin/tls_client 9090 server.pem
++   follow the screen instructions to enter the pass phrase to usee the private key. 
++   After exectued successfully, the private key is deleted and only the key encrypted by enclave is saved.
+-- 
+2.27.0
+

0023-tls_enclave-is-not-compiled-by-default.patch

@@ -0,0 +1,25 @@
+From 90df8d9c0ac4ee7cbe24971ed4a8c4c6ac86c3b1 Mon Sep 17 00:00:00 2001
+From: yanlu <yanlu14@huawei.com>
+Date: Thu, 15 Apr 2021 11:49:27 +0800
+Subject: [PATCH 06/14] tls_enclave is not compiled by default
+
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 1653287..b1fe4a4 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -57,7 +57,7 @@ endif()
+ if(CC_SGX)
+     add_subdirectory(${LOCAL_ROOT_PATH}/examples/helloworld)
+     add_subdirectory(${LOCAL_ROOT_PATH}/examples/seal_data)
+-    add_subdirectory(${LOCAL_ROOT_PATH}/examples/tls_enclave)
++#    add_subdirectory(${LOCAL_ROOT_PATH}/examples/tls_enclave)
+ endif()
+ 
+ install(FILES ${LOCAL_ROOT_PATH}/conf/logrotate.d/secgear
+-- 
+2.27.0
+

0024-Cmake-replace-minial-cmake-from-3.12-to-3.10.patch

@@ -0,0 +1,68 @@
+From 20d6808fd639e4506fd1a383cf59094a17773775 Mon Sep 17 00:00:00 2001
+From: Li Feng <lifeng68@huawei.com>
+Date: Mon, 26 Apr 2021 09:26:46 +0000
+Subject: [PATCH 07/14] Cmake: replace minial cmake from 3.12 to 3.10
+
+Signed-off-by: Li Feng <lifeng68@huawei.com>
+---
+ CMakeLists.txt                    | 2 +-
+ README.en.md                      | 2 +-
+ README.md                         | 2 +-
+ examples/seal_data/CMakeLists.txt | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index b1fe4a4..a4d1668 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -8,7 +8,7 @@
+ # PURPOSE.
+ # See the Mulan PSL v2 for more details.
+ 
+-cmake_minimum_required(VERSION 3.12 FATAL_ERROR)
++cmake_minimum_required(VERSION 3.10 FATAL_ERROR)
+ project(secGear C)
+  
+ set(CMAKE_C_STANDARD 99)
+diff --git a/README.en.md b/README.en.md
+index a33a50c..4df13b0 100644
+--- a/README.en.md
++++ b/README.en.md
+@@ -43,7 +43,7 @@ Then save as test.edl
+ 
+ ### 2 Write the top-level CMakeLists.txt
+ 
+-	cmake_minimum_required(VERSION 3.12 FATAL_ERROR)
++	cmake_minimum_required(VERSION 3.10 FATAL_ERROR)
+ 	project(TEST  C)
+ 	set(CMAKE_C_STANDARD 99)
+ 	set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+diff --git a/README.md b/README.md
+index 971ddca..a90450b 100644
+--- a/README.md
++++ b/README.md
+@@ -35,7 +35,7 @@ SecGear则是面向计算产业的机密计算安全应用开发套件。旨在
+ 
+ ### 2 编写最外层CMakeLists.txt文件
+ 
+-	cmake_minimum_required(VERSION 3.12 FATAL_ERROR)
++	cmake_minimum_required(VERSION 3.10 FATAL_ERROR)
+ 	project(TEST  C)
+ 	set(CMAKE_C_STANDARD 99)
+ 	set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+diff --git a/examples/seal_data/CMakeLists.txt b/examples/seal_data/CMakeLists.txt
+index 503fe0d..3577301 100644
+--- a/examples/seal_data/CMakeLists.txt
++++ b/examples/seal_data/CMakeLists.txt
+@@ -8,7 +8,7 @@
+ # PURPOSE.
+ # See the Mulan PSL v2 for more details.
+ 
+-cmake_minimum_required(VERSION 3.12)
++cmake_minimum_required(VERSION 3.10)
+ 
+ project(SealData C)
+ 
+-- 
+2.27.0
+

0025-example-add-example-for-LRT-long-running-task.patch

@@ -0,0 +1,517 @@
+From d8d225ed834a9cfe63b305ccd2ce97f5b3ebdfb4 Mon Sep 17 00:00:00 2001
+From: Li Feng <lifeng68@huawei.com>
+Date: Mon, 26 Apr 2021 09:32:12 +0000
+Subject: [PATCH 08/14] example: add example for LRT(long running task)
+
+Signed-off-by: Li Feng <lifeng68@huawei.com>
+---
+ CMakeLists.txt                          |   1 +
+ examples/lrt/CMakeLists.txt             |  34 +++++
+ examples/lrt/enclave/CMakeLists.txt     | 158 ++++++++++++++++++++++++
+ examples/lrt/enclave/Enclave.config.xml |  12 ++
+ examples/lrt/enclave/Enclave.lds        |  11 ++
+ examples/lrt/enclave/lrt.c              |  23 ++++
+ examples/lrt/enclave/manifest.txt.in    |   8 ++
+ examples/lrt/host/CMakeLists.txt        |  85 +++++++++++++
+ examples/lrt/host/main.c                |  70 +++++++++++
+ examples/lrt/lrt.edl                    |  19 +++
+ 10 files changed, 421 insertions(+)
+ create mode 100644 examples/lrt/CMakeLists.txt
+ create mode 100644 examples/lrt/enclave/CMakeLists.txt
+ create mode 100644 examples/lrt/enclave/Enclave.config.xml
+ create mode 100644 examples/lrt/enclave/Enclave.lds
+ create mode 100644 examples/lrt/enclave/lrt.c
+ create mode 100644 examples/lrt/enclave/manifest.txt.in
+ create mode 100644 examples/lrt/host/CMakeLists.txt
+ create mode 100644 examples/lrt/host/main.c
+ create mode 100644 examples/lrt/lrt.edl
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index a4d1668..1d036ea 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -58,6 +58,7 @@ if(CC_SGX)
+     add_subdirectory(${LOCAL_ROOT_PATH}/examples/helloworld)
+     add_subdirectory(${LOCAL_ROOT_PATH}/examples/seal_data)
+ #    add_subdirectory(${LOCAL_ROOT_PATH}/examples/tls_enclave)
++#    add_subdirectory(${LOCAL_ROOT_PATH}/examples/lrt)
+ endif()
+ 
+ install(FILES ${LOCAL_ROOT_PATH}/conf/logrotate.d/secgear
+diff --git a/examples/lrt/CMakeLists.txt b/examples/lrt/CMakeLists.txt
+new file mode 100644
+index 0000000..9059590
+--- /dev/null
++++ b/examples/lrt/CMakeLists.txt
+@@ -0,0 +1,34 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++# secGear is licensed under the Mulan PSL v2.
++# You can use this software according to the terms and conditions of the Mulan PSL v2.
++# You may obtain a copy of Mulan PSL v2 at:
++#     http://license.coscl.org.cn/MulanPSL2
++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# PURPOSE.
++# See the Mulan PSL v2 for more details.
++
++project(HelloWorldLRT  C)
++
++set(CMAKE_C_STANDARD 99)
++
++set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
++
++#set edl name
++set(EDL_FILE lrt.edl)
++set(CODEGEN codegen)
++
++if(CC_GP)
++    set(CODETYPE trustzone)
++    execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
++    string(REPLACE "\n" "" UUID ${UUID})
++    add_definitions(-DPATH="/data/${UUID}.sec")
++endif()
++
++if(CC_SGX)
++    set(CODETYPE sgx)
++    add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
++endif()
++
++add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
++add_subdirectory(${CURRENT_ROOT_PATH}/host)
+diff --git a/examples/lrt/enclave/CMakeLists.txt b/examples/lrt/enclave/CMakeLists.txt
+new file mode 100644
+index 0000000..64494cc
+--- /dev/null
++++ b/examples/lrt/enclave/CMakeLists.txt
+@@ -0,0 +1,158 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++# secGear is licensed under the Mulan PSL v2.
++# You can use this software according to the terms and conditions of the Mulan PSL v2.
++# You may obtain a copy of Mulan PSL v2 at:
++#     http://license.coscl.org.cn/MulanPSL2
++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# PURPOSE.
++# See the Mulan PSL v2 for more details.
++
++#set auto code prefix
++set(PREFIX lrt)
++
++#set sign key
++set(PEM Enclave_private.pem)
++
++#set sign tool
++set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh)
++
++#set enclave src code
++set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/lrt.c)
++
++#set log level
++set(PRINT_LEVEL 3)
++add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL})
++
++if(CC_GP)
++    #set signed output
++    set(OUTPUT ${UUID}.sec)
++    #set whilelist. default: /vendor/bin/teec_hello
++    set(WHITE_LIST_0 /vendor/bin/helloworld)
++    set(WHITE_LIST_OWNER root)
++    set(WHITE_LIST_1 /vendor/bin/secgear_helloworld)
++    set(WHITELIST WHITE_LIST_0 WHITE_LIST_1)
++
++    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
++    add_custom_command(OUTPUT ${AUTO_FILES}
++    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
++    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
++endif()
++
++if(CC_SGX)
++    set(OUTPUT enclave.signed.so)
++    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c)
++    add_custom_command(OUTPUT ${AUTO_FILES}
++    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
++    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SGXSDK}/include)
++endif()
++
++set(COMMON_C_FLAGS "-W -Wall -Werror  -fno-short-enums  -fno-omit-frame-pointer -fstack-protector \
++	-Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \
++	-fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \
++        -Wno-error=unused-but-set-variable -Wno-error=format-truncation=")
++
++set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles")
++
++if(CC_GP)
++    configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt")
++
++    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS}  -march=armv8-a ")
++    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s -fPIC")
++    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-s")
++    
++    set(ITRUSTEE_TEEDIR ${iTrusteeSDK}/)
++    set(ITRUSTEE_LIBC ${iTrusteeSDK}/thirdparty/open_source/musl/libc)
++
++    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
++        link_directories(${CMAKE_BINARY_DIR}/lib/)
++    endif()
++
++    add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES})
++
++    target_include_directories( ${PREFIX} PRIVATE
++	${CMAKE_CURRENT_BINARY_DIR}
++	${LOCAL_ROOT_PATH}/inc/host_inc
++	${LOCAL_ROOT_PATH}/inc/host_inc/gp
++	${LOCAL_ROOT_PATH}/inc/enclave_inc
++	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp
++	${ITRUSTEE_TEEDIR}/include/TA
++	${ITRUSTEE_TEEDIR}/include/TA/huawei_ext
++	${ITRUSTEE_LIBC}/arch/aarch64
++	${ITRUSTEE_LIBC}/
++	${ITRUSTEE_LIBC}/arch/arm/bits
++	${ITRUSTEE_LIBC}/arch/generic
++	${ITRUSTEE_LIBC}/arch/arm
++	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee)
++
++    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
++        target_link_directories(${PREFIX} PRIVATE
++	        ${CMAKE_BINARY_DIR}/lib/)
++    endif()
++
++    foreach(WHITE_LIST ${WHITELIST})
++	    add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}")
++    endforeach(WHITE_LIST)
++    add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}")
++
++    target_link_libraries(${PREFIX} -lsecgear_tee)
++
++    add_custom_command(TARGET ${PREFIX}
++	      POST_BUILD
++              COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt 
++	      		-o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT})
++
++    install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}  
++        DESTINATION /data
++        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE  WORLD_READ  WORLD_EXECUTE)
++
++endif()
++
++if(CC_SGX)
++    set(SGX_DIR ${SGXSDK})
++    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden")
++    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
++    set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64)
++
++    if(CC_SIM)
++        set(Trts_Library_Name sgx_trts_sim)
++        set(Service_Library_Name sgx_tservice_sim)
++    else()
++        set(Trts_Library_Name sgx_trts)
++        set(Service_Library_Name sgx_tservice)
++    endif()
++
++    set(Crypto_Library_Name sgx_tcrypto)
++
++    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \
++	-Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds")
++
++    if(${CMAKE_VERSION} VERSION_LESS "3.13.0") 
++        link_directories(${LINK_LIBRARY_PATH})
++    endif()
++
++    add_library(${PREFIX}  SHARED ${SOURCE_FILES} ${AUTO_FILES})
++
++    target_include_directories(${PREFIX} PRIVATE
++	    ${CMAKE_CURRENT_BINARY_DIR}
++	    ${SGX_DIR}/include/tlibc
++	    ${SGX_DIR}/include/libcxx
++	    ${SGX_DIR}/include
++	    ${LOCAL_ROOT_PATH}/inc/host_inc
++	    ${LOCAL_ROOT_PATH}/inc/host_inc/sgx)
++    
++    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") 
++        target_link_directories(${PREFIX} PRIVATE
++	        ${LINK_LIBRARY_PATH})
++    endif()
++
++    target_link_libraries(${PREFIX}  -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive 
++    		-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name}   -Wl,--end-group)
++    add_custom_command(TARGET ${PREFIX} 
++    POST_BUILD
++    COMMAND umask 0177
++    COMMAND openssl genrsa -3 -out ${PEM} 3072
++    COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml)
++endif()
++
++set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE)
+diff --git a/examples/lrt/enclave/Enclave.config.xml b/examples/lrt/enclave/Enclave.config.xml
+new file mode 100644
+index 0000000..e94c9bc
+--- /dev/null
++++ b/examples/lrt/enclave/Enclave.config.xml
+@@ -0,0 +1,12 @@
++<EnclaveConfiguration>
++  <ProdID>0</ProdID>
++  <ISVSVN>0</ISVSVN>
++  <StackMaxSize>0x40000</StackMaxSize>
++  <HeapMaxSize>0x100000</HeapMaxSize>
++  <TCSNum>10</TCSNum>
++  <TCSPolicy>1</TCSPolicy>
++  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
++  <DisableDebug>0</DisableDebug>
++  <MiscSelect>0</MiscSelect>
++  <MiscMask>0xFFFFFFFF</MiscMask>
++</EnclaveConfiguration>
+diff --git a/examples/lrt/enclave/Enclave.lds b/examples/lrt/enclave/Enclave.lds
+new file mode 100644
+index 0000000..ab77e64
+--- /dev/null
++++ b/examples/lrt/enclave/Enclave.lds
+@@ -0,0 +1,11 @@
++enclave.so
++{
++    global:
++        g_global_data_sim;
++        g_global_data;
++        enclave_entry;
++        g_peak_heap_used;
++    local:
++        *;
++};
++
+diff --git a/examples/lrt/enclave/lrt.c b/examples/lrt/enclave/lrt.c
+new file mode 100644
+index 0000000..982e50c
+--- /dev/null
++++ b/examples/lrt/enclave/lrt.c
+@@ -0,0 +1,23 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++ * secGear is licensed under the Mulan PSL v2.
++ * You can use this software according to the terms and conditions of the Mulan PSL v2.
++ * You may obtain a copy of Mulan PSL v2 at:
++ *     http://license.coscl.org.cn/MulanPSL2
++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++ * PURPOSE.
++ * See the Mulan PSL v2 for more details.
++ */
++
++#include <stdio.h>
++#include <string.h>
++#include "lrt_t.h"
++
++#define TA_HELLO_WORLD        "Secgear Long Running Task!"
++#define BUF_MAX 32
++int get_string(char *buf)
++{
++    strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1);
++    return 0;
++}
+diff --git a/examples/lrt/enclave/manifest.txt.in b/examples/lrt/enclave/manifest.txt.in
+new file mode 100644
+index 0000000..7b8ecf5
+--- /dev/null
++++ b/examples/lrt/enclave/manifest.txt.in
+@@ -0,0 +1,8 @@
++gpd.ta.appID:	@UUID@
++gpd.ta.service_name:	test0108
++gpd.ta.singleInstance:	true
++gpd.ta.multiSession:	false
++gpd.ta.multiCommand:	false
++gpd.ta.instanceKeepAlive:	false
++gpd.ta.dataSize:	16384
++gpd.ta.stackSize:	20480
+diff --git a/examples/lrt/host/CMakeLists.txt b/examples/lrt/host/CMakeLists.txt
+new file mode 100644
+index 0000000..13f891a
+--- /dev/null
++++ b/examples/lrt/host/CMakeLists.txt
+@@ -0,0 +1,85 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++# secGear is licensed under the Mulan PSL v2.
++# You can use this software according to the terms and conditions of the Mulan PSL v2.
++# You may obtain a copy of Mulan PSL v2 at:
++#     http://license.coscl.org.cn/MulanPSL2
++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# PURPOSE.
++# See the Mulan PSL v2 for more details.
++
++#set auto code prefix
++set(PREFIX lrt)
++#set host exec name
++set(OUTPUT secgear_lrt)
++#set host src code
++set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c)
++
++#set auto code
++if(CC_GP)
++    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
++    add_custom_command(OUTPUT ${AUTO_FILES}
++    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
++    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
++endif()
++    
++if(CC_SGX)
++    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
++    add_custom_command(OUTPUT ${AUTO_FILES}
++    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
++    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx  --search-path ${SGXSDK}/include)
++endif()
++
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE")
++set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
++
++if(CC_GP)
++    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
++        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
++    endif()
++    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
++    target_include_directories(${OUTPUT} PRIVATE  
++                    ${LOCAL_ROOT_PATH}/inc/host_inc
++                    ${LOCAL_ROOT_PATH}/inc/host_inc/gp
++                    ${CMAKE_CURRENT_BINARY_DIR})
++    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
++        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
++    endif()
++endif()
++
++if(CC_SGX)
++    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
++        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
++    endif()
++    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
++    target_include_directories(${OUTPUT} PRIVATE
++			${LOCAL_ROOT_PATH}/inc/host_inc 
++			${LOCAL_ROOT_PATH}/inc/host_inc/sgx
++			${CMAKE_CURRENT_BINARY_DIR})
++    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
++        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
++    endif()
++endif()
++
++if(CC_SIM)
++    target_link_libraries(${OUTPUT} secgearsim)
++else()
++    target_link_libraries(${OUTPUT} secgear)
++endif()
++set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
++
++if(CC_GP)
++	#itrustee install whitelist /vender/bin/teec_hello 
++	install(TARGETS  ${OUTPUT}
++        	RUNTIME
++        	DESTINATION /vendor/bin/
++       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)  
++endif()
++
++if(CC_SGX)
++	install(TARGETS  ${OUTPUT}
++        	RUNTIME
++        	DESTINATION ${CMAKE_BINARY_DIR}/bin/
++       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)  
++endif()
++	
+diff --git a/examples/lrt/host/main.c b/examples/lrt/host/main.c
+new file mode 100644
+index 0000000..ba078c7
+--- /dev/null
++++ b/examples/lrt/host/main.c
+@@ -0,0 +1,70 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++ * secGear is licensed under the Mulan PSL v2.
++ * You can use this software according to the terms and conditions of the Mulan PSL v2.
++ * You may obtain a copy of Mulan PSL v2 at:
++ *     http://license.coscl.org.cn/MulanPSL2
++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++ * PURPOSE.
++ * See the Mulan PSL v2 for more details.
++ */
++
++#include <stdio.h>
++#include <unistd.h>
++#include <linux/limits.h>
++#include "enclave.h"
++#include "lrt_u.h"
++
++#define BUF_LEN 32
++
++int main()
++{
++    int  retval = 0;
++    char *path = PATH;
++    char buf[BUF_LEN];
++    cc_enclave_t *context = NULL;
++    cc_enclave_result_t res;
++
++    printf("Create secgear enclave\n");
++
++    char real_p[PATH_MAX];
++    /* check file exists, if not exist then use absolute path */
++    if (realpath(path, real_p) == NULL) {
++	    if (getcwd(real_p, sizeof(real_p)) == NULL) {
++		    printf("Cannot find enclave.sign.so");
++		    return -1;
++	    }
++	    if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) {
++		    printf("Failed to strcat enclave.sign.so path");
++		    return -1;
++	    }
++	    (void)strcat(real_p, "/enclave.signed.so");
++    }
++
++    res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
++    if (res != CC_SUCCESS) {
++        printf("Create enclave error\n");
++        return res;
++    }
++
++    while(true) {
++        res = get_string(context, &retval, buf);
++        if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) {
++            printf("Ecall enclave error\n");
++            goto out;
++        } else {
++            printf("%s\n", buf);
++        }
++        sleep(1);
++    }
++
++out:
++    if (context != NULL) {
++        res = cc_enclave_destroy(context);
++        if(res != CC_SUCCESS) {
++            printf("Destroy enclave error\n");
++        }
++    }
++    return res;
++}
+diff --git a/examples/lrt/lrt.edl b/examples/lrt/lrt.edl
+new file mode 100644
+index 0000000..73dc375
+--- /dev/null
++++ b/examples/lrt/lrt.edl
+@@ -0,0 +1,19 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++ * secGear is licensed under the Mulan PSL v2.
++ * You can use this software according to the terms and conditions of the Mulan PSL v2.
++ * You may obtain a copy of Mulan PSL v2 at:
++ *     http://license.coscl.org.cn/MulanPSL2
++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++ * PURPOSE.
++ * See the Mulan PSL v2 for more details.
++ */
++
++enclave {
++    include "secgear_urts.h"
++    from "secgear_tstdc.edl" import *; 
++    trusted {
++        public int get_string([out, size=32]char *buf);
++    };
++};
+-- 
+2.27.0
+

0026-example-add-Dockerfile-to-build-lrt-example-image.patch

@@ -0,0 +1,172 @@
+From 2f5b3b98d7c4705ef761e9898116b2206b7c6729 Mon Sep 17 00:00:00 2001
+From: Li Feng <lifeng68@huawei.com>
+Date: Tue, 13 Apr 2021 07:59:54 +0000
+Subject: [PATCH 09/14] example: add Dockerfile to build lrt example image
+
+Signed-off-by: Li Feng <lifeng68@huawei.com>
+---
+ examples/lrt/Dockerfile         | 33 +++++++++++++++++++
+ examples/lrt/device_plugin.yaml | 57 +++++++++++++++++++++++++++++++++
+ examples/lrt/enclave.yaml       | 46 ++++++++++++++++++++++++++
+ 3 files changed, 136 insertions(+)
+ create mode 100644 examples/lrt/Dockerfile
+ create mode 100644 examples/lrt/device_plugin.yaml
+ create mode 100644 examples/lrt/enclave.yaml
+
+diff --git a/examples/lrt/Dockerfile b/examples/lrt/Dockerfile
+new file mode 100644
+index 0000000..dadf2b7
+--- /dev/null
++++ b/examples/lrt/Dockerfile
+@@ -0,0 +1,33 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++# secGear is licensed under the Mulan PSL v2.
++# You can use this software according to the terms and conditions of the Mulan PSL v2.
++# You may obtain a copy of Mulan PSL v2 at:
++#     http://license.coscl.org.cn/MulanPSL2
++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# PURPOSE.
++# See the Mulan PSL v2 for more details.
++
++# steps to build example image:
++# 1. build the secGear project at host
++# 	# cd secGear/
++# 	# source environment
++# 	# source /opt/intel/sgxsdk/environment
++# 	# mkdir debug && cd debug
++#	# cmake -DCMAKE_BUILD_TYPE=Debug -DCC_SGX=ON -DSGXSDK=/opt/intel/sgxsdk ..
++# 	# make 
++# 2. build the example image
++# 	# cd ../examples/lrt/
++# 	# docker build -t secgear_hello -f ./Dockerfile ../../
++
++
++FROM hub.oepkgs.net/lifeng2221dd1/sgx_base_hw:latest
++
++COPY debug/lib/sgx/libsgx_0.so /lib64/
++COPY debug/lib/libsecgear.so /usr/lib/
++COPY debug/examples/lrt/host/secgear_lrt /home/
++COPY debug/examples/lrt/enclave/enclave.signed.so /home/
++
++WORKDIR /home
++
++ENTRYPOINT ["/home/secgear_lrt"]
+diff --git a/examples/lrt/device_plugin.yaml b/examples/lrt/device_plugin.yaml
+new file mode 100644
+index 0000000..9a470da
+--- /dev/null
++++ b/examples/lrt/device_plugin.yaml
+@@ -0,0 +1,57 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++# secGear is licensed under the Mulan PSL v2.
++# You can use this software according to the terms and conditions of the Mulan PSL v2.
++# You may obtain a copy of Mulan PSL v2 at:
++#     http://license.coscl.org.cn/MulanPSL2
++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# PURPOSE.
++# See the Mulan PSL v2 for more details.
++# steps to deploy device plugin:
++#       # cd secGear/
++#       # cd ./examples/lrt/
++#	# kubectl apply -f ./device_plugin.yaml
++
++apiVersion:  apps/v1
++kind: DaemonSet
++metadata:
++  name: sgx-device-plugin-ds
++  namespace: kube-system
++spec:
++  selector:
++    matchLabels:
++      k8s-app: sgx-device-plugin
++  template:
++    metadata:
++      annotations:
++        scheduler.alpha.kubernetes.io/critical-pod: ""
++      labels:
++        k8s-app: sgx-device-plugin
++    spec:
++      containers:
++      - image: hub.oepkgs.net/lifeng2221dd1/hw-ali-device-plugin:devel
++        imagePullPolicy: IfNotPresent
++        name: sgx-device-plugin
++        securityContext:
++          allowPrivilegeEscalation: false
++          capabilities:
++            drop:
++            - ALL
++        volumeMounts:
++        - mountPath: /var/lib/kubelet/device-plugins
++          name: device-plugin
++        - mountPath: /dev
++          name: dev
++      tolerations:
++      - effect: NoSchedule
++        key: alibabacloud.com/sgx_epc_MiB
++        operator: Exists
++      volumes:
++      - hostPath:
++          path: /var/lib/kubelet/device-plugins
++          type: DirectoryOrCreate
++        name: device-plugin
++      - hostPath:
++          path: /dev
++          type: Directory
++        name: dev
+diff --git a/examples/lrt/enclave.yaml b/examples/lrt/enclave.yaml
+new file mode 100644
+index 0000000..8efdada
+--- /dev/null
++++ b/examples/lrt/enclave.yaml
+@@ -0,0 +1,46 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
++# secGear is licensed under the Mulan PSL v2.
++# You can use this software according to the terms and conditions of the Mulan PSL v2.
++# You may obtain a copy of Mulan PSL v2 at:
++#     http://license.coscl.org.cn/MulanPSL2
++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++# PURPOSE.
++# See the Mulan PSL v2 for more details.
++# steps to deploy device plugin:
++#       # cd secGear/
++#       # cd ./examples/lrt/
++#       # kubectl apply -f ./enclave.yaml
++apiVersion: apps/v1
++kind: Deployment
++metadata:
++  name: helloworld
++  namespace: default
++spec:
++  replicas: 2
++  selector:
++    matchLabels:
++      app: helloworld
++  template:
++    metadata:
++      labels:
++        app: helloworld
++    spec:
++      containers:
++      - name: hell_lifeng
++        image: secgear_hello
++        imagePullPolicy: IfNotPresent
++        name: helloworld
++        resources:
++          limits:
++            cpu: 250m
++            memory: 512Mi
++            alibabacloud.com/sgx_epc_MiB: 2
++        volumeMounts:
++        - mountPath: /var/run/aesmd/aesm.socket
++          name: aesmsocket
++      volumes:
++      - hostPath:
++          path: /var/run/aesmd/aesm.socket
++          type: Socket
++        name: aesmsocket
+-- 
+2.27.0
+

0027-Change-to-use-the-milestone-picture-with-English.patch

@@ -0,0 +1,29 @@
+From 4fe112079e599cf779dacde08181f22ad62ede51 Mon Sep 17 00:00:00 2001
+From: blue <jingood@yeah.net>
+Date: Thu, 29 Apr 2021 20:53:21 +0800
+Subject: [PATCH 10/14] Change to use the milestone picture with English
+
+---
+ README.en.md | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/README.en.md b/README.en.md
+index 4df13b0..aa8c4a8 100644
+--- a/README.en.md
++++ b/README.en.md
+@@ -1,4 +1,4 @@
+-<img src="docs/logo.png" alt="secGear" style="zoom:100%;" />
++<img src="docs/logo.png" alt="secGear" style="zoom:100%;" />
+ 
+ secGear
+ ============================
+@@ -502,5 +502,5 @@ secGear introduce the signing tool to sign the enclave.
+ 
+ Milestone
+ ---------
+-<img src="docs/milestone.png" alt="secGear" style="zoom:80%;" />
++<img src="docs/milestone_en.png" alt="secGear" style="zoom:80%;" />
+ 
+-- 
+2.27.0
+

0028-example-use-the-sgx-device-plugin-from-intel.patch

@@ -0,0 +1,73 @@
+From 3af4a40bef20df36ece7f7f87c44eccf8a8b3a60 Mon Sep 17 00:00:00 2001
+From: Li Feng <lifeng2221dd1@zoho.com.cn>
+Date: Mon, 17 May 2021 10:21:32 +0800
+Subject: [PATCH 11/14] example: use the sgx device plugin from intel
+
+deployment:
+1. kubectl apply -f ./examples/lrt/device_plugin.yaml
+2. kubectl apply -f ./examples/lrt/enclave.yaml
+3. kubectl get pods -A
+
+NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE
+default       helloworld-d75bf5f9f-wgdf7                 1/1     Running   0          36m
+default       helloworld-d75bf5f9f-xthkk                 1/1     Running   0          36m
+kube-system   calico-kube-controllers-6d7b4db76c-7t8lv   1/1     Running   1          42h
+kube-system   calico-node-kcxd7                          1/1     Running   1          42h
+kube-system   coredns-6d56c8448f-ctf7m                   1/1     Running   1          42h
+kube-system   coredns-6d56c8448f-k7z5c                   1/1     Running   1          42h
+kube-system   etcd-lifeng                                1/1     Running   2          2d
+kube-system   kube-apiserver-lifeng                      1/1     Running   4          2d
+kube-system   kube-controller-manager-lifeng             1/1     Running   2          2d
+kube-system   kube-proxy-xvvz5                           1/1     Running   2          2d
+kube-system   kube-scheduler-lifeng                      1/1     Running   2          2d
+kube-system   sgx-device-plugin-ds-4sbhk                 1/1     Running   0          4m
+
+Signed-off-by: Li Feng <lifeng2221dd1@zoho.com.cn>
+---
+ CMakeLists.txt                  | 2 +-
+ examples/lrt/device_plugin.yaml | 2 +-
+ examples/lrt/enclave.yaml       | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 1d036ea..3886316 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -58,7 +58,7 @@ if(CC_SGX)
+     add_subdirectory(${LOCAL_ROOT_PATH}/examples/helloworld)
+     add_subdirectory(${LOCAL_ROOT_PATH}/examples/seal_data)
+ #    add_subdirectory(${LOCAL_ROOT_PATH}/examples/tls_enclave)
+-#    add_subdirectory(${LOCAL_ROOT_PATH}/examples/lrt)
++    add_subdirectory(${LOCAL_ROOT_PATH}/examples/lrt)
+ endif()
+ 
+ install(FILES ${LOCAL_ROOT_PATH}/conf/logrotate.d/secgear
+diff --git a/examples/lrt/device_plugin.yaml b/examples/lrt/device_plugin.yaml
+index 9a470da..ce8724d 100644
+--- a/examples/lrt/device_plugin.yaml
++++ b/examples/lrt/device_plugin.yaml
+@@ -29,7 +29,7 @@ spec:
+         k8s-app: sgx-device-plugin
+     spec:
+       containers:
+-      - image: hub.oepkgs.net/lifeng2221dd1/hw-ali-device-plugin:devel
++      - image: hub.oepkgs.net/lifeng2221dd1/intel-sgx-device-plugin-hw:isgx
+         imagePullPolicy: IfNotPresent
+         name: sgx-device-plugin
+         securityContext:
+diff --git a/examples/lrt/enclave.yaml b/examples/lrt/enclave.yaml
+index 8efdada..b1bc19b 100644
+--- a/examples/lrt/enclave.yaml
++++ b/examples/lrt/enclave.yaml
+@@ -35,7 +35,7 @@ spec:
+           limits:
+             cpu: 250m
+             memory: 512Mi
+-            alibabacloud.com/sgx_epc_MiB: 2
++            sgx.intel.com/huawei_sgx_epc_MiB: 2
+         volumeMounts:
+         - mountPath: /var/run/aesmd/aesm.socket
+           name: aesmsocket
+-- 
+2.27.0
+

0030-fix-sgx-two-step-mode-bug-add-dump-command.patch

@@ -0,0 +1,234 @@
+From 583ac889ade73e8ffa96844dcc29a511e6c5a615 Mon Sep 17 00:00:00 2001
+From: yanlu <yanlu14@huawei.com>
+Date: Wed, 19 May 2021 15:45:24 +0800
+Subject: [PATCH 13/14] fix sgx two-step mode bug, add dump command
+
+---
+ docs/sign_tool.md                          | 49 +++++++++++++---------
+ examples/helloworld/enclave/CMakeLists.txt |  2 +-
+ examples/helloworld/host/CMakeLists.txt    |  8 ++--
+ examples/seal_data/enclave/CMakeLists.txt  |  2 +-
+ examples/seal_data/host/CMakeLists.txt     |  8 ++--
+ tools/sign_tool/sign_tool.sh               | 39 +++++++++--------
+ 6 files changed, 62 insertions(+), 46 deletions(-)
+
+diff --git a/docs/sign_tool.md b/docs/sign_tool.md
+index 399e4c5..e6c6e3b 100644
+--- a/docs/sign_tool.md
++++ b/docs/sign_tool.md
+@@ -4,7 +4,7 @@ The sign_tool.sh helps to sign the enclave.
+ 
+ ## The sign_tool.sh
+ 
+-The sign_tool.sh uses the 'sgx_sign' tool in SGX SDK for signing the sgx enclave and the 'sign_tool.py' for signing the trustzone enclave.
++The sign_tool.sh uses the 'sgx_sign' tool in SGX SDK for signing the sgx enclave and the 'signtool_v3.py' for signing the trustzone enclave.
+ 
+ The tool supports the following two modes:
+ 
+@@ -19,33 +19,44 @@ The tool supports the following two modes:
+ - two-step method, it is used when the signature needs to be obtained from the signing organization or the private key is stored on another secure platform.  
+ 
+     For example:  
+-    (1) generate the digest value.  
+-    `$ ./sign_tool.sh –d digest –x trustzone –i input -c manifest.txt -m config_cloud.ini –o digest.data `
++    (1) generate the signing material.  
++    `$ ./sign_tool.sh –d digest –x trustzone –i input -c manifest.txt -m config_cloud.ini –o signing.data `
+ 
+     For trustzone, temporary files KeyInfo.enc, rawData.enc, and rawDataHash.bin are generated in the current directory. And for sgx, a temporary file signdata is generated in the current directory. The temporary file is required when generating the signed enclave in step 3 and is deleted after the signed enclave is generated.  
+ 
+-    (2) send the digest.data to the signing organization or platform and get the signature.  
+-
+-    (3) use the signature to generate the signed enclave.  
+-    `$ ./sign_tool.sh –d sign –x trustzone –i input -c manifest.txt -m config_cloud.ini –s signature –o signed.enclave `
++    (2) send the signing.data to the signing organization or platform and get the signature.  
++    For trustzone, use rsautl command to sign the signing material.
++    
++	`$ openssl rsautl -sign -inkey sign_key.pem -in signing.data -out signature `
++	
++	For sgx, use dgst command to sign the signing material.
++    
++	`$ openssl dgst -sha256 -sign sign_key.pem -keyform PEM -out signature signing.data `
++    
++	(3) use the signature to generate the signed enclave.  
++    
++	`$ ./sign_tool.sh –d sign –x trustzone –i input -c manifest.txt -m config_cloud.ini –s signature –o signed.enclave `
+ 
+ ## sign_tool.sh parameter
+ 
+ ```
+     -c <file>       basic config file.
+-    -d <parameter>  sign tool command, sign/digest.
++    -d <parameter>  sign tool command, sign/digest/dump.
+                     The sign command is used to generate a signed enclave.
+-                    The digest command is used to generate a digest value.
+-    -i <file>       enclave to be signed.
+-    -k <file>       private key required for single-step method
+-    -m <file>       additional config_cloud.ini for trustzone.
+-    -o <file>       output parameters, the sign command outputs sigend enclave, the digest command outputs
+-                    digest value.
+-    -p <file>       signing server public key certificate, required for two-step method.
+-    -s <file>       the signed digest value required for two-step method, this parameter is empty to indicate
+-                    single-step method.
+-    -x <parameter>  enclave type, sgx or trustzone.
+-    -h              printf help message.
++		            The digest command is used to generate signing material.
++		            The dump command is used to generate metadata for sgx signed enclave.
++	-i <file>       input parameter, which is enclave to be signed for digest/sign command, and signed enclave for
++	                dump command.
++	-k <file>       private key required for single-step method.
++	-m <file>       additional config_cloud.ini for trustzone.
++	-o <file>       output parameter, the sign command outputs signed enclave, the digest command outputs signing
++	                material, the dump command outputs data containing the SIGStruct metadata for the SGX signed
++	                enclave, which is submitted to Intel for whitelisting.
++	-p <file>       signing server public key certificate, required for sgx two-step method.
++	-s <file>       the signature value required for two-step method, this parameter is empty to indicate
++	                single-step method.
++	-x <parameter>  enclave type, sgx or trustzone.
++	-h              print help message.
+ ```
+ **Note**: 
+ Using the `./sign_tool.sh -h` to get help information.
+diff --git a/examples/helloworld/enclave/CMakeLists.txt b/examples/helloworld/enclave/CMakeLists.txt
+index f7967ef..98f50ac 100644
+--- a/examples/helloworld/enclave/CMakeLists.txt
++++ b/examples/helloworld/enclave/CMakeLists.txt
+@@ -71,7 +71,7 @@ if(CC_GP)
+ 
+     target_include_directories( ${PREFIX} PRIVATE
+ 	${CMAKE_CURRENT_BINARY_DIR}
+-	${LOCAL_ROOT_PATH}/debug/inc
++	${LOCAL_ROOT_PATH}/${CMAKE_BINARY_DIR}/inc
+ 	${LOCAL_ROOT_PATH}/inc/host_inc
+ 	${LOCAL_ROOT_PATH}/inc/host_inc/gp
+ 	${LOCAL_ROOT_PATH}/inc/enclave_inc
+diff --git a/examples/helloworld/host/CMakeLists.txt b/examples/helloworld/host/CMakeLists.txt
+index 60173a9..c6f2166 100644
+--- a/examples/helloworld/host/CMakeLists.txt
++++ b/examples/helloworld/host/CMakeLists.txt
+@@ -39,10 +39,10 @@ if(CC_GP)
+     endif()
+     add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+     target_include_directories(${OUTPUT} PRIVATE
+-	    	    ${LOCAL_ROOT_PATH}/debug/inc
+-		    ${LOCAL_ROOT_PATH}/inc/host_inc
+-		    ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+-                    ${CMAKE_CURRENT_BINARY_DIR})
++            ${LOCAL_ROOT_PATH}/${CMAKE_BINARY_DIR}/inc
++            ${LOCAL_ROOT_PATH}/inc/host_inc
++            ${LOCAL_ROOT_PATH}/inc/host_inc/gp
++            ${CMAKE_CURRENT_BINARY_DIR})
+     if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+         target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+     endif()
+diff --git a/examples/seal_data/enclave/CMakeLists.txt b/examples/seal_data/enclave/CMakeLists.txt
+index b24e498..542163e 100644
+--- a/examples/seal_data/enclave/CMakeLists.txt
++++ b/examples/seal_data/enclave/CMakeLists.txt
+@@ -66,7 +66,7 @@ if(CC_GP)
+ 
+     target_include_directories( ${PREFIX} PRIVATE
+     ${CMAKE_CURRENT_BINARY_DIR}
+-    ${LOCAL_ROOT_PATH}/debug/inc
++    ${LOCAL_ROOT_PATH}/${CMAKE_BINARY_DIR}/inc
+     ${LOCAL_ROOT_PATH}/inc/host_inc
+     ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+     ${LOCAL_ROOT_PATH}/inc/enclave_inc
+diff --git a/examples/seal_data/host/CMakeLists.txt b/examples/seal_data/host/CMakeLists.txt
+index 691cd07..a0986d1 100644
+--- a/examples/seal_data/host/CMakeLists.txt
++++ b/examples/seal_data/host/CMakeLists.txt
+@@ -40,10 +40,10 @@ if(CC_GP)
+     endif()
+     add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+     target_include_directories(${OUTPUT} PRIVATE
+-		    ${LOCAL_ROOT_PATH}/debug/inc
+-                    ${LOCAL_ROOT_PATH}/inc/host_inc
+-		    ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+-                    ${CMAKE_CURRENT_BINARY_DIR})
++            ${LOCAL_ROOT_PATH}/${CMAKE_BINARY_DIR}/inc
++            ${LOCAL_ROOT_PATH}/inc/host_inc
++            ${LOCAL_ROOT_PATH}/inc/host_inc/gp
++            ${CMAKE_CURRENT_BINARY_DIR})
+     if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+         target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+     endif()
+diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
+index 5fd7d5b..9906bff 100755
+--- a/tools/sign_tool/sign_tool.sh
++++ b/tools/sign_tool/sign_tool.sh
+@@ -20,19 +20,22 @@ print_help(){
+     echo "sign tool usage: ./sign_tool.sh [options] ..."
+     echo "[options]"
+     echo "-c <file>       basic config file."
+-    echo "-d <parameter>  sign tool command, sign/digest."
++    echo "-d <parameter>  sign tool command, sign/digest/dump."
+     echo "                The sign command is used to generate a signed enclave."
+-    echo "                The digest command is used to generate a digest value."
+-    echo "-i <file>       enclave to be signed."
+-    echo "-k <file>       private key required for single-step method"
++    echo "                The digest command is used to generate signing material."
++    echo "                The dump command is used to generate metadata for sgx signed enclave."
++    echo "-i <file>       input parameter, which is enclave to be signed for digest/sign command, and signed enclave for"
++    echo "                dump command."
++    echo "-k <file>       private key required for single-step method."
+     echo "-m <file>       additional config_cloud.ini for trustzone."
+-    echo "-o <file>       output parameters, the sign command outputs sigend enclave, the digest command outputs"
+-    echo "                digest value."
+-    echo "-p <file>       signing server public key certificate, required for two-step method."
+-    echo "-s <file>       the signed digest value required for two-step method, this parameter is empty to indicate"
++    echo "-o <file>       output parameter, the sign command outputs signed enclave, the digest command outputs signing"
++    echo "                material, the dump command outputs data containing the SIGStruct metadata for the SGX signed"
++    echo "                enclave, which is submitted to Intel for whitelisting."
++    echo "-p <file>       signing server public key certificate, required for sgx two-step method."
++    echo "-s <file>       the signature value required for two-step method, this parameter is empty to indicate"
+     echo "                single-step method."
+     echo "-x <parameter>  enclave type, sgx or trustzone."
+-    echo "-h              printf help message."
++    echo "-h              print help message."
+ 
+ }
+ 
+@@ -164,12 +167,12 @@ sgx_start_sign(){
+     fi
+     SIGDATA_FILE="signdata"
+     if [ "${CMD}"x == "sign"x ]; then
+-        if [ -z $SIG_KEY ]; then
+-            echo "Error: missing sign key"
+-            exit -1
+-        fi  
+         if [ -z $SIGNATURE ]; then
+-            if [ -z $CONFIG_FILE ]; then
++           if [ -z $SIG_KEY ]; then
++		       echo "Error: missing sign key"
++			   exit -1
++		   fi
++           if [ -z $CONFIG_FILE ]; then
+                 sgx_sign sign -enclave ${IN_ENCLAVE} -key ${SIG_KEY} -out ${OUT_FILE}
+             else
+                 sgx_sign sign -enclave ${IN_ENCLAVE} -key ${SIG_KEY} -out ${OUT_FILE} -config ${CONFIG_FILE}
+@@ -180,9 +183,9 @@ sgx_start_sign(){
+                 exit -1
+             fi  
+             if [ -z $CONFIG_FILE ]; then
+-                sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsignd ${SIGDATA_FILE} -out ${OUT_FILE}
++                sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsigned ${SIGDATA_FILE} -out ${OUT_FILE}
+             else
+-                sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsignd ${SIGDATA_FILE} -out ${OUT_FILE} -config ${CONFIG_FILE}
++                sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsigned ${SIGDATA_FILE} -out ${OUT_FILE} -config ${CONFIG_FILE}
+             fi
+             rm -rf ${SIGDATA_FILE}
+         fi
+@@ -192,7 +195,9 @@ sgx_start_sign(){
+         else
+             sgx_sign gendata -enclave ${IN_ENCLAVE} -out ${SIGDATA_FILE} -config ${CONFIG_FILE}
+         fi
+-        openssl dgst -sha256 -out ${OUT_FILE} ${SIGDATA_FILE}
++	    cp ${SIGDATA_FILE} ${OUT_FILE}
++    elif [ "${CMD}"x == "dump"x ]; then
++        sgx_sign dump -enclave ${IN_ENCLAVE} -dumpfile ${OUT_FILE}
+     else
+         echo "Error: illegal command"
+     fi
+-- 
+2.27.0
+

0031-set-signtool_v3.py-path.patch

@@ -0,0 +1,166 @@
+From 2d9a481617422a423612417835a48b0614716f2d Mon Sep 17 00:00:00 2001
+From: yanlu <yanlu14@huawei.com>
+Date: Thu, 20 May 2021 10:40:25 +0800
+Subject: [PATCH 14/14] set signtool_v3.py path
+
+---
+ README.en.md                               |  2 +-
+ README.md                                  |  2 +-
+ examples/helloworld/enclave/CMakeLists.txt |  2 +-
+ examples/helloworld/host/CMakeLists.txt    |  2 +-
+ examples/seal_data/enclave/CMakeLists.txt  |  2 +-
+ examples/seal_data/host/CMakeLists.txt     |  2 +-
+ src/enclave_src/CMakeLists.txt             |  2 +-
+ src/host_src/CMakeLists.txt                |  2 +-
+ tools/sign_tool/sign_tool.sh               | 13 +++++++++----
+ 9 files changed, 17 insertions(+), 12 deletions(-)
+
+diff --git a/README.en.md b/README.en.md
+index 8aaa1b0..ec7ada0 100644
+--- a/README.en.md
++++ b/README.en.md
+@@ -49,7 +49,7 @@ Then save as test.edl
+ 	set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+ 	set(EDL_FILE test.edl)
+ 	set(LOCAL_ROOT_PATH "$ENV{CC_SDK}")
+-        set(SECGEAR_INSTALL_PATH /lib64/)
++        set(SECGEAR_INSTALL_PATH /usr/lib64/)
+ 	set(CODEGEN codegen)
+ 	if(CC_GP)
+ 		set(CODETYPE trustzone)
+diff --git a/README.md b/README.md
+index b95dcc9..2d09831 100644
+--- a/README.md
++++ b/README.md
+@@ -41,7 +41,7 @@ SecGear则是面向计算产业的机密计算安全应用开发套件。旨在
+ 	set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+ 	set(EDL_FILE test.edl)
+ 	set(LOCAL_ROOT_PATH "$ENV{CC_SDK}")
+-        set(SECGEAR_INSTALL_PATH /lib64/)
++        set(SECGEAR_INSTALL_PATH /usr/lib64/)
+ 	set(CODEGEN codegen)
+ 	if(CC_GP)
+ 		set(CODETYPE trustzone)
+diff --git a/examples/helloworld/enclave/CMakeLists.txt b/examples/helloworld/enclave/CMakeLists.txt
+index 98f50ac..0546183 100644
+--- a/examples/helloworld/enclave/CMakeLists.txt
++++ b/examples/helloworld/enclave/CMakeLists.txt
+@@ -71,7 +71,7 @@ if(CC_GP)
+ 
+     target_include_directories( ${PREFIX} PRIVATE
+ 	${CMAKE_CURRENT_BINARY_DIR}
+-	${LOCAL_ROOT_PATH}/${CMAKE_BINARY_DIR}/inc
++	${CMAKE_BINARY_DIR}/inc
+ 	${LOCAL_ROOT_PATH}/inc/host_inc
+ 	${LOCAL_ROOT_PATH}/inc/host_inc/gp
+ 	${LOCAL_ROOT_PATH}/inc/enclave_inc
+diff --git a/examples/helloworld/host/CMakeLists.txt b/examples/helloworld/host/CMakeLists.txt
+index c6f2166..96985cb 100644
+--- a/examples/helloworld/host/CMakeLists.txt
++++ b/examples/helloworld/host/CMakeLists.txt
+@@ -39,7 +39,7 @@ if(CC_GP)
+     endif()
+     add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+     target_include_directories(${OUTPUT} PRIVATE
+-            ${LOCAL_ROOT_PATH}/${CMAKE_BINARY_DIR}/inc
++            ${CMAKE_BINARY_DIR}/inc
+             ${LOCAL_ROOT_PATH}/inc/host_inc
+             ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+             ${CMAKE_CURRENT_BINARY_DIR})
+diff --git a/examples/seal_data/enclave/CMakeLists.txt b/examples/seal_data/enclave/CMakeLists.txt
+index 542163e..f80efb8 100644
+--- a/examples/seal_data/enclave/CMakeLists.txt
++++ b/examples/seal_data/enclave/CMakeLists.txt
+@@ -66,7 +66,7 @@ if(CC_GP)
+ 
+     target_include_directories( ${PREFIX} PRIVATE
+     ${CMAKE_CURRENT_BINARY_DIR}
+-    ${LOCAL_ROOT_PATH}/${CMAKE_BINARY_DIR}/inc
++    ${CMAKE_BINARY_DIR}/inc
+     ${LOCAL_ROOT_PATH}/inc/host_inc
+     ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+     ${LOCAL_ROOT_PATH}/inc/enclave_inc
+diff --git a/examples/seal_data/host/CMakeLists.txt b/examples/seal_data/host/CMakeLists.txt
+index a0986d1..19920b4 100644
+--- a/examples/seal_data/host/CMakeLists.txt
++++ b/examples/seal_data/host/CMakeLists.txt
+@@ -40,7 +40,7 @@ if(CC_GP)
+     endif()
+     add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+     target_include_directories(${OUTPUT} PRIVATE
+-            ${LOCAL_ROOT_PATH}/${CMAKE_BINARY_DIR}/inc
++            ${CMAKE_BINARY_DIR}/inc
+             ${LOCAL_ROOT_PATH}/inc/host_inc
+             ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+             ${CMAKE_CURRENT_BINARY_DIR})
+diff --git a/src/enclave_src/CMakeLists.txt b/src/enclave_src/CMakeLists.txt
+index 66a36ea..f6d353c 100644
+--- a/src/enclave_src/CMakeLists.txt
++++ b/src/enclave_src/CMakeLists.txt
+@@ -11,7 +11,7 @@
+ project(secgear_tee C)
+ 
+ set(target_lib secgear_tee)
+-set(LIBRARY_INSTALL /lib64)
++set(LIBRARY_INSTALL /usr/lib64)
+ 
+ set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
+ 
+diff --git a/src/host_src/CMakeLists.txt b/src/host_src/CMakeLists.txt
+index 25d245f..a545e27 100644
+--- a/src/host_src/CMakeLists.txt
++++ b/src/host_src/CMakeLists.txt
+@@ -10,7 +10,7 @@
+ 
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fvisibility=hidden -fPIC -Wno-stringop-overflow")
+ 
+-set(LIBRARY_INSTALL /lib64)
++set(LIBRARY_INSTALL /usr/lib64)
+ 
+ include_directories(${LOCAL_ROOT_PATH}/inc/host_inc)
+ 
+diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
+index 9906bff..5469f80 100755
+--- a/tools/sign_tool/sign_tool.sh
++++ b/tools/sign_tool/sign_tool.sh
+@@ -12,9 +12,14 @@
+ VERSION=3
+ API_LEVEL=2
+ ONE_STEP_MODE=1
+-A_CONFIG_FILE="NULL"
+ 
+ localpath="$(cd "$(dirname "$0")"; pwd)"
++pypath="/lib/secGear"
++if [ -f ${localpath}/signtool_v3.py ]; then
++    signtoolpath=${localpath}
++else
++    signtoolpath=${pypath}
++fi
+ 
+ print_help(){
+     echo "sign tool usage: ./sign_tool.sh [options] ..."
+@@ -139,10 +144,10 @@ itrustee_start_sign(){
+                 echo "Error: missing enclave file"
+                 exit -1
+             fi
+-            python ${localpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" 
++            python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" 
+         else
+             ONE_STEP_MODE=0
+-            python ${localpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "NULL" "${OUT_FILE}" "NULL" "${A_CONFIG_FILE}" "${API_LEVEL}" "${SIGNATURE}"
++            python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "NULL" "${OUT_FILE}" "NULL" "${A_CONFIG_FILE}" "${API_LEVEL}" "${SIGNATURE}"
+         fi
+     elif [ "${CMD}"x == "digest"x ]; then
+         ONE_STEP_MODE=0
+@@ -154,7 +159,7 @@ itrustee_start_sign(){
+             echo "Error: missing enclave file"
+             exit -1
+         fi
+-        python ${localpath}/signtool_v3.py "digest" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" 
++        python ${signtoolpath}/signtool_v3.py "digest" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" 
+     else
+         echo "Error: illegal command"
+     fi
+-- 
+2.27.0
+

0032-del-size_to_aligned_size.patch

@@ -0,0 +1,25 @@
+From f31970aac34d3e6fb6c50508ec5d5d4e07da0e0a Mon Sep 17 00:00:00 2001
+From: zgzxx <zhangguangzhi3@huawei.com>
+Date: Fri, 21 May 2021 11:14:06 +0800
+Subject: [PATCH] del size_to_aligned_size
+
+---
+ tools/codegener/Commonfunc.ml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/codegener/Commonfunc.ml b/tools/codegener/Commonfunc.ml
+index 42d62c4..6f3966a 100644
+--- a/tools/codegener/Commonfunc.ml
++++ b/tools/codegener/Commonfunc.ml
+@@ -428,7 +428,7 @@ let set_in_memcpy (fd : func_decl) =
+             sprintf "for (int i = 0; i < %s; i++) {\n        if((%s + i)->%s) {\n            memcpy(in_buf + %s_p + tmp_size, (uint8_t *)(%s + i)->%s, %s);\n        tmp_size += size_to_aligned_size(%s);\n        }\n    }\n    tmp_size = 0;\n    " (get_param_count pty) decl.identifier mem_decl.identifier mem_decl.identifier decl.identifier mem_decl.identifier (get_sizestr_2 (mem_pty, mem_decl) decl) (get_sizestr_2 (mem_pty, mem_decl) decl) in
+     [
+         "/* Copy in_params to in_buf*/";
+-        sprintf "memcpy(in_buf, &args_size, size_to_aligned_size(sizeof(%s_size_t)));" fd.fname;
++        sprintf "memcpy(in_buf, &args_size, sizeof(%s_size_t));" fd.fname;
+         if in_memcpy <> [] then
+         concat "\n    " in_memcpy ^ "\n    " ^ 
+         concat "\n    "
+-- 
+2.27.0
+

secGear.spec

@@ -1,8 +1,8 @@
 Name:		secGear
 Version:	0.1.0
-Release:	13%{?dist}
+Release:	14%{?dist}
 Summary:	secGear is an SDK to develop confidential computing apps based on hardware enclave features
-ExclusiveArch:	x86_64
+
 
 Group:		OS Security
 License:	Mulan PSL v2
@@ -17,94 +17,123 @@ Patch4:		0005-delete-unnecessary-README.cn.md.patch
 Patch5:		0006-fix-issues-about-double-create-destory.patch
 Patch6:		0007-to-make-secGear-log-more-clear.patch
 Patch7:		0008-modify-path-error.patch
-Patch8:		0009-fix-sgxssl-edl.patch
-Patch9:		0010-update-docs-build_install.md.patch
-Patch10:	0011-modify-the-prompt-information.patch
-Patch11:	0012-parse-new-error-code-and-del-redundant-print.patch
-Patch12:	0013-fix-error-print.patch
-Patch13:	0014-set-umask-in-sign_tool.sh.patch
-Patch14:	0015-1.fix-the-race-of-ecall-and-enclave-destroy.patch	
-Patch15:	0016-fix-wrong-spelling-and-null-pointer-dereference-issu.patch
-Patch16:    0017-update-signtool-codegen.patch
+Patch8:		0009-fix-cmake-error-of-missing-CMAKE_CXX_COMPILER.patch
+Patch9:		0010-fix-sgxssl-edl.patch
+Patch10:	0011-update-docs-build_install.md.patch
+Patch11:	0012-modify-the-prompt-information.patch
+Patch12:	0013-parse-new-error-code-and-del-redundant-print.patch
+Patch13:	0014-fix-error-print.patch
+Patch14:	0015-set-umask-in-sign_tool.sh.patch
+Patch15:	0016-1.fix-the-race-of-ecall-and-enclave-destroy.patch
+Patch16:	0017-fix-wrong-spelling-and-null-pointer-dereference-issu.patch
+Patch17:	0018-update-sign_tool.doc.patch
+Patch18:	0019-normalized-codegen-from-arm-and-x86.patch
+Patch19:	0020-rm-e-parameter-normalize-c-parameter.patch
+Patch20:	0021-example-use-absolute-path-to-find-enclave.sign.so.patch
+Patch21:	0022-add-example-of-using-sgxssl-lib.patch
+Patch22:	0023-tls_enclave-is-not-compiled-by-default.patch
+Patch23:	0024-Cmake-replace-minial-cmake-from-3.12-to-3.10.patch
+Patch24:	0025-example-add-example-for-LRT-long-running-task.patch
+Patch25:	0026-example-add-Dockerfile-to-build-lrt-example-image.patch
+Patch26:	0027-Change-to-use-the-milestone-picture-with-English.patch
+Patch27:	0028-example-use-the-sgx-device-plugin-from-intel.patch
+Patch28:	0029-some-adaptations-for-trustzone.patch
+Patch29:	0030-fix-sgx-two-step-mode-bug-add-dump-command.patch
+Patch30:	0031-set-signtool_v3.py-path.patch
+Patch31:	0032-del-size_to_aligned_size.patch
 
-BuildRequires:	gcc python3 automake autoconf libtool
+BuildRequires:	gcc python automake autoconf libtool
 BUildRequires:	glibc glibc-devel cmake ocaml-dune
 %ifarch x86_64
 BUildRequires:	linux-sgx-driver sgxsdk libsgx-launch libsgx-urts
+%else
+BUildRequires:	itrustee_sdk
 %endif
 
-Requires:	rsyslog
+Requires:		rsyslog
 %ifarch x86_64
-Requires:	linux-sgx-driver sgxsdk libsgx-launch libsgx-urts
+Requires:		linux-sgx-driver sgxsdk libsgx-launch libsgx-urts
+%else
+Requires:		itrustee_sdk
 %endif
+
 %description
 secGear is an SDK to develop confidential computing apps based on hardware enclave features
 
-%package	devel
-Summary:	Development files for %{name}
-Requires:	%{name}%{?isa} = %{version}-%{release} cmake
+%package		devel
+Summary:		Development files for %{name}
+Requires:		%{name}%{?isa} = %{version}-%{release} cmake
 %description	devel
-The %{name}-devel is package contains Header file for developing applications that 
+The %{name}-devel is package contains Header file for developing applications that
 us %{name}
 
-%package        sim
-Summary:        simulation package files for %{name}
-Requires:       %{name}%{?isa} = %{version}-%{release}
-%description    sim
+%ifarch x86_64
+%package		sim
+Summary:		simulation package files for %{name}
+Requires:		%{name}%{?isa} = %{version}-%{release}
+%description	sim
 The %{name}-sim is package contains simulation libraries for developing applications
+%endif
 
 %prep
 %autosetup -n %{name} -p1
 
-
 %build
 source ./environment
 %ifarch x86_64
 source /opt/intel/sgxsdk/environment
 cmake -DCMAKE_BUILD_TYPE=Debug -DCC_SGX=on -DSGXSDK=/opt/intel/sgxsdk
-make 
+make
 %else
-#The itrustee OS is not released 
+cmake -DCMAKE_BUILD_TYPE=Debug -DCC_GP=on -DiTrusteeSDK=/opt/itrustee_sdk
+make
 %endif
 
-
 %install
 make install DESTDIR=%{buildroot}
 install -d %{buildroot}/%{_datarootdir}/licenses/secGear
 install -pm 644 License/Third_Party_Open_Source_Software_Notice.md %{buildroot}/%{_datarootdir}/licenses/secGear
 install -d %{buildroot}/%{_includedir}/secGear
-#install -pm 644 inc/host_inc/* %{buildroot}/%{_includedir}/secGear/host_inc
-%ifarch x86_64
 install -d %{buildroot}/%{_bindir}
+install -pm 751 bin/codegen %{buildroot}/%{_bindir}
+install -pm 751 tools/sign_tool/sign_tool.sh %{buildroot}/%{_bindir}
+install -d %{buildroot}/%{_sysconfdir}/secGear/cloud
+install -d %{buildroot}/lib/secGear/
+install -pm 751 tools/sign_tool/*.py %{buildroot}/lib/secGear
+install -pm 644 tools/sign_tool/cloud/rsa_public_key_cloud.pem %{buildroot}/%{_sysconfdir}/secGear/cloud
+%ifarch x86_64
 install -pm 644 inc/host_inc/*.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/host_inc/sgx/*.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/host_inc/sgx/*.edl %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/enclave_inc/*.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/enclave_inc/sgx/*.h %{buildroot}/%{_includedir}/secGear
-install -pm 751 bin/codegen %{buildroot}/%{_bindir}
-install -pm 751 tools/sign_tool/sign_tool.sh %{buildroot}/%{_bindir}
 %else
 install -d %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/host_inc/*.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/host_inc/gp/*.h %{buildroot}/%{_includedir}/secGear
+install -pm 644 inc/host_inc/gp/*.edl %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/enclave_inc/*.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/enclave_inc/gp/*.h %{buildroot}/%{_includedir}/secGear
+install -pm 644 inc/enclave_inc/gp/itrustee/*.h %{buildroot}/%{_includedir}/secGear
 %endif
 pushd %{buildroot}
 rm `find . -name secgear_helloworld` -rf
 rm `find . -name secgear_seal_data` -rf
+%ifarch aarch64
+rm `find . -name libsecgearsim.so` -rf
+%endif
 popd
 
 %files
 %license License/LICENSE
 %license License/Third_Party_Open_Source_Software_Notice.md
 %defattr(-,root,root)
-/%{_lib}/libsecgear_tee.a
-/%{_lib}/libsecgear.so
+%{_libdir}/libsecgear_tee.a
+%{_libdir}/libsecgear.so
 %ifarch x86_64
-/%{_lib}/libsgx_0.so
+%{_libdir}/libsgx_0.so
 %else
-#The itrustee OS is not released
+%{_libdir}/libgp_0.so
 %endif
 %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/rsyslog.d/secgear.conf
 %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/logrotate.d/secgear
@@ -112,23 +141,26 @@ popd
 %files devel
 %{_bindir}/*
 %{_includedir}/secGear/*
+/lib/secGear/*
+%{_sysconfdir}/secGear/cloud/rsa_public_key_cloud.pem
 
+%ifarch x86_64
 %files sim
 %defattr(-,root,root)
 %license License/LICENSE
-/%{_lib}/libsecgearsim.so
-%ifarch x86_64
-/%{_lib}/libsgxsim_0.so
-%else
-#The itrustee OS is not released
+%{_libdir}/libsecgearsim.so
+%{_libdir}/libsgxsim_0.so
 %endif
 
 %changelog
+* Thu May 20 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-14
+- DESC: update some bugfix form openeuler secGear
+
 * Wed May 12 2021 yanlu<yanlu14@huawei.com> - 0.1.0-13
 - DESC: update signtool and codegen
 
 * Thu Apr 27 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-12
-- DESC: add licenses and thirdparty opensource notice
+- DESC: add cmake to Requires
 
 * Tue Apr 13 2021 wanghongzhe<wanghongzhe@huawei.com> - 0.1.0-11
 - DESC: add licenses and thirdparty opensource notice