# There's no concept of debuginfo for SGX enclaves %define debug_package %{nil} %define linux_sgx_version 2.25 %define dcap_version 1.22 # If setting any of these to 0, modify repack.sh to strip # the binary from the prebuilt_dcap tarball # Provisioning Certification Enclave. Required. ECDSA quote signing %define with_enclave_pce 1 # ID Enclave. Required. Hardware identification %define with_enclave_ide 1 # Quoting Enclave. Required for non-TDX usage. ECDSA quote generation %define with_enclave_qe3 1 # Quoting Enclave. Required for TDX usage. ECDSA quote generation %define with_enclave_tdqe 1 # Quote Verification Enclave. Optional. ECDSA quote verification # # XXX Disabled as it links to an openssl build that has crypto # algorithms that haven't been approved by legal & thus it is # currently unknown if we can ship such code. See also comments # against Patch0202/Patch0203 later %define with_enclave_qve 0 Name: linux-sgx-enclaves-prebuilt Version: %{linux_sgx_version} Release: 1%{?dist} Summary: Intel SGX prebuilt architectural enclaves # The entire source code is BSD, except some third party projects are # under other licenses listed in License.txt. License: BSD-3-Clause AND Apache-2.0 AND MIT AND OpenSSL AND ISC AND BSD-2-Clause AND GPL-2.0-only AND SMLNJ AND NCSA AND Apache-1.0 AND FSFAP AND BSD-4-Clause-UC AND FSFUL AND Zlib AND (Apache-2.0 OR GPL-2.0-or-later) AND EPL-1.0 AND MS-PL AND BSD-4-Clause AND MIT-0 URL: https://github.com/intel/linux-sgx Source0: https://github.com/intel/linux-sgx/archive/refs/tags/sgx_%{linux_sgx_version}_reproducible.tar.gz#/linux-sgx-%{linux_sgx_version}-reproducible.tar.gz Source1: https://github.com/intel/SGXDataCenterAttestationPrimitives/archive/refs/tags/dcap_%{dcap_version}_reproducible.tar.gz # repack.sh purges AE's that we're not shipping & 'prebuilt/' (openssl / OPA binaries) Source2: https://download.01.org/intel-sgx/sgx-dcap/%{dcap_version}/linux/prebuilt_dcap_%{dcap_version}-repacked.tar.gz BuildRequires: sgx-srpm-macros # SGX is a technology that only exists in Intel x86 CPUs ExclusiveArch: x86_64 %description The Intel SGX prebuilt architectural enclaves bootstrap the SGX hardware for use by applications. %global do_package() \ %if %2 \ %package -n sgx-enclave-prebuilt-%1-signed \ Summary: SGX %1 enclave (signed) \ \ Provides: sgx-enclave(%1:signed) = %3 \ Provides: sgx-enclave(%1:signed:prebuilt) = %3 \ \ %description -n sgx-enclave-prebuilt-%1-signed \ This package contains the signed SGX %1 enclave, \ prebuilt by Intel. \ %endif %do_package pce %{with_enclave_pce} %{linux_sgx_version} %do_package ide %{with_enclave_ide} %{dcap_version} %do_package qe3 %{with_enclave_qe3} %{dcap_version} %do_package tdqe %{with_enclave_tdqe} %{dcap_version} %do_package qve %{with_enclave_qve} %{dcap_version} %prep %setup -n linux-sgx-sgx_%{linux_sgx_version}_reproducible # dcap ( cd external/dcap_source tar zxf %{SOURCE1} --strip 1 ) ( cd external/dcap_source/QuoteGeneration tar zxf %{SOURCE2} ) %install ############################################################ # Install phase # # There's nothing useful like 'make install' to install # everything in the right place :-( %__install -d %{buildroot}%{sgx_libdir} # @arg1: boolean condition for whether to ship this enclave # @arg2: base name of the enclave # @arg3: directory containing locally built enclave # @arg4: directory containing pre-bult enclave # @arg5: symbol name that defines the enclave SO version %global do_install() \ %if %1 \ version="$(grep %5 $version_file | awk '{print $3}' | sed -e 's/"//g')" \ libname="libsgx_%2.signed.so" \ libnameso="$libname.$(echo $version | awk -F . '{print $1}')" \ libnamever="$libname.$version" \ %__install -m 0755 %4/$libname %{buildroot}%{sgx_libdir}/$libnamever \ ln -s $libnamever %{buildroot}%{sgx_libdir}/$libnameso \ ln -s $libnameso %{buildroot}%{sgx_libdir}/$libname \ %endif version_file=common/inc/internal/se_version.h %do_install %{with_enclave_pce} pce psw/ae/pce external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt PCE_VERSION version_file=external/dcap_source/QuoteGeneration/common/inc/internal/se_version.h %do_install %{with_enclave_ide} id_enclave external/dcap_source/QuoteGeneration/quote_wrapper/quote/id_enclave/linux external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt IDE_VERSION %do_install %{with_enclave_qe3} qe3 external/dcap_source/QuoteGeneration/quote_wrapper/quote/enclave/linux external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt QE3_VERSION %do_install %{with_enclave_tdqe} tdqe external/dcap_source/QuoteGeneration/quote_wrapper/tdx_quote/enclave/linux external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt TDQE_VERSION %do_install %{with_enclave_qve} qve external/dcap_source/QuoteVerification/QvE external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt QVE_VERSION %global do_files() \ %if %3 \ %files -n sgx-enclave-prebuilt-%1-signed \ %{sgx_libdir}/libsgx_%2.signed.so* \ %endif %do_files pce pce %{with_enclave_pce} %do_files ide id_enclave %{with_enclave_ide} %do_files qe3 qe3 %{with_enclave_qe3} %do_files tdqe tdqe %{with_enclave_tdqe} %do_files qve qve %{with_enclave_qve} %changelog * Tue Nov 12 2024 Daniel P. Berrangé - 2.25-1 - Initial packaging