Commit Graph

28 Commits

Author SHA1 Message Date
Theodore Ni
b14fcda6c0
sgx-psw: disable fortify3 hardening flag 2023-07-12 22:35:45 -07:00
Weijia Wang
f2970c0c85
Merge pull request #219381 from 0xbe7a/sgx-gcc-11
sgx/sdk/ipp-crypto: pin stdenv to gcc11
2023-03-03 21:22:17 +02:00
be7a
a0691fc810
sgx/sdk/ipp-crypto: pin stdenv to gcc11 2023-03-03 17:16:23 +01:00
Artturin
f9fdf2d402 treewide: move NIX_CFLAGS_COMPILE to the env attrset
with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper

this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
2023-02-22 21:23:04 +02:00
Artturin
fe1c7a1945 treewide: remove usages of header and stopNest
they're obsolete
2023-01-16 00:08:12 +02:00
Sandro
c8c8ac5cc6
Merge pull request #203449 from yaxitech/azure-quote-provider 2022-12-24 16:19:39 +01:00
Julian Stecklina
2c8407089b sgx-sdk: pin to openssl_1_1
Currently, the sgx-sdk.runTestsHW attribute fails to build due to
linking errors. It looks like OpenSSL versions are mixed up.

And indeed sgx-sdk pulls in OpenSSL 3 while ipp-crypto pulls in
OpenSSL 1.1.

Fix by pinning the OpenSSL version for the SGX SDK to OpenSSL 1.1 as
well.
2022-12-12 17:18:28 +01:00
Vincent Haupert
4e937f0d6b sgx-azure-quote-provider: add test-suite derivation 2022-12-04 20:12:50 +01:00
Andreas Stührk
da0dc8339c nixos/aesmd: add option to configure quote provider library
Changes sgx-psw to append `aesm` to `LD_LIBRARY_PATH`:
- Append instead of prepend to allow for overriding in service config
- As we already add a wrapper to add `aesm` to `LD_LIBRARY_PATH` it is
  not necessary to also set in `LD_LIBRARY_PATH` of the systemd service.

Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
2022-12-04 20:12:50 +01:00
Andreas Stührk
7de32b0ce9 sgx-azure-dcap-client: init at 1.11.2 2022-12-04 20:12:50 +01:00
ajs124
d761390cd0 sgx/sdk/ipp-crypto: pin to openssl_1_1 2022-08-17 20:16:46 +02:00
Artturin
c1fffdfffb treewide: change some glibc to stdenv.cc.libc 2022-05-27 05:57:43 +03:00
Artturin
0c4d65b21e treewide: stdenv.glibc -> glibc 2022-05-25 15:51:20 +03:00
Artturi
4f337a99de
Merge pull request #167571 from veehaitch/sgx-2.16
sgx-sdk, sgx-psw: 2.15.1 -> 2.16
2022-05-08 16:00:56 +03:00
Sandro Jäckel
f96a60f950
ssl: fix nix-env version parsing 2022-04-30 02:37:20 +02:00
Vincent Haupert
02e6180ce7 sgx-psw: 2.15.1 -> 2.16 2022-04-06 21:36:44 +02:00
Vincent Haupert
8655b82de7 sgx-sdk: 2.15.1 -> 2.16 2022-04-06 21:36:28 +02:00
Naïm Favier
9160044f5f
treewide/makeWrapper: replace --run cd with --chdir
Lay the groundwork for switching to binary wrappers by reducing uses
of `--run` (which is not supported by `makeBinaryWrapper`).
2022-03-19 09:46:31 +01:00
Jörg Thalheim
9f93be7e1b
Merge pull request #153237 from veehaitch/sgx-sdk-2.15.1-samples
sgx-sdk, sgx-psw: improve samples
2022-01-31 05:58:09 +01:00
Jonathan Ringer
8d530c676a
sgx-sdk: fix build 2022-01-24 19:16:05 -08:00
Vincent Haupert
6639cd8c65 sgx-ssl: don't run test app in installCheckPhase
Although we build the test app in SGX simulation mode which does not
require hardware SGX support, SGX SSL fails to initialize on non-Intel
CPUs. This is unexpected (and inconsistent with the `sgx-sdk` sample
code we run in the `installCheckPhase`) and subject to an upstream
issue: https://github.com/intel/intel-sgx-ssl/issues/113

Revert this commit as soon as the issue is resolved by Intel.
2022-01-15 13:08:31 +01:00
Andreas Stührk
db091609ff sgx-ssl: init at lin_2.15.1_1.1.1l
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
2022-01-12 19:24:39 +01:00
Vincent Haupert
9dac06a14d sgx-sdk, sgx-psw: improve samples
Make it easier to review updates to `sgx-{sdk,psw}` on machines with
actual SGX hardware support. The passthru tests build and run the SGX
samples in simulation mode which works without any hardware support. To
run the samples on a machine with SGX hardware support, issue the
following command:

```bash
 $(nix-build -A sgx-sdk.runTestsHW)/bin/run-tests-hw
```

Make sure the SGX AESM daemon is running as some tests require it. See
the `services.aesmd.*` NixOS module options and the `sgx-psw` package
for details.
2022-01-09 18:02:58 +01:00
Vincent Haupert
4f7f8d0b2d sgx-sdk, sgx-psw: 2.14 -> 2.15.1
Also add some of the new samples as tests. Disable parallel builds for
the samples as they don't seem to support it (fail randomly).
2021-12-15 13:09:18 +01:00
Vincent Haupert
d6cc0ad96e nixosTests.aesmd: init 2021-12-10 10:18:31 +01:00
Vincent Haupert
92c24a12a7 sgx-sdk, sgx-psw: add debug argument 2021-12-10 10:04:02 +01:00
Vincent Haupert
dd79220bca sgx-psw: init at 2.14.100.2
Co-authored-by: Alex Zero <joseph@marsden.space>
2021-12-10 10:04:02 +01:00
Vincent Haupert
f5fcb87723 sgx-sdk: create sgx dir and move 2021-12-10 10:04:02 +01:00