Commit Graph

20 Commits

Author SHA1 Message Date
Philip Hayes
0c918484fb sgx-sdk: 2.23 -> 2.24
- .patch out a `git submodule update` from `make preparation`.

- Place the `ipp-crypto/fips_cert.h` header somewhere sgx-sdk can find it.

Diff: <https://github.com/intel/linux-sgx/compare/sgx_2.23...sgx_2.24>

Changelog: <https://github.com/intel/linux-sgx/releases/tag/sgx_2.24>
2024-05-05 16:40:11 -07:00
Philip Hayes
ec66c8886b sgx-sdk/ipp-crypto: 2021.10.0 -> 2021.11.1
- gcc 12 and 13 are _still_ failing

- sgx-sdk now requires FIPS-mode enabled

Diff: <https://github.com/intel/ipp-crypto/compare/ippcp_2021.10.0...ippcp_2021.11.1>

Changelog: <https://github.com/intel/ipp-crypto/blob/ippcp_2021.11.1/CHANGELOG.md>
2024-05-05 16:39:46 -07:00
Philip Hayes
9dd20575b3 sgx-sdk: disable mtime in bundled zip file for reproducible builds
Context:

The `aesm_service` binary depends on a vendored library called
`CppMicroServices`. At build time, this lib creates and then bundles
service resources into a zip file and then embeds this zip into the
binary. Without changes, the `aesm_service` will be different after every
build because the embedded zip file contents have different modified times.

All credits to @haraldh for this patch <3
2024-03-06 17:20:30 -08:00
Philip Hayes
fd3978c164 sgx-sdk: add 'phlip9' as maintainer of sgx packages 2024-03-06 17:20:24 -08:00
Philip Hayes
25955eed5c sgx-sdk: 2.21 -> 2.23
- `make preparation` step keeps changing; use a more maintainable .patch
  approach instead of copying over steps from Makefile.

- Remove stale patch.

Diff: <https://github.com/intel/linux-sgx/compare/sgx_2.21...sgx_2.23>

Changelog (2.22): <https://github.com/intel/linux-sgx/releases/tag/sgx_2.22>

Changelog (2.23): <https://github.com/intel/linux-sgx/releases/tag/sgx_2.23>
2024-03-06 16:51:11 -08:00
Philip Hayes
3a38edd589 sgx-sdk/ipp-crypto: 2021.9.0 -> 2021.10.0
- gcc 13 still failing to compile w/o warnings...

Diff: <https://github.com/intel/ipp-crypto/compare/ippcp_2021.9.0...ippcp_2021.10.0>

Changelog: <https://github.com/intel/ipp-crypto/blob/ippcp_2021.10.0/CHANGELOG.md>
2024-03-06 16:51:11 -08:00
Philip Hayes
8d2a5753fd sgx-sdk/ipp-crypto: 2021.7 -> 2021.9.0
- Removes `sgx-sdk` dependency on EOL OpenSSL v1.1
- Updated ipp-crypto version is technically beyond the upstream
  `linux-sgx` repo's pinned version, but appears to work just as well.

Diff: <https://github.com/intel/ipp-crypto/compare/ippcp_2021.7...ippcp_2021.9.0>

Changelog: <https://github.com/intel/ipp-crypto/blob/ippcp_2021.9.0/CHANGELOG.md>
2023-12-21 13:25:51 +01:00
Philip Hayes
a03b0a37b6 sgx-sdk: 2.16 -> 2.21
Release notes:
<https://github.com/intel/linux-sgx/releases/tag/sgx_2.21>

sgx-sdk/ipp-crypto: 2021.3 -> 2021.7

* The `substituteInPlace` is no longer necessary as corresponding PR was
  merged.
2023-12-21 13:25:50 +01:00
Weijia Wang
f2970c0c85
Merge pull request #219381 from 0xbe7a/sgx-gcc-11
sgx/sdk/ipp-crypto: pin stdenv to gcc11
2023-03-03 21:22:17 +02:00
be7a
a0691fc810
sgx/sdk/ipp-crypto: pin stdenv to gcc11 2023-03-03 17:16:23 +01:00
Artturin
fe1c7a1945 treewide: remove usages of header and stopNest
they're obsolete
2023-01-16 00:08:12 +02:00
Julian Stecklina
2c8407089b sgx-sdk: pin to openssl_1_1
Currently, the sgx-sdk.runTestsHW attribute fails to build due to
linking errors. It looks like OpenSSL versions are mixed up.

And indeed sgx-sdk pulls in OpenSSL 3 while ipp-crypto pulls in
OpenSSL 1.1.

Fix by pinning the OpenSSL version for the SGX SDK to OpenSSL 1.1 as
well.
2022-12-12 17:18:28 +01:00
ajs124
d761390cd0 sgx/sdk/ipp-crypto: pin to openssl_1_1 2022-08-17 20:16:46 +02:00
Vincent Haupert
8655b82de7 sgx-sdk: 2.15.1 -> 2.16 2022-04-06 21:36:28 +02:00
Jörg Thalheim
9f93be7e1b
Merge pull request #153237 from veehaitch/sgx-sdk-2.15.1-samples
sgx-sdk, sgx-psw: improve samples
2022-01-31 05:58:09 +01:00
Jonathan Ringer
8d530c676a
sgx-sdk: fix build 2022-01-24 19:16:05 -08:00
Vincent Haupert
9dac06a14d sgx-sdk, sgx-psw: improve samples
Make it easier to review updates to `sgx-{sdk,psw}` on machines with
actual SGX hardware support. The passthru tests build and run the SGX
samples in simulation mode which works without any hardware support. To
run the samples on a machine with SGX hardware support, issue the
following command:

```bash
 $(nix-build -A sgx-sdk.runTestsHW)/bin/run-tests-hw
```

Make sure the SGX AESM daemon is running as some tests require it. See
the `services.aesmd.*` NixOS module options and the `sgx-psw` package
for details.
2022-01-09 18:02:58 +01:00
Vincent Haupert
4f7f8d0b2d sgx-sdk, sgx-psw: 2.14 -> 2.15.1
Also add some of the new samples as tests. Disable parallel builds for
the samples as they don't seem to support it (fail randomly).
2021-12-15 13:09:18 +01:00
Vincent Haupert
92c24a12a7 sgx-sdk, sgx-psw: add debug argument 2021-12-10 10:04:02 +01:00
Vincent Haupert
f5fcb87723 sgx-sdk: create sgx dir and move 2021-12-10 10:04:02 +01:00