Decorate and identify SNP libraries (#4569)

microsoft · Nov 18, 2022 · d88c76a · d88c76a
1 parent c779a93
commit d88c76a
Show file tree

Hide file tree

Showing 39 changed files with 372 additions and 143 deletions.
diff --git a/.cmake-format.py b/.cmake-format.py
@@ -11,6 +11,7 @@
                 "INCLUDE_DIRS": "*",
                 "LINK_LIBS_ENCLAVE": "*",
                 "LINK_LIBS_VIRTUAL": "*",
+                "LINK_LIBS_SNP": "*",
             },
         },
         "add_client_exe": {

diff --git a/.daily_canary b/.daily_canary
@@ -1,4 +1,4 @@
    ___     ___
-  (+ *)   (O o)   |     Y
- (  V  ) (  V  )  O    /
+  (- *)   (O o)   |     Y
+ (  V  ) <  V  )  O    /
 /--x-m- /--m-m---xXx--/
diff --git a/.snpcc_canary b/.snpcc_canary
@@ -1,4 +1,4 @@
 
    |     Y
    O    /
-/-xXx--/-----
+/-xXx--/-----)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 [4.0.0-dev0]: https://github.com/microsoft/CCF/releases/tag/ccf-4.0.0-dev0
 
+### Changed
+
+- `enclave.type` configuration entry now only supports `Debug` or `Release`. Trusted Execution Environment platform should be specified via new `enclave.platform` configuration entry (`SGX`, `SNP` or `Virtual`) (#4569).
+
 ### Fixed
 
 - Fix issue with large snapshots that may cause node crash on startup (join/recover) if configured stack size was too low (#4566).

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -122,12 +122,16 @@ if(COMPILE_TARGET STREQUAL "sgx")
   )
 
   target_link_libraries(
-    ccf.enclave PUBLIC quickjs.enclave http_parser.enclave sss.enclave
-                       ccf_endpoints.enclave ccfcrypto.enclave ccf_kv.enclave
+    ccf.enclave
+    PUBLIC quickjs.enclave
+           http_parser.enclave
+           sss.enclave
+           ccf_endpoints.enclave
+           ccfcrypto.enclave
+           ccf_kv.enclave
+           nghttp2.enclave
   )
 
-  target_link_libraries(ccf.enclave PUBLIC nghttp2.enclave)
-
   add_lvi_mitigations(ccf.enclave)
 
   install(
@@ -141,19 +145,19 @@ if(COMPILE_TARGET STREQUAL "sgx")
   # Same as virtual for the time being but will diverge soon
 elseif(COMPILE_TARGET STREQUAL "snp")
 
-  # virtual version
-  add_library(ccf.virtual STATIC ${CCF_IMPL_SOURCE})
+  # SNP version
+  add_library(ccf.snp STATIC ${CCF_IMPL_SOURCE})
 
   target_compile_definitions(
-    ccf.virtual PUBLIC INSIDE_ENCLAVE VIRTUAL_ENCLAVE
-                       _LIBCPP_HAS_THREAD_API_PTHREAD PLATFORM_SNP
+    ccf.snp PUBLIC INSIDE_ENCLAVE VIRTUAL_ENCLAVE
+                   _LIBCPP_HAS_THREAD_API_PTHREAD PLATFORM_SNP
   )
 
-  target_compile_options(ccf.virtual PUBLIC ${COMPILE_LIBCXX})
-  add_warning_checks(ccf.virtual)
+  target_compile_options(ccf.snp PUBLIC ${COMPILE_LIBCXX})
+  add_warning_checks(ccf.snp)
 
   target_include_directories(
-    ccf.virtual SYSTEM
+    ccf.snp SYSTEM
     PUBLIC
       $<BUILD_INTERFACE:${CCF_GENERATED_DIR}>
       $<INSTALL_INTERFACE:include/ccf/> #< This contains the private headers
@@ -164,32 +168,31 @@ elseif(COMPILE_TARGET STREQUAL "snp")
   )
 
   target_link_libraries(
-    ccf.virtual
+    ccf.snp
     PUBLIC ${LINK_LIBCXX}
            -lgcc
-           http_parser.host
-           quickjs.host
-           sss.host
-           ccf_endpoints.host
-           ccfcrypto.host
-           ccf_kv.host
+           http_parser.snp
+           quickjs.snp
+           sss.snp
+           ccf_endpoints.snp
+           ccfcrypto.snp
+           ccf_kv.snp
+           nghttp2.snp
            ${OE_HOST_LIBRARY}
            ${CMAKE_THREAD_LIBS_INIT}
   )
 
-  target_link_libraries(ccf.virtual PUBLIC nghttp2.host)
-
-  set_property(TARGET ccf.virtual PROPERTY POSITION_INDEPENDENT_CODE ON)
+  set_property(TARGET ccf.snp PROPERTY POSITION_INDEPENDENT_CODE ON)
 
-  add_san(ccf.virtual)
+  add_san(ccf.snp)
 
   install(
-    TARGETS ccf.virtual
+    TARGETS ccf.snp
     EXPORT ccf
     DESTINATION lib
   )
 
-  add_dependencies(ccf ccf.virtual)
+  add_dependencies(ccf ccf.snp)
 
 elseif(COMPILE_TARGET STREQUAL "virtual")
 
@@ -225,12 +228,11 @@ elseif(COMPILE_TARGET STREQUAL "virtual")
            ccf_endpoints.host
            ccfcrypto.host
            ccf_kv.host
+           nghttp2.host
            ${OE_HOST_LIBRARY}
            ${CMAKE_THREAD_LIBS_INIT}
   )
 
-  target_link_libraries(ccf.virtual PUBLIC nghttp2.host)
-
   set_property(TARGET ccf.virtual PROPERTY POSITION_INDEPENDENT_CODE ON)
 
   add_san(ccf.virtual)

diff --git a/cmake/ccf_app.cmake b/cmake/ccf_app.cmake
@@ -95,8 +95,12 @@ endfunction()
 function(add_ccf_app name)
 
   cmake_parse_arguments(
-    PARSE_ARGV 1 PARSED_ARGS "" ""
-    "SRCS;INCLUDE_DIRS;LINK_LIBS_ENCLAVE;LINK_LIBS_VIRTUAL;DEPS;INSTALL_LIBS"
+    PARSE_ARGV
+    1
+    PARSED_ARGS
+    ""
+    ""
+    "SRCS;INCLUDE_DIRS;LINK_LIBS_ENCLAVE;LINK_LIBS_VIRTUAL;LINK_LIBS_SNP;DEPS;INSTALL_LIBS"
   )
   add_custom_target(${name} ALL)
 
@@ -126,42 +130,42 @@ function(add_ccf_app name)
     endif()
 
   elseif(COMPILE_TARGET STREQUAL "snp")
-    # Build a virtual enclave, loaded as a shared library without OE
-    set(virt_name ${name}.virtual)
+    # Build an SNP enclave, loaded as a shared library without OE
+    set(snp_name ${name}.snp)
 
-    add_library(${virt_name} SHARED ${PARSED_ARGS_SRCS})
+    add_library(${snp_name} SHARED ${PARSED_ARGS_SRCS})
 
-    target_compile_definitions(${virt_name} PUBLIC PLATFORM_SNP)
+    target_compile_definitions(${snp_name} PUBLIC PLATFORM_SNP)
 
     target_include_directories(
-      ${virt_name} SYSTEM PRIVATE ${PARSED_ARGS_INCLUDE_DIRS}
+      ${snp_name} SYSTEM PRIVATE ${PARSED_ARGS_INCLUDE_DIRS}
     )
-    add_warning_checks(${virt_name})
+    add_warning_checks(${snp_name})
 
     target_link_libraries(
-      ${virt_name} PRIVATE ${PARSED_ARGS_LINK_LIBS_VIRTUAL} ccf.virtual
+      ${snp_name} PRIVATE ${PARSED_ARGS_LINK_LIBS_SNP} ccf.snp
     )
 
     if(NOT SAN)
-      target_link_options(${virt_name} PRIVATE LINKER:--no-undefined)
+      target_link_options(${snp_name} PRIVATE LINKER:--no-undefined)
     endif()
 
     target_link_options(
-      ${virt_name} PRIVATE
+      ${snp_name} PRIVATE
       LINKER:--undefined=enclave_create_node,--undefined=enclave_run
     )
 
-    set_property(TARGET ${virt_name} PROPERTY POSITION_INDEPENDENT_CODE ON)
+    set_property(TARGET ${snp_name} PROPERTY POSITION_INDEPENDENT_CODE ON)
 
-    add_san(${virt_name})
+    add_san(${snp_name})
 
-    add_dependencies(${name} ${virt_name})
+    add_dependencies(${name} ${snp_name})
     if(PARSED_ARGS_DEPS)
-      add_dependencies(${virt_name} ${PARSED_ARGS_DEPS})
+      add_dependencies(${snp_name} ${PARSED_ARGS_DEPS})
     endif()
 
     if(${PARSED_ARGS_INSTALL_LIBS})
-      install(TARGETS ${virt_name} DESTINATION lib)
+      install(TARGETS ${snp_name} DESTINATION lib)
     endif()
 
   elseif(COMPILE_TARGET STREQUAL "virtual")

diff --git a/cmake/common.cmake b/cmake/common.cmake
@@ -161,9 +161,10 @@ if(COMPILE_TARGET STREQUAL "sgx")
   if(CMAKE_BUILD_TYPE STREQUAL "Debug")
     set(DEFAULT_ENCLAVE_TYPE debug)
   endif()
+elseif(COMPILE_TARGET STREQUAL "snp")
+  set(INSTALL_VIRTUAL_LIBRARIES OFF)
 else()
   set(INSTALL_VIRTUAL_LIBRARIES ON)
-  set(DEFAULT_ENCLAVE_TYPE virtual)
 endif()
 
 set(HTTP_PARSER_SOURCES
@@ -310,6 +311,14 @@ if(COMPILE_TARGET STREQUAL "sgx")
     EXPORT ccf
     DESTINATION lib
   )
+elseif(COMPILE_TARGET STREQUAL "snp")
+  add_library(http_parser.snp "${HTTP_PARSER_SOURCES}")
+  set_property(TARGET http_parser.snp PROPERTY POSITION_INDEPENDENT_CODE ON)
+  install(
+    TARGETS http_parser.snp
+    EXPORT ccf
+    DESTINATION lib
+  )
 endif()
 
 add_library(http_parser.host "${HTTP_PARSER_SOURCES}")
@@ -336,7 +345,17 @@ if(COMPILE_TARGET STREQUAL "sgx")
     EXPORT ccf
     DESTINATION lib
   )
+elseif(COMPILE_TARGET STREQUAL "snp")
+  add_host_library(ccf_kv.snp "${CCF_KV_SOURCES}")
+  add_san(ccf_kv.snp)
+  add_warning_checks(ccf_kv.snp)
+  install(
+    TARGETS ccf_kv.snp
+    EXPORT ccf
+    DESTINATION lib
+  )
 endif()
+
 add_host_library(ccf_kv.host "${CCF_KV_SOURCES}")
 add_san(ccf_kv.host)
 add_warning_checks(ccf_kv.host)
@@ -359,6 +378,17 @@ if(COMPILE_TARGET STREQUAL "sgx")
     EXPORT ccf
     DESTINATION lib
   )
+elseif(COMPILE_TARGET STREQUAL "snp")
+  add_host_library(ccf_endpoints.snp "${CCF_ENDPOINTS_SOURCES}")
+  target_link_libraries(ccf_endpoints.snp PUBLIC qcbor.snp)
+  target_link_libraries(ccf_endpoints.snp PUBLIC t_cose.snp)
+  add_san(ccf_endpoints.snp)
+  add_warning_checks(ccf_endpoints.snp)
+  install(
+    TARGETS ccf_endpoints.snp
+    EXPORT ccf
+    DESTINATION lib
+  )
 endif()
 
 add_host_library(ccf_endpoints.host "${CCF_ENDPOINTS_SOURCES}")
@@ -405,19 +435,17 @@ if(COMPILE_TARGET STREQUAL "sgx")
     DESTINATION lib
   )
 elseif(COMPILE_TARGET STREQUAL "snp")
-  add_library(js_openenclave.virtual STATIC ${CCF_DIR}/src/js/openenclave.cpp)
-  add_san(js_openenclave.virtual)
-  target_link_libraries(js_openenclave.virtual PUBLIC ccf.virtual)
-  target_compile_options(js_openenclave.virtual PRIVATE ${COMPILE_LIBCXX})
+  add_library(js_openenclave.snp STATIC ${CCF_DIR}/src/js/openenclave.cpp)
+  add_san(js_openenclave.snp)
+  target_link_libraries(js_openenclave.snp PUBLIC ccf.snp)
+  target_compile_options(js_openenclave.snp PRIVATE ${COMPILE_LIBCXX})
   target_compile_definitions(
-    js_openenclave.virtual PUBLIC INSIDE_ENCLAVE VIRTUAL_ENCLAVE
-                                  _LIBCPP_HAS_THREAD_API_PTHREAD PLATFORM_SNP
-  )
-  set_property(
-    TARGET js_openenclave.virtual PROPERTY POSITION_INDEPENDENT_CODE ON
+    js_openenclave.snp PUBLIC INSIDE_ENCLAVE VIRTUAL_ENCLAVE
+                              _LIBCPP_HAS_THREAD_API_PTHREAD PLATFORM_SNP
   )
+  set_property(TARGET js_openenclave.snp PROPERTY POSITION_INDEPENDENT_CODE ON)
   install(
-    TARGETS js_openenclave.virtual
+    TARGETS js_openenclave.snp
     EXPORT ccf
     DESTINATION lib
   )
@@ -454,22 +482,20 @@ if(COMPILE_TARGET STREQUAL "sgx")
   )
 elseif(COMPILE_TARGET STREQUAL "snp")
   add_library(
-    js_generic_base.virtual STATIC
+    js_generic_base.snp STATIC
     ${CCF_DIR}/src/apps/js_generic/js_generic_base.cpp
   )
-  add_san(js_generic_base.virtual)
-  add_warning_checks(js_generic_base.virtual)
-  target_link_libraries(js_generic_base.virtual PUBLIC ccf.virtual)
-  target_compile_options(js_generic_base.virtual PRIVATE ${COMPILE_LIBCXX})
+  add_san(js_generic_base.snp)
+  add_warning_checks(js_generic_base.snp)
+  target_link_libraries(js_generic_base.snp PUBLIC ccf.snp)
+  target_compile_options(js_generic_base.snp PRIVATE ${COMPILE_LIBCXX})
   target_compile_definitions(
-    js_generic_base.virtual PUBLIC INSIDE_ENCLAVE VIRTUAL_ENCLAVE
-                                   _LIBCPP_HAS_THREAD_API_PTHREAD PLATFORM_SNP
-  )
-  set_property(
-    TARGET js_generic_base.virtual PROPERTY POSITION_INDEPENDENT_CODE ON
+    js_generic_base.snp PUBLIC INSIDE_ENCLAVE VIRTUAL_ENCLAVE
+                               _LIBCPP_HAS_THREAD_API_PTHREAD PLATFORM_SNP
   )
+  set_property(TARGET js_generic_base.snp PROPERTY POSITION_INDEPENDENT_CODE ON)
   install(
-    TARGETS js_generic_base.virtual
+    TARGETS js_generic_base.snp
     EXPORT ccf
     DESTINATION lib
   )
@@ -501,8 +527,8 @@ add_ccf_app(
   js_generic
   SRCS ${CCF_DIR}/src/apps/js_generic/js_generic.cpp
   LINK_LIBS_ENCLAVE js_generic_base.enclave js_openenclave.enclave
-  LINK_LIBS_VIRTUAL js_generic_base.virtual js_openenclave.virtual INSTALL_LIBS
-                    ON
+  LINK_LIBS_VIRTUAL js_generic_base.virtual js_openenclave.virtual
+  LINK_LIBS_SNP js_generic_base.snp js_openenclave.snp INSTALL_LIBS ON
 )
 sign_app_library(
   js_generic.enclave ${CCF_DIR}/src/apps/js_generic/oe_sign.conf
@@ -636,6 +662,12 @@ function(add_e2e_test)
         PROPERTY ENVIRONMENT "DEFAULT_ENCLAVE_TYPE=${DEFAULT_ENCLAVE_TYPE}"
       )
     endif()
+
+    set_property(
+      TEST ${PARSED_ARGS_NAME}
+      APPEND
+      PROPERTY ENVIRONMENT "DEFAULT_ENCLAVE_PLATFORM=${COMPILE_TARGET}"
+    )
   endif()
 endfunction()
 
@@ -663,6 +695,7 @@ function(add_perf_test)
 
   set(TESTS_SUFFIX "")
   set(ENCLAVE_TYPE "")
+  set(ENCLAVE_PLATFORM "${COMPILE_TARGET}")
   if("sgx" STREQUAL COMPILE_TARGET)
     set(TESTS_SUFFIX "${TESTS_SUFFIX}_sgx")
     set(ENCLAVE_TYPE "release")
@@ -689,7 +722,7 @@ function(add_perf_test)
       ${CCF_NETWORK_TEST_ARGS} --consensus ${CONSENSUS}
       ${PARSED_ARGS_CONSTITUTION} --write-tx-times ${VERIFICATION_ARG} --label
       ${LABEL_ARG} --snapshot-tx-interval 10000 ${PARSED_ARGS_ADDITIONAL_ARGS}
-      -e ${ENCLAVE_TYPE} ${NODES}
+      -e ${ENCLAVE_TYPE} -t ${ENCLAVE_PLATFORM} ${NODES}
   )
 
   # Make python test client framework importable
@@ -705,6 +738,14 @@ function(add_perf_test)
       PROPERTY ENVIRONMENT "DEFAULT_ENCLAVE_TYPE=${DEFAULT_ENCLAVE_TYPE}"
     )
   endif()
+  if(DEFINED DEFAULT_ENCLAVE_PLATFORM)
+    set_property(
+      TEST ${TEST_NAME}
+      APPEND
+      PROPERTY ENVIRONMENT
+               "DEFAULT_ENCLAVE_PLATFORM=${DEFAULT_ENCLAVE_PLATFORM}"
+    )
+  endif()
   set_property(
     TEST ${TEST_NAME}
     APPEND