Description
I want to link SGX to Intel ® Protected File System Library
According to the document prompt:
To use the Intel SGX Protected File System libraries:
- The enclave must be linked with libsgx_tprotected_fs.a
- The application must be linked with libsgx_uprotected_fs.a
- The enclave’s EDL file must ‘import’ all the functions from sgx_tpro tected_fs.edl
- The source files should ‘include’ sgx_tprotected_fs.h
For the first and second steps, I modified some of the code in the Makefile file:
1.App_Link_Flags += -lsgx_uprotected_fs
2.Enclave_Link_Flags :=
-Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_TRUSTED_LIBRARY_PATH) -L/usr/local/ssl
-Wl,--whole-archive -l$(Trts_Library_Name) -lsgx_tprotected_fs -Wl,--no-whole-archive
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -lssl -lcrypto -Wl,--end-group
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic
-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections
-Wl,--version-script=Enclave/Enclave.lds
Step three, I modify the code in the Enclave. edl file:
enclave {
include "user_types.h" /* buffer_t /
/ Import ECALL/OCALL from sub-directory EDLs.
- [from]: specifies the location of EDL file.
- [import]: specifies the functions to import,
- [*]: implies to import all functions.
*/
from "Edger8rSyntax/Types.edl" import *;
from "Edger8rSyntax/Pointers.edl" import *;
from "Edger8rSyntax/Arrays.edl" import *;
from "Edger8rSyntax/Functions.edl" import *;
from "TrustedLibrary/Libc.edl" import *;
from "TrustedLibrary/Libcxx.edl" import ecall_exception, ecall_map;
from "TrustedLibrary/Thread.edl" import *;
from"/opt/intel/sgxsdk/include/sgx_tprotected_fs.edl"import ;
/
- ocall_print_string - invokes OCALL to display string buffer inside the enclave.
- [in]: copy the string buffer to App outside.
- [string]: specifies 'str' is a NULL terminated buffer.
*/
untrusted {
void ocall_print_string([in, string] const char *str);
};
trusted {
public void writeTest();
public void readData();
};
In the fourth step, I added a line of code in Enclave.cpp:
#include "sgx_tprotected_fs.h"
Then an error occurred while running as follows:
root@tom-virtual-machine :/home/tom/SGX-CODE/SGX file operations # source/opt/intel/sgxsdk/environment
root@tom-virtual-machine :/home/tom/SGX-CODE/SGX file operation # make SGX_MODE=SIM
Make [1]: Go to the directory "/home/tom/SGX-CODE/SGX file operations"
error: Multiple definition of function "sgx_thread_wait_untrusted_event_ocall" detected.
Make [1]: * * * [Makefile: 230: App/Enclave_u. h] Error 255
Make [1]: Leave the directory "/home/tom/SGX-CODE/SGX file operation"
Make: * * * [Makefile: 189: all] Error 2
After searching, it was found that the sgx_thread_cait_untrusted_event_ocall function is located in sgx_tstdc.edl, while the TrustedLibrary/Thread.edl imports the above function:
from "sgx_tstdc.edl" import sgx_thread_wait_untrusted_event_ocall, sgx_thread_set_untrusted_event_ocall, sgx_thread_setwait_untrusted_events_ocall, sgx_thread_set_multiple_untrusted_events_ocall;
Similarly, sgx_tprotected_fs.edl also imports sgx_tdc.edl:
from "sgx_tstdc.edl" import *;
If the above problem cannot be solved temporarily, please tell me the right way to
use the Intel SGX Protected File System libraries
Any suggestion would be highly appreciated.
Thank you very much.