I tried two ways to build the pre-built binaries by myself. I am working on the 1.9 version with gcc-5.4.0 on Ubuntu 16.04.4.
make USE_OPT_LIBS=0to use the non-optimized source code version implementation, as stated in the README.md. Then
make sdk_install_pkgUSE_OPT_LIBS=0 succeeds,
make psw_install_pkgUSE_OPT_LIBS=0 fails. It still looks for the pre-built binaries in the folder
makecommand from the corresponding folder, e.g. in the
psw/ae/qefolder. There turns out to be some compiling errors or link errors.
I am trying to understand how the quoting enclave works. Is the pre-built
libsgx_qe.signed.so compiled from the provided sources? Is it all right to refer to the implementation in the
Any help is appreciated. Thanks
All prebuilt AE's are built with optimized libraries.
The build command USE_OPT_LIBS=0 make psw_install_pkg succeeds .
Can you check if your default build configuration work fine ?
The default compiling option `make psw_install_pkg` works fine. I'd like to understand the design of the prebuilt libsgx_qe.signed.so. Can I look into the source code of `psw/ae/qe/`? I assume the source code and the prebuilt binaries are following the same routine to generate the quote. Thanks.
What I am trying to do is something similar but for PSE (Platform Service Enclave). I have made changes to the pse code under (/psw/ae/pse/pse_op) and it is being compiled. I used the option USE_OPT_LIBS=0 to compile the source, and after solving various errors, I am able to successfully compile sdk and psw code (also the code which I have changed in pse_op eventually generating "pse_op.so" file), and then install the binaries in the proper folders. I have verified that the proper folders have my compiled "pse_op.so" instead of intel provided "libsgx_pse_op.signed.so" prebuilt files.
Now when I try running a simple "sgx_create_pse_session()" from an enclave, it fails with the error code "0x4001" which corresponds to "SGX_ERROR_SERVICE_UNAVAILABLE" and the comments say "Indicates aesm didn't respond or the requested service is not supported" according to the "sgx_error.h" file. Since creating a PSE session with the PSE enclave is supported, I feel like the problem is that aesm service is not responding. What I believe is that the pse_op enclave source code which I built into an enclave file (pse_op.so) is not signed by Intel keys, the aesm service is rejecting it. Kindly, correct me if my analysis is incorrect. Also, is there a way through which I can disable the feature in aesm which looks for the Intel signed enclave? Or I can sign the enclave with a new key and make aesm accept that?
I really need an answer to it because I need to implement a new service in PSE for my own development and testing purpose. Would appreciate help from Intel folks.