diff --git a/.github/workflows/README.md b/.github/workflows/README.md index e831e59bb442..77a9f78f03d9 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -30,7 +30,7 @@ File: `ci-containers-ghcr.yml` # CI -Main continuous integration job. Builds CCF for all target platforms, runs unit, end to end and partition tests for SGX and Virtual. Run on every commit, including PRs from forks, gates merging. Also runs once a week, regardless of commits. +Main continuous integration job. Builds CCF for all target platforms, runs unit, end to end and partition tests Virtual. Run on every commit, including PRs from forks, gates merging. Also runs once a week, regardless of commits. File: `ci.yml` 3rd party dependencies: None diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f415bc259d38..e5a28e8fd59c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,10 +42,6 @@ jobs: image: default nodes: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - - name: sgx - image: sgx - nodes: [self-hosted, 1ES.Pool=gha-sgx-ccf-sub] - options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro runs-on: ${{ matrix.platform.nodes }} container: image: ghcr.io/microsoft/ccf/ci/${{ matrix.platform.image }}:build-25-07-2024 @@ -65,15 +61,6 @@ jobs: ninja shell: bash - - name: "Platform SGX" - run: | - sudo groupadd -fg $(/usr/bin/stat -Lc '%g' /dev/sgx/provision) sgx_prv - sudo usermod -a -G sgx_prv $(whoami) - samples/scripts/sgxinfo.sh - cat /proc/cpuinfo | grep flags | uniq - shell: bash - if: "${{ matrix.platform.name == 'sgx' }}" - - name: "Platform SNP" run: | samples/scripts/snpinfo.sh diff --git a/CMakeLists.txt b/CMakeLists.txt index 3137d23d47c0..75eb5d2fd658 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,10 +2,10 @@ # Licensed under the Apache 2.0 License. cmake_minimum_required(VERSION 3.16) -set(ALLOWED_TARGETS "sgx;snp;virtual") +set(ALLOWED_TARGETS "snp;virtual") set(COMPILE_TARGET - "sgx" + "snp" CACHE STRING "Target compilation platforms, Choose from: ${ALLOWED_TARGETS}" ) @@ -76,7 +76,7 @@ endif() option( VERBOSE_LOGGING - "Enable verbose, potentially unsafe logging of enclave code. Affects logging level passed at run-time to end-to-end-tests, and compile-time max verbosity on SGX." + "Enable verbose, potentially unsafe logging of enclave code. Affects logging level passed at run-time to end-to-end-tests." OFF ) set(TEST_LOGGING_LEVEL "info") @@ -84,17 +84,6 @@ if(VERBOSE_LOGGING) set(TEST_LOGGING_LEVEL "trace") endif() -# NB: Toggling VERBOSE_LOGGING on non-SGX platforms causes no build change, so -# should not cause a rebuild -if(COMPILE_TARGET STREQUAL "sgx" AND NOT VERBOSE_LOGGING) - # Disable verbose, unsafe logging of enclave code. On some platforms it is - # safe to build with this logging enabled, and then it can be disabled at - # run-time. However this run-time control is not possible on SGX, so to ensure - # a given MRENCLAVE cannot leak via debug logging it must be removed at - # build-time, with this option. - add_compile_definitions(CCF_DISABLE_VERBOSE_LOGGING) -endif() - option(USE_NULL_ENCRYPTOR "Turn off encryption of ledger updates - debug only" OFF ) @@ -134,9 +123,6 @@ include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/tools.cmake) install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cmake/tools.cmake DESTINATION cmake) include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake) install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake DESTINATION cmake) -install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cmake/open_enclave.cmake - DESTINATION cmake -) if(SAN AND LVI_MITIGATIONS) message( @@ -152,18 +138,6 @@ if(TSAN AND LVI_MITIGATIONS) ) endif() -add_custom_command( - COMMAND - openenclave::oeedger8r ${CCF_DIR}/edl/ccf.edl --search-path ${OE_INCLUDEDIR} - --trusted --trusted-dir ${CCF_GENERATED_DIR} --untrusted --untrusted-dir - ${CCF_GENERATED_DIR} - COMMAND mv ${CCF_GENERATED_DIR}/ccf_t.c ${CCF_GENERATED_DIR}/ccf_t.cpp - COMMAND mv ${CCF_GENERATED_DIR}/ccf_u.c ${CCF_GENERATED_DIR}/ccf_u.cpp - DEPENDS ${CCF_DIR}/edl/ccf.edl - OUTPUT ${CCF_GENERATED_DIR}/ccf_t.cpp ${CCF_GENERATED_DIR}/ccf_u.cpp - COMMENT "Generating code from EDL, and renaming to .cpp" -) - # Copy and install CCF utilities set(CCF_UTILITIES keygenerator.sh submit_recovery_share.sh verify_quote.sh) foreach(UTILITY ${CCF_UTILITIES}) @@ -184,7 +158,6 @@ foreach(UTILITY ${CCF_TEST_UTILITIES}) endforeach() # Install additional utilities -install(PROGRAMS ${CCF_DIR}/samples/scripts/sgxinfo.sh DESTINATION bin) install(PROGRAMS ${CCF_DIR}/samples/scripts/snpinfo.sh DESTINATION bin) install(FILES ${CCF_DIR}/tests/config.jinja DESTINATION bin) @@ -199,15 +172,7 @@ install( USE_SOURCE_PERMISSIONS ) -if(COMPILE_TARGET STREQUAL "sgx") - # While virtual libraries need to be built for sgx for unit tests, these do - # not get installed to minimise installation size - set(INSTALL_VIRTUAL_LIBRARIES OFF) - - if(CMAKE_BUILD_TYPE STREQUAL "Debug") - set(DEFAULT_ENCLAVE_TYPE debug) - endif() -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") set(INSTALL_VIRTUAL_LIBRARIES OFF) else() set(INSTALL_VIRTUAL_LIBRARIES ON) @@ -268,10 +233,6 @@ list(APPEND CCHOST_SOURCES ${CCF_DIR}/src/host/main.cpp ${CCF_DIR}/src/host/env.cpp ) -if(COMPILE_TARGET STREQUAL "sgx") - list(APPEND CCHOST_SOURCES ${CCF_GENERATED_DIR}/ccf_u.cpp) -endif() - add_executable(cchost ${CCHOST_SOURCES}) add_warning_checks(cchost) @@ -282,9 +243,7 @@ target_compile_options( ) target_include_directories(cchost PRIVATE ${CCF_GENERATED_DIR}) -if(COMPILE_TARGET STREQUAL "sgx") - target_compile_definitions(cchost PUBLIC PLATFORM_SGX) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") target_compile_definitions(cchost PUBLIC PLATFORM_SNP) elseif(COMPILE_TARGET STREQUAL "virtual") target_compile_definitions(cchost PUBLIC PLATFORM_VIRTUAL) @@ -294,21 +253,11 @@ target_link_libraries( cchost PRIVATE uv ${TLS_LIBRARY} ${CMAKE_DL_LIBS} ${CMAKE_THREAD_LIBS_INIT} ${LINK_LIBCXX} ccfcrypto.host ) -if(COMPILE_TARGET STREQUAL "sgx") - target_link_libraries(cchost PRIVATE openenclave::oehost) -endif() install(TARGETS cchost DESTINATION bin) # HTTP parser -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library_c(http_parser.enclave "${HTTP_PARSER_SOURCES}") - install( - TARGETS http_parser.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") add_library(http_parser.snp "${HTTP_PARSER_SOURCES}") set_property(TARGET http_parser.snp PROPERTY POSITION_INDEPENDENT_CODE ON) install( @@ -353,19 +302,9 @@ set(CCF_JS_SOURCES ${CCF_DIR}/src/js/registry.cpp ) -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library(ccf_js.enclave "${CCF_JS_SOURCES}") - target_link_libraries(ccf_js.enclave PUBLIC ccfcrypto.enclave quickjs.enclave) - # JS extension observes jwt_management.h header where this definition is - # required - target_compile_definitions(ccf_js.enclave PUBLIC SGX_ATTESTATION_VERIFICATION) - add_warning_checks(ccf_js.enclave) - install( - TARGETS ccf_js.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +set(OE_BINDIR "") + +if(COMPILE_TARGET STREQUAL "snp") add_host_library(ccf_js.snp "${CCF_JS_SOURCES}") add_san(ccf_js.snp) target_link_libraries(ccf_js.snp PUBLIC ccfcrypto.snp quickjs.snp) @@ -395,15 +334,7 @@ set(CCF_KV_SOURCES ${CCF_DIR}/src/kv/untyped_map_diff.cpp ) -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library(ccf_kv.enclave "${CCF_KV_SOURCES}") - add_warning_checks(ccf_kv.enclave) - install( - TARGETS ccf_kv.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") add_host_library(ccf_kv.snp "${CCF_KV_SOURCES}") add_san(ccf_kv.snp) add_warning_checks(ccf_kv.snp) @@ -426,23 +357,7 @@ if(INSTALL_VIRTUAL_LIBRARIES) endif() # CCF endpoints libs -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library(ccf_endpoints.enclave "${CCF_ENDPOINTS_SOURCES}") - target_include_directories( - ccf_endpoints.enclave PRIVATE ${CCF_DIR}/src/endpoints - ) - target_link_libraries( - ccf_endpoints.enclave - PUBLIC qcbor.enclave t_cose.enclave http_parser.enclave ccfcrypto.enclave - ccf_kv.enclave - ) - add_warning_checks(ccf_endpoints.enclave) - install( - TARGETS ccf_endpoints.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") add_host_library(ccf_endpoints.snp "${CCF_ENDPOINTS_SOURCES}") target_include_directories(ccf_endpoints.snp PRIVATE ${CCF_DIR}/src/endpoints) target_link_libraries( @@ -497,16 +412,7 @@ set(CCF_NETWORK_TEST_ARGS ) set(JS_GENERIC_SOURCES ${CCF_DIR}/src/apps/js_generic/js_generic_base.cpp) -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library(js_generic_base.enclave ${JS_GENERIC_SOURCES}) - target_link_libraries(js_generic_base.enclave PUBLIC ccf.enclave) - add_lvi_mitigations(js_generic_base.enclave) - install( - TARGETS js_generic_base.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") add_library(js_generic_base.snp STATIC ${JS_GENERIC_SOURCES}) add_san(js_generic_base.snp) add_warning_checks(js_generic_base.snp) @@ -545,10 +451,6 @@ add_ccf_app( LINK_LIBS_VIRTUAL js_generic_base.virtual LINK_LIBS_SNP js_generic_base.snp INSTALL_LIBS ON ) -sign_app_library( - js_generic.enclave ${CCF_DIR}/src/apps/js_generic/oe_sign.conf - ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem INSTALL_LIBS ON -) # SNIPPET_END: JS generic application install(DIRECTORY ${CCF_DIR}/samples/apps/logging/js @@ -632,54 +534,8 @@ set(CCF_IMPL_SOURCE ${CCF_DIR}/src/enclave/thread_local.cpp ${CCF_DIR}/src/node/quote.cpp ) -if(COMPILE_TARGET STREQUAL "sgx") - # enclave version - add_enclave_library( - ccf.enclave ${CCF_IMPL_SOURCE} ${CCF_GENERATED_DIR}/ccf_t.cpp - ) - - # PLATFORM_SGX to initialise Open Enclave SGX enclave creation and - # SGX_ATTESTATION_VERIFICATION to verify SGX attestation reports. - target_compile_definitions( - ccf.enclave PUBLIC PLATFORM_SGX SGX_ATTESTATION_VERIFICATION - ) - - add_warning_checks(ccf.enclave) - - target_include_directories( - ccf.enclave SYSTEM - PUBLIC - $ - $ #< This contains the private headers - #< which are currently under src, and - #< should be removed or renamed - $ - $ - ) - - target_link_libraries( - ccf.enclave - PUBLIC http_parser.enclave - sss.enclave - ccf_js.enclave - ccf_endpoints.enclave - ccfcrypto.enclave - ccf_kv.enclave - nghttp2.enclave - ) - - add_lvi_mitigations(ccf.enclave) - - install( - TARGETS ccf.enclave - EXPORT ccf - DESTINATION lib - ) - - add_dependencies(ccf ccf.enclave) - - # Same as virtual for the time being but will diverge soon -elseif(COMPILE_TARGET STREQUAL "snp") +# Same as virtual for the time being but will diverge soon +if(COMPILE_TARGET STREQUAL "snp") # SNP version add_library(ccf.snp STATIC ${CCF_IMPL_SOURCE}) @@ -831,16 +687,6 @@ install(FILES samples/constitutions/default/apply.js DESTINATION bin) install(FILES tests/start_network.py DESTINATION bin) install(FILES tests/requirements.txt DESTINATION bin) -# Generate an ephemeral signing key -add_custom_command( - OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem - COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3 - 3072 -) -add_custom_target( - signing_key ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -) - # Add sample apps add_subdirectory(${CCF_DIR}/samples) @@ -1134,17 +980,14 @@ if(BUILD_TESTS) PROPERTY ENVIRONMENT "ASAN_OPTIONS=alloc_dealloc_mismatch=0" ) - if(NOT UNSAFE_VERSION) - # Unsafe builds do not follow normal version conventions - add_test(NAME versionifier_test - COMMAND ${PYTHON} - ${CMAKE_SOURCE_DIR}/python/src/ccf/_versionifier.py - ) + add_test(NAME versionifier_test + COMMAND ${PYTHON} + ${CMAKE_SOURCE_DIR}/python/src/ccf/_versionifier.py + ) - add_test(NAME github_version_lts_test - COMMAND ${PYTHON} ${CMAKE_SOURCE_DIR}/tests/infra/github.py - ) - endif() + add_test(NAME github_version_lts_test + COMMAND ${PYTHON} ${CMAKE_SOURCE_DIR}/tests/infra/github.py + ) endif() if(NOT TSAN) @@ -1463,9 +1306,7 @@ if(BUILD_TESTS) list(APPEND LTS_TEST_ARGS --check-ledger-compatibility) endif() - if(NOT UNSAFE_VERSION AND NOT SAN) - # Unsafe builds do not follow normal version conventions LTS nodes may - # also require different runtime libraries + if(NOT SAN) add_e2e_test( NAME lts_compatibility PYTHON_SCRIPT ${CMAKE_SOURCE_DIR}/tests/lts_compatibility.py diff --git a/cmake/ccf_app.cmake b/cmake/ccf_app.cmake index fc54a413b946..abd9e5d269d0 100644 --- a/cmake/ccf_app.cmake +++ b/cmake/ccf_app.cmake @@ -1,11 +1,11 @@ # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the Apache 2.0 License. -set(ALLOWED_TARGETS "sgx;snp;virtual") +set(ALLOWED_TARGETS "snp;virtual") if(NOT DEFINED COMPILE_TARGET) set(COMPILE_TARGET - "sgx" + "snp" CACHE STRING "Target compilation platforms, Choose from: ${ALLOWED_TARGETS}" ) @@ -19,73 +19,9 @@ if(NOT COMPILE_TARGET IN_LIST ALLOWED_TARGETS) endif() message(STATUS "Compile target platform: ${COMPILE_TARGET}") -include(${CCF_DIR}/cmake/open_enclave.cmake) - list(APPEND COMPILE_LIBCXX -stdlib=libc++) list(APPEND LINK_LIBCXX -lc++ -lc++abi -stdlib=libc++) -# Sign a built enclave library with oesign -function(sign_app_library name app_oe_conf_path enclave_sign_key_path) - cmake_parse_arguments(PARSE_ARGV 1 PARSED_ARGS "" "" "INSTALL_LIBS") - - if(TARGET ${name}) - # Produce a debuggable variant. This doesn't need to be signed, but oesign - # also stamps the other config (heap size etc) which _are_ needed - set(DEBUG_CONF_NAME ${CMAKE_CURRENT_BINARY_DIR}/${name}.debuggable.conf) - - add_custom_command( - OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.debuggable - # Copy conf file locally - COMMAND cp ${app_oe_conf_path} ${DEBUG_CONF_NAME} - # Remove any existing Debug= lines - COMMAND sed -i "/^Debug=\.*/d" ${DEBUG_CONF_NAME} - # Add Debug=1 line - COMMAND echo "Debug=1" >> ${DEBUG_CONF_NAME} - COMMAND - openenclave::oesign sign -e ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so -c - ${DEBUG_CONF_NAME} -k ${enclave_sign_key_path} -o - ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.debuggable - DEPENDS ${name} ${app_oe_conf_path} ${enclave_sign_key_path} - ) - - add_custom_target( - ${name}_debuggable ALL - DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.debuggable - ) - - # Produce a releaseable signed variant. This is NOT debuggable - oegdb - # cannot be attached - set(SIGNED_CONF_NAME ${CMAKE_CURRENT_BINARY_DIR}/${name}.signed.conf) - add_custom_command( - OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.signed - # Copy conf file locally - COMMAND cp ${app_oe_conf_path} ${SIGNED_CONF_NAME} - # Remove any existing Debug= lines - COMMAND sed -i "/^Debug=\.*/d" ${SIGNED_CONF_NAME} - # Add Debug=0 line - COMMAND echo "Debug=0" >> ${SIGNED_CONF_NAME} - COMMAND - openenclave::oesign sign -e ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so -c - ${SIGNED_CONF_NAME} -k ${enclave_sign_key_path} - DEPENDS ${name} ${app_oe_conf_path} ${enclave_sign_key_path} - ) - - add_custom_target( - ${name}_signed ALL - DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.signed - ) - - if(${PARSED_ARGS_INSTALL_LIBS}) - install(FILES ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.debuggable - DESTINATION lib - ) - install(FILES ${CMAKE_CURRENT_BINARY_DIR}/lib${name}.so.signed - DESTINATION lib - ) - endif() - endif() -endfunction() - # Enclave library wrapper function(add_ccf_app name) @@ -99,34 +35,8 @@ function(add_ccf_app name) ) add_custom_target(${name} ALL) - if(COMPILE_TARGET STREQUAL "sgx") - set(enc_name ${name}.enclave) - - add_library(${enc_name} SHARED ${PARSED_ARGS_SRCS}) - - target_compile_definitions(${enc_name} PUBLIC PLATFORM_SGX) - - target_include_directories(${enc_name} PRIVATE ${PARSED_ARGS_INCLUDE_DIRS}) - target_include_directories( - ${enc_name} SYSTEM PRIVATE ${PARSED_ARGS_SYSTEM_INCLUDE_DIRS} - ) - add_warning_checks(${enc_name}) - target_link_libraries( - ${enc_name} PRIVATE ${PARSED_ARGS_LINK_LIBS_ENCLAVE} - ${OE_TARGET_ENCLAVE_CORE_LIBS} ccf.enclave - ) - - set_property(TARGET ${enc_name} PROPERTY POSITION_INDEPENDENT_CODE ON) - - add_lvi_mitigations(${enc_name}) - - add_dependencies(${name} ${enc_name}) - if(PARSED_ARGS_DEPS) - add_dependencies(${enc_name} ${PARSED_ARGS_DEPS}) - endif() - - elseif(COMPILE_TARGET STREQUAL "snp") - # Build an SNP enclave, loaded as a shared library without OE + if(COMPILE_TARGET STREQUAL "snp") + # Build an SNP enclave, loaded as a shared library set(snp_name ${name}.snp) add_library(${snp_name} SHARED ${PARSED_ARGS_SRCS}) @@ -166,7 +76,7 @@ function(add_ccf_app name) endif() elseif(COMPILE_TARGET STREQUAL "virtual") - # Build a virtual enclave, loaded as a shared library without OE + # Build a virtual enclave, loaded as a shared library set(virt_name ${name}.virtual) add_library(${virt_name} SHARED ${PARSED_ARGS_SRCS}) @@ -207,33 +117,6 @@ function(add_ccf_app name) endif() endfunction() -# Convenience wrapper to build C-libraries that can be linked in enclave, ie. in -# a CCF application. -if(COMPILE_TARGET STREQUAL "sgx") - function(add_enclave_library_c name) - cmake_parse_arguments(PARSE_ARGV 1 PARSED_ARGS "" "" "") - set(files ${PARSED_ARGS_UNPARSED_ARGUMENTS}) - add_library(${name} STATIC ${files}) - target_compile_options(${name} PRIVATE -nostdinc) - target_link_libraries(${name} PRIVATE ${OE_TARGET_LIBC}) - set_property(TARGET ${name} PROPERTY POSITION_INDEPENDENT_CODE ON) - endfunction() - - # Convenience wrapper to build C++-libraries that can be linked in enclave, - # ie. in a CCF application. - function(add_enclave_library name) - cmake_parse_arguments(PARSE_ARGV 1 PARSED_ARGS "" "" "") - set(files ${PARSED_ARGS_UNPARSED_ARGUMENTS}) - add_library(${name} ${files}) - target_compile_options(${name} PUBLIC -nostdinc -nostdinc++) - target_compile_definitions( - ${name} PUBLIC INSIDE_ENCLAVE _LIBCPP_HAS_THREAD_API_PTHREAD - ) - target_link_libraries(${name} PUBLIC ${OE_TARGET_ENCLAVE_AND_STD} -lgcc) - set_property(TARGET ${name} PROPERTY POSITION_INDEPENDENT_CODE ON) - endfunction() -endif() - function(add_host_library name) cmake_parse_arguments(PARSE_ARGV 1 PARSED_ARGS "" "" "") set(files ${PARSED_ARGS_UNPARSED_ARGUMENTS}) diff --git a/cmake/ccf_sgx-config.cmake.in b/cmake/ccf_sgx-config.cmake.in deleted file mode 100644 index 79eef919b49c..000000000000 --- a/cmake/ccf_sgx-config.cmake.in +++ /dev/null @@ -1,10 +0,0 @@ -@PACKAGE_INIT@ - -set(CCF_DIR "@CMAKE_INSTALL_PREFIX@") -set(SAN "@SAN@") - -include("${CCF_DIR}/cmake/ccf-targets.cmake") -include("${CCF_DIR}/cmake/preproject.cmake") -include("${CCF_DIR}/cmake/ccf_app.cmake") -include("${CCF_DIR}/cmake/tools.cmake") -include("${CCF_DIR}/cmake/open_enclave.cmake") diff --git a/cmake/ccf_sgx_unsafe-config.cmake.in b/cmake/ccf_sgx_unsafe-config.cmake.in deleted file mode 100644 index 79eef919b49c..000000000000 --- a/cmake/ccf_sgx_unsafe-config.cmake.in +++ /dev/null @@ -1,10 +0,0 @@ -@PACKAGE_INIT@ - -set(CCF_DIR "@CMAKE_INSTALL_PREFIX@") -set(SAN "@SAN@") - -include("${CCF_DIR}/cmake/ccf-targets.cmake") -include("${CCF_DIR}/cmake/preproject.cmake") -include("${CCF_DIR}/cmake/ccf_app.cmake") -include("${CCF_DIR}/cmake/tools.cmake") -include("${CCF_DIR}/cmake/open_enclave.cmake") diff --git a/cmake/common.cmake b/cmake/common.cmake index f786365d1f0f..fe3bfb6aa60f 100644 --- a/cmake/common.cmake +++ b/cmake/common.cmake @@ -211,10 +211,7 @@ function(add_perf_test) set(TESTS_SUFFIX "") set(ENCLAVE_TYPE "") set(ENCLAVE_PLATFORM "${COMPILE_TARGET}") - if("sgx" STREQUAL COMPILE_TARGET) - set(TESTS_SUFFIX "${TESTS_SUFFIX}_sgx") - set(ENCLAVE_TYPE "release") - elseif("virtual" STREQUAL COMPILE_TARGET) + if("virtual" STREQUAL COMPILE_TARGET) set(TESTS_SUFFIX "${TESTS_SUFFIX}_virtual") set(ENCLAVE_TYPE "virtual") endif() @@ -284,10 +281,7 @@ function(add_piccolo_test) set(TESTS_SUFFIX "") set(ENCLAVE_TYPE "") set(ENCLAVE_PLATFORM "${COMPILE_TARGET}") - if("sgx" STREQUAL COMPILE_TARGET) - set(TESTS_SUFFIX "${TESTS_SUFFIX}_sgx") - set(ENCLAVE_TYPE "release") - elseif("virtual" STREQUAL COMPILE_TARGET) + if("virtual" STREQUAL COMPILE_TARGET) set(TESTS_SUFFIX "${TESTS_SUFFIX}_virtual") set(ENCLAVE_TYPE "virtual") endif() diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake index 099a608a053c..d3d57e0bd6e9 100644 --- a/cmake/cpack_settings.cmake +++ b/cmake/cpack_settings.cmake @@ -24,14 +24,7 @@ message(STATUS "Debian package version: ${CPACK_DEBIAN_PACKAGE_VERSION}") set(CCF_DEB_BASE_DEPENDENCIES "libuv1 (>= 1.34.2);openssl (>=1.1.1f)") set(CCF_DEB_DEPENDENCIES ${CCF_DEB_BASE_DEPENDENCIES}) -set(OE_VERSION "0.19.7") -if(COMPILE_TARGET STREQUAL "sgx") - list(APPEND CCF_DEB_DEPENDENCIES - "libc++1-11;libc++abi1-11;open-enclave (>=${OE_VERSION})" - ) -else() - list(APPEND CCF_DEB_DEPENDENCIES "libc++1-15;libc++abi1-15") -endif() +list(APPEND CCF_DEB_DEPENDENCIES "libc++1-15;libc++abi1-15") list(JOIN CCF_DEB_DEPENDENCIES ", " CPACK_DEBIAN_PACKAGE_DEPENDS) diff --git a/cmake/crypto.cmake b/cmake/crypto.cmake index 28d512cf8ecd..8dfb7e1b0cdd 100644 --- a/cmake/crypto.cmake +++ b/cmake/crypto.cmake @@ -28,17 +28,7 @@ set(CCFCRYPTO_SRC ${CCF_DIR}/src/crypto/sharing.cpp ) -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library(ccfcrypto.enclave ${CCFCRYPTO_SRC}) - target_link_libraries(ccfcrypto.enclave PUBLIC qcbor.enclave) - target_link_libraries(ccfcrypto.enclave PUBLIC t_cose.enclave) - - install( - TARGETS ccfcrypto.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") add_library(ccfcrypto.snp ${CCFCRYPTO_SRC}) add_san(ccfcrypto.snp) target_compile_options(ccfcrypto.snp PUBLIC ${COMPILE_LIBCXX}) diff --git a/cmake/nghttp2.cmake b/cmake/nghttp2.cmake index f353e4110fce..f69a3d5a50dd 100644 --- a/cmake/nghttp2.cmake +++ b/cmake/nghttp2.cmake @@ -33,22 +33,7 @@ set(NGHTTP2_SRCS ${NGHTTP2_PREFIX}/sfparse.c ) -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library_c(nghttp2.enclave ${NGHTTP2_SRCS}) - target_include_directories( - nghttp2.enclave PUBLIC $ - $ - ) - target_compile_definitions( - nghttp2.enclave PUBLIC -DNGHTTP2_STATICLIB -DHAVE_ARPA_INET_H=1 - ) - - install( - TARGETS nghttp2.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") add_library(nghttp2.snp STATIC ${NGHTTP2_SRCS}) target_include_directories( nghttp2.snp PUBLIC $ diff --git a/cmake/open_enclave.cmake b/cmake/open_enclave.cmake deleted file mode 100644 index 7428e3ec37a1..000000000000 --- a/cmake/open_enclave.cmake +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the Apache 2.0 License. - -if(COMPILE_TARGET STREQUAL "sgx") - # Find OpenEnclave package - find_package(OpenEnclave 0.19.7 CONFIG REQUIRED) - - option(USE_OPENSSL_3 "Use OpenSSL 3.x for Open Enclave builds" ON) - if(USE_OPENSSL_3) - set(OE_OPENSSL_LIBRARY openenclave::oecryptoopenssl_3) - else() - set(OE_OPENSSL_LIBRARY openenclave::oecryptoopenssl) - endif() - # As well as pulling in openenclave:: targets, this sets variables which can - # be used for our edge cases (eg - for virtual libraries). These do not follow - # the standard naming patterns, for example use OE_INCLUDEDIR rather than - # OpenEnclave_INCLUDE_DIRS - if(COMPILE_TARGET STREQUAL "sgx") - set(OE_TARGET_LIBC openenclave::oelibc) - set(OE_TARGET_ENCLAVE_AND_STD openenclave::oeenclave openenclave::oelibcxx - openenclave::oelibc ${OE_OPENSSL_LIBRARY} - ) - - # These oe libraries must be linked in specific order - set(OE_TARGET_ENCLAVE_CORE_LIBS - openenclave::oeenclave openenclave::oesnmalloc openenclave::oecore - openenclave::oesyscall - ) - - option(LVI_MITIGATIONS "Enable LVI mitigations" ON) - if(LVI_MITIGATIONS) - string(APPEND OE_TARGET_LIBC -lvi-cfg) - list(TRANSFORM OE_TARGET_ENCLAVE_AND_STD APPEND -lvi-cfg) - list(TRANSFORM OE_TARGET_ENCLAVE_CORE_LIBS APPEND -lvi-cfg) - endif() - - function(add_lvi_mitigations name) - if(LVI_MITIGATIONS) - # Enable clang-11 built-in LVI mitigation - target_compile_options(${name} PRIVATE -mlvi-cfi) - endif() - endfunction() - - set(OE_HOST_LIBRARY openenclave::oehost) - endif() -endif() diff --git a/cmake/preproject.cmake b/cmake/preproject.cmake index feb37c7aa0dd..e48f76007431 100644 --- a/cmake/preproject.cmake +++ b/cmake/preproject.cmake @@ -11,13 +11,8 @@ if((NOT CMAKE_C_COMPILER) AND "$ENV{CC}" STREQUAL "" AND "$ENV{CXX}" STREQUAL "" ) - if("${COMPILE_TARGET}" STREQUAL "sgx") - find_program(FOUND_CMAKE_C_COMPILER NAMES clang-11) - find_program(FOUND_CMAKE_CXX_COMPILER NAMES clang++-11) - else() - find_program(FOUND_CMAKE_C_COMPILER NAMES clang-15) - find_program(FOUND_CMAKE_CXX_COMPILER NAMES clang++-15) - endif() + find_program(FOUND_CMAKE_C_COMPILER NAMES clang-15) + find_program(FOUND_CMAKE_CXX_COMPILER NAMES clang++-15) if(NOT (FOUND_CMAKE_C_COMPILER AND FOUND_CMAKE_CXX_COMPILER)) message( WARNING diff --git a/cmake/protobuf.cmake b/cmake/protobuf.cmake index 77e9640bb9ee..90616b7941b1 100644 --- a/cmake/protobuf.cmake +++ b/cmake/protobuf.cmake @@ -19,15 +19,7 @@ get_target_property(LIBPROTOBUF_SOURCES libprotobuf SOURCES) set(PROTOBUF_TARGETS "protobuf.virtual") add_host_library(protobuf.virtual ${LIBPROTOBUF_SOURCES}) -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library(protobuf.enclave ${LIBPROTOBUF_SOURCES}) - list(APPEND PROTOBUF_TARGETS "protobuf.enclave") - install( - TARGETS protobuf.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") add_host_library(protobuf.snp ${LIBPROTOBUF_SOURCES}) list(APPEND PROTOBUF_TARGETS "protobuf.snp") install( diff --git a/cmake/qcbor.cmake b/cmake/qcbor.cmake index 32ac9ff6a6c9..6681282472d0 100644 --- a/cmake/qcbor.cmake +++ b/cmake/qcbor.cmake @@ -9,19 +9,7 @@ set(QCBOR_SRCS "${QCBOR_SRC}/qcbor_encode.c" "${QCBOR_SRC}/qcbor_err_to_str.c" "${QCBOR_SRC}/UsefulBuf.c" ) -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library_c(qcbor.enclave ${QCBOR_SRCS}) - target_include_directories( - qcbor.enclave PUBLIC $ - $ - ) - - install( - TARGETS qcbor.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") add_library(qcbor.snp STATIC ${QCBOR_SRCS}) target_include_directories( diff --git a/cmake/quickjs.cmake b/cmake/quickjs.cmake index 2be5dec5a337..4a4f783feb89 100644 --- a/cmake/quickjs.cmake +++ b/cmake/quickjs.cmake @@ -27,26 +27,7 @@ message(STATUS "QuickJS prefix: ${QUICKJS_PREFIX} version: ${QUICKJS_VERSION}") # We need two versions of libquickjs, because it depends on libc -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library_c(quickjs.enclave ${QUICKJS_SRC}) - target_compile_options( - quickjs.enclave - PUBLIC -DCONFIG_VERSION="${QUICKJS_VERSION}" -DEMSCRIPTEN - -DCONFIG_STACK_CHECK -DCONFIG_BIGNUM - PRIVATE $<$:-DDUMP_LEAKS> - ) - target_include_directories( - quickjs.enclave - PUBLIC $ - $ - ) - - install( - TARGETS quickjs.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") add_library(quickjs.snp STATIC ${QUICKJS_SRC}) target_compile_options( quickjs.snp diff --git a/cmake/sss.cmake b/cmake/sss.cmake index 0015d7ef41f8..5ee8cd93b9ce 100644 --- a/cmake/sss.cmake +++ b/cmake/sss.cmake @@ -11,14 +11,7 @@ set(SSS_SRC ${SSS_PREFIX}/sss.c ${SSS_PREFIX}/hazmat.c ${SSS_PREFIX}/tweetnacl.c ) -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library_c(sss.enclave ${SSS_SRC}) - install( - TARGETS sss.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") add_library(sss.snp STATIC ${SSS_SRC}) add_san(sss.snp) set_property(TARGET sss.snp PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/cmake/t_cose.cmake b/cmake/t_cose.cmake index b103164388fb..67a8011dab6a 100644 --- a/cmake/t_cose.cmake +++ b/cmake/t_cose.cmake @@ -12,28 +12,7 @@ set(T_COSE_SRCS "${T_COSE_SRC}/t_cose_util.c" "${T_COSE_DIR}/crypto_adapters/t_cose_openssl_crypto.c" ) -if(COMPILE_TARGET STREQUAL "sgx") - add_enclave_library_c(t_cose.enclave ${T_COSE_SRCS}) - target_compile_definitions(t_cose.enclave PRIVATE ${T_COSE_DEFS}) - target_compile_options(t_cose.enclave INTERFACE ${T_COSE_OPTS_INTERFACE}) - - target_include_directories(t_cose.enclave PRIVATE "${T_COSE_SRC}") - target_include_directories( - t_cose.enclave - PUBLIC $ - $ - ) - - target_link_libraries(t_cose.enclave PUBLIC qcbor.enclave) - # This is needed to get the OpenSSL includes from Open Enclave - target_link_libraries(t_cose.enclave PRIVATE ${OE_OPENSSL_LIBRARY}) - - install( - TARGETS t_cose.enclave - EXPORT ccf - DESTINATION lib - ) -elseif(COMPILE_TARGET STREQUAL "snp") +if(COMPILE_TARGET STREQUAL "snp") find_package(OpenSSL REQUIRED) add_library(t_cose.snp STATIC ${T_COSE_SRCS}) target_compile_definitions(t_cose.snp PRIVATE ${T_COSE_DEFS}) diff --git a/cmake/version.cmake b/cmake/version.cmake index b44770950f94..2c6bb4bae2f4 100644 --- a/cmake/version.cmake +++ b/cmake/version.cmake @@ -5,25 +5,7 @@ unset(CCF_VERSION) unset(CCF_RELEASE_VERSION) unset(CCF_VERSION_SUFFIX) -option( - UNSAFE_VERSION - "Append unsafe suffix to project and targets. Should be used on platforms where log level is determined at build-time, to distinguish builds which are unsafely verbose." - OFF -) - set(CCF_PROJECT "ccf_${COMPILE_TARGET}") -if(UNSAFE_VERSION) - if(NOT ${COMPILE_TARGET} STREQUAL "sgx") - message( - FATAL_ERROR - "UNSAFE_VERSION can only be set for sgx compile target (-DCOMPILE_TARGET=sgx)" - ) - endif() - set(CCF_PROJECT "${CCF_PROJECT}_unsafe") - add_compile_definitions(UNSAFE_VERSION ENABLE_HISTORICAL_VERBOSE_LOGGING) - file(WRITE ${CMAKE_BINARY_DIR}/UNSAFE "UNSAFE") - install(FILES ${CMAKE_BINARY_DIR}/UNSAFE DESTINATION share) -endif() # If possible, deduce project version from git environment if(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/.git) diff --git a/edl/ccf.edl b/edl/ccf.edl deleted file mode 100644 index c1d65e04fac0..000000000000 --- a/edl/ccf.edl +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the Apache 2.0 License. - -enclave { - from "openenclave/edl/sgx/platform.edl" import *; - from "openenclave/edl/time.edl" import *; - - include "common/enclave_interface_types.h" - - trusted { - - public CreateNodeStatus enclave_create_node( - [user_check] void* enclave_config, - [user_check] uint8_t* ccf_config, - size_t ccf_config_size, - [user_check] uint8_t* startup_snapshot, - size_t startup_snapshot_size, - [out, count=node_cert_size] uint8_t* node_cert, - size_t node_cert_size, - [out] size_t* node_cert_len, - [out, count=service_cert_size] uint8_t* service_cert, - size_t service_cert_size, - [out] size_t* service_cert_len, - [out, count=enclave_version_size] uint8_t* enclave_version, - size_t enclave_version_size, - [out] size_t* enclave_version_len, - StartType start_type, - LoggerLevel enclave_log_level, - size_t num_worker_thread, - [user_check] void* time_location, - ); - - public bool enclave_run(); - }; -}; diff --git a/include/ccf/ds/logger.h b/include/ccf/ds/logger.h index 262b199d87c5..ce6bd4ed5564 100644 --- a/include/ccf/ds/logger.h +++ b/include/ccf/ds/logger.h @@ -17,13 +17,7 @@ namespace ccf::logger { - static constexpr LoggerLevel MOST_VERBOSE = -#ifdef CCF_DISABLE_VERBOSE_LOGGING - LoggerLevel::INFO -#else - LoggerLevel::TRACE -#endif - ; + static constexpr LoggerLevel MOST_VERBOSE = LoggerLevel::TRACE; static constexpr const char* LevelNames[] = { "trace", "debug", "info", "fail", "fatal"}; @@ -374,23 +368,11 @@ namespace ccf::logger # define CCF_LOGGER_DEPRECATE(MACRO) #endif -#ifndef CCF_DISABLE_VERBOSE_LOGGING -# define LOG_TRACE_FMT \ - CCF_LOGGER_DEPRECATE(LOG_TRACE_FMT) CCF_LOG_FMT(TRACE, "") -# define LOG_DEBUG_FMT \ - CCF_LOGGER_DEPRECATE(LOG_DEBUG_FMT) CCF_LOG_FMT(DEBUG, "") +#define LOG_TRACE_FMT CCF_LOGGER_DEPRECATE(LOG_TRACE_FMT) CCF_LOG_FMT(TRACE, "") +#define LOG_DEBUG_FMT CCF_LOGGER_DEPRECATE(LOG_DEBUG_FMT) CCF_LOG_FMT(DEBUG, "") -# define CCF_APP_TRACE CCF_LOG_FMT(TRACE, "app") -# define CCF_APP_DEBUG CCF_LOG_FMT(DEBUG, "app") -#else -// With verbose logging disabled by compile-time definition, these logging -// macros are compile-time nops (and cannot be enabled by accident or malice) -# define LOG_TRACE_FMT(...) CCF_LOGGER_DEPRECATE(LOG_TRACE_FMT)((void)0) -# define LOG_DEBUG_FMT(...) CCF_LOGGER_DEPRECATE(LOG_DEBUG_FMT)((void)0) - -# define CCF_APP_TRACE(...) ((void)0) -# define CCF_APP_DEBUG(...) ((void)0) -#endif +#define CCF_APP_TRACE CCF_LOG_FMT(TRACE, "app") +#define CCF_APP_DEBUG CCF_LOG_FMT(DEBUG, "app") #define LOG_INFO_FMT CCF_LOGGER_DEPRECATE(LOG_INFO_FMT) CCF_LOG_FMT(INFO, "") #define LOG_FAIL_FMT CCF_LOGGER_DEPRECATE(LOG_FAIL_FMT) CCF_LOG_FMT(FAIL, "") diff --git a/samples/apps/basic/CMakeLists.txt b/samples/apps/basic/CMakeLists.txt index 4094a94e9ea6..c07cac853b07 100644 --- a/samples/apps/basic/CMakeLists.txt +++ b/samples/apps/basic/CMakeLists.txt @@ -5,30 +5,10 @@ cmake_minimum_required(VERSION 3.16) project(basic LANGUAGES C CXX) -option(USE_UNSAFE_VERSION "Use build with unsafe logging levels" OFF) - set(CCF_PROJECT "ccf_${COMPILE_TARGET}") -if(USE_UNSAFE_VERSION) - set(CCF_PROJECT "${CCF_PROJECT}_unsafe") -endif() if(NOT TARGET "ccf") find_package(${CCF_PROJECT} REQUIRED) endif() add_ccf_app(basic SRCS basic.cpp) - -# Generate an ephemeral signing key -add_custom_command( - OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem - COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3 - 3072 -) -add_custom_target( - basic_signing_key ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -) - -sign_app_library( - basic.enclave ${CMAKE_CURRENT_SOURCE_DIR}/oe_sign.conf - ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -) diff --git a/samples/apps/basic/oe_sign.conf b/samples/apps/basic/oe_sign.conf deleted file mode 100644 index 397bde50edeb..000000000000 --- a/samples/apps/basic/oe_sign.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Enclave settings: -NumHeapPages=100000 -NumStackPages=1024 -NumTCS=14 -ProductID=1 -SecurityVersion=1 -# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants diff --git a/samples/apps/logging/CMakeLists.txt b/samples/apps/logging/CMakeLists.txt index 6ca62de95837..0975163501d1 100644 --- a/samples/apps/logging/CMakeLists.txt +++ b/samples/apps/logging/CMakeLists.txt @@ -5,30 +5,10 @@ cmake_minimum_required(VERSION 3.16) project(logging LANGUAGES C CXX) -option(USE_UNSAFE_VERSION "Use build with unsafe logging levels" OFF) - set(CCF_PROJECT "ccf_${COMPILE_TARGET}") -if(USE_UNSAFE_VERSION) - set(CCF_PROJECT "${CCF_PROJECT}_unsafe") -endif() if(NOT TARGET "ccf") find_package(${CCF_PROJECT} REQUIRED) endif() add_ccf_app(logging SRCS logging.cpp create_tx_claims_digest.cpp) - -# Generate an ephemeral signing key -add_custom_command( - OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem - COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3 - 3072 -) -add_custom_target( - logging_signing_key ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -) - -sign_app_library( - logging.enclave ${CMAKE_CURRENT_SOURCE_DIR}/oe_sign.conf - ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -) diff --git a/samples/apps/logging/oe_sign.conf b/samples/apps/logging/oe_sign.conf deleted file mode 100644 index 668529b6da3c..000000000000 --- a/samples/apps/logging/oe_sign.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Enclave settings: -NumHeapPages=50000 -NumStackPages=1024 -NumTCS=8 -ProductID=1 -SecurityVersion=1 -# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants diff --git a/samples/apps/nobuiltins/CMakeLists.txt b/samples/apps/nobuiltins/CMakeLists.txt index da2d8813225b..dd0b324ed8ee 100644 --- a/samples/apps/nobuiltins/CMakeLists.txt +++ b/samples/apps/nobuiltins/CMakeLists.txt @@ -12,19 +12,3 @@ if(NOT TARGET "ccf") endif() add_ccf_app(nobuiltins SRCS nobuiltins.cpp) - -# Generate an ephemeral signing key -add_custom_command( - OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem - COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3 - 3072 -) -add_custom_target( - nobuiltins_signing_key ALL - DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -) - -sign_app_library( - nobuiltins.enclave ${CMAKE_CURRENT_SOURCE_DIR}/oe_sign.conf - ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -) diff --git a/samples/apps/nobuiltins/oe_sign.conf b/samples/apps/nobuiltins/oe_sign.conf deleted file mode 100644 index 668529b6da3c..000000000000 --- a/samples/apps/nobuiltins/oe_sign.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Enclave settings: -NumHeapPages=50000 -NumStackPages=1024 -NumTCS=8 -ProductID=1 -SecurityVersion=1 -# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants diff --git a/samples/apps/programmability/CMakeLists.txt b/samples/apps/programmability/CMakeLists.txt index 039e3657d9a4..fd470f86b710 100644 --- a/samples/apps/programmability/CMakeLists.txt +++ b/samples/apps/programmability/CMakeLists.txt @@ -5,31 +5,10 @@ cmake_minimum_required(VERSION 3.16) project(programmability LANGUAGES C CXX) -option(USE_UNSAFE_VERSION "Use build with unsafe logging levels" OFF) - set(CCF_PROJECT "ccf_${COMPILE_TARGET}") -if(USE_UNSAFE_VERSION) - set(CCF_PROJECT "${CCF_PROJECT}_unsafe") -endif() if(NOT TARGET "ccf") find_package(${CCF_PROJECT} REQUIRED) endif() add_ccf_app(programmability SRCS programmability.cpp) - -# Generate an ephemeral signing key -add_custom_command( - OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem - COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3 - 3072 -) -add_custom_target( - programmability_signing_key ALL - DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -) - -sign_app_library( - programmability.enclave ${CMAKE_CURRENT_SOURCE_DIR}/oe_sign.conf - ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -) diff --git a/samples/apps/programmability/oe_sign.conf b/samples/apps/programmability/oe_sign.conf deleted file mode 100644 index 397bde50edeb..000000000000 --- a/samples/apps/programmability/oe_sign.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Enclave settings: -NumHeapPages=100000 -NumStackPages=1024 -NumTCS=14 -ProductID=1 -SecurityVersion=1 -# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants diff --git a/src/apps/js_generic/oe_sign.conf b/src/apps/js_generic/oe_sign.conf deleted file mode 100644 index b553df492500..000000000000 --- a/src/apps/js_generic/oe_sign.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Enclave settings: -NumHeapPages=524288 -NumStackPages=1024 -NumTCS=14 -ProductID=1 -SecurityVersion=1 -# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants diff --git a/src/apps/tpcc/app/oe_sign.conf b/src/apps/tpcc/app/oe_sign.conf deleted file mode 100644 index 14b6a005a766..000000000000 --- a/src/apps/tpcc/app/oe_sign.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Enclave settings: -NumHeapPages=327680 -NumStackPages=1024 -NumTCS=8 -ProductID=1 -SecurityVersion=1 -# The Debug setting is automatically inserted by sign_app_library in CMake, to build both debuggable and non-debuggable variants diff --git a/src/apps/tpcc/tpcc.cmake b/src/apps/tpcc/tpcc.cmake index 3eed0b546fd0..e3365f614db3 100644 --- a/src/apps/tpcc/tpcc.cmake +++ b/src/apps/tpcc/tpcc.cmake @@ -19,10 +19,6 @@ add_ccf_app( SRCS ${CMAKE_CURRENT_LIST_DIR}/app/tpcc.cpp SYSTEM_INCLUDE_DIRS ${CCF_DIR}/3rdparty/test ) -sign_app_library( - tpcc.enclave ${CMAKE_CURRENT_LIST_DIR}/app/oe_sign.conf - ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -) # tpcc unit tests add_unit_test(tpcc_test ${CMAKE_CURRENT_LIST_DIR}/app/test/tpcc.cpp) diff --git a/src/ds/test/logger_json_test.cpp b/src/ds/test/logger_json_test.cpp index 4f75114fa35f..3cd242cb5a60 100644 --- a/src/ds/test/logger_json_test.cpp +++ b/src/ds/test/logger_json_test.cpp @@ -1,7 +1,5 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the Apache 2.0 License. -#undef CCF_DISABLE_VERBOSE_LOGGING - #include "ccf/ds/logger.h" #define DOCTEST_CONFIG_IMPLEMENT_WITH_MAIN diff --git a/src/host/enclave.h b/src/host/enclave.h index 6a243c1745af..5cd23726332c 100644 --- a/src/host/enclave.h +++ b/src/host/enclave.h @@ -128,10 +128,6 @@ namespace host expect_enclave_file_suffix(path, ".enclave.so.signed", type); } -# ifdef CCF_DISABLE_VERBOSE_LOGGING - oe_log_set_callback(nullptr, nop_oe_logger); -# endif - auto err = oe_create_ccf_enclave( path.c_str(), OE_ENCLAVE_TYPE_SGX, diff --git a/src/node/rpc/gov_logging.h b/src/node/rpc/gov_logging.h index 07448d220a12..9111a536eee7 100644 --- a/src/node/rpc/gov_logging.h +++ b/src/node/rpc/gov_logging.h @@ -4,13 +4,8 @@ #include "ccf/ds/logger.h" -#ifndef CCF_DISABLE_VERBOSE_LOGGING -# define GOV_TRACE_FMT CCF_LOG_FMT(TRACE, "gov") -# define GOV_DEBUG_FMT CCF_LOG_FMT(DEBUG, "gov") -#else -# define GOV_TRACE_FMT(...) ((void)0) -# define GOV_DEBUG_FMT(...) ((void)0) -#endif +#define GOV_TRACE_FMT CCF_LOG_FMT(TRACE, "gov") +#define GOV_DEBUG_FMT CCF_LOG_FMT(DEBUG, "gov") #define GOV_INFO_FMT CCF_LOG_FMT(INFO, "gov") #define GOV_FAIL_FMT CCF_LOG_FMT(FAIL, "gov") diff --git a/src/node/rpc/node_frontend.h b/src/node/rpc/node_frontend.h index a36df12217d3..70c5b5a7eacb 100644 --- a/src/node/rpc/node_frontend.h +++ b/src/node/rpc/node_frontend.h @@ -1472,11 +1472,7 @@ namespace ccf GetVersion::Out result; result.ccf_version = ccf::ccf_version; result.quickjs_version = ccf::quickjs_version; -#ifdef UNSAFE_VERSION - result.unsafe = true; -#else result.unsafe = false; -#endif return make_success(result); };