[tools,tests] Decouple encrypted file tools from SGX

Encrypted files are not SGX-only and the related tools (`gramine-sgx-pf-crypt`, `gramine-sgx-pf-tamper`) are no longer part of the Linux-SGX PAL. This commit decouples the encrypted file tools from `tools/sgx` and removes SGX dependency for encrypted file tests. Signed-off-by: Kailun Qin <[email protected]>
gramineproject · Jan 6, 2025 · dac67e1 · dac67e1
1 parent 21ae038
commit dac67e1
Show file tree

Hide file tree

Showing 16 changed files with 58 additions and 31 deletions.
diff --git a/common/src/protected_files/README.rst b/common/src/protected_files/README.rst
@@ -51,8 +51,8 @@ bytes.
 NOTE
 ----
 
-The ``tools`` directory in Linux-SGX PAL contains the ``pf_crypt`` utility that
-converts files to/from the protected format.
+The ``tools`` directory contains the ``pf_crypt`` utility that converts files
+to/from the protected format.
 
 Internal protected file format in this version was ported from the `SGX SDK
 <https://github.com/intel/linux-sgx/tree/1eaa4551d4b02677eec505684412dc288e6d6361/sdk/protected_fs>`_.

diff --git a/libos/test/fs/README.md b/libos/test/fs/README.md
@@ -18,9 +18,6 @@ How to execute
 
 - `gramine-test pytest -v`
 
-Encrypted file tests assume that Gramine was built with SGX enabled (see comment
-in `test_enc.py`).
-
 This test suite automatically creates files-under-test on startup and removes
 them afterwards. When some test fails and you want to debug this failure, it's
 more convenient to skip this automatic removal of files (and manually

diff --git a/libos/test/fs/test_enc.py b/libos/test/fs/test_enc.py
@@ -2,18 +2,10 @@
 import os
 import shutil
 import subprocess
-import unittest
 
 # Named import, so that Pytest does not pick up TC_00_FileSystem as belonging to this module.
 import test_fs
 
-from graminelibos import _CONFIG_SGX_ENABLED
-
-# TODO: While encrypted files are no longer SGX-only, the related tools (gramine-sgx-pf-crypt,
-# gramine-sgx-pf-tamper) are still part of Linux-SGX PAL. As a result, we are able to run the tests
-# with other PALs, but only if Gramine was built with SGX enabled.
-
-@unittest.skipUnless(_CONFIG_SGX_ENABLED, 'Encrypted files tests require SGX to be enabled')
 class TC_50_EncryptedFiles(test_fs.TC_00_FileSystem):
     @classmethod
     def setUpClass(cls):

diff --git a/tools/common/meson.build b/tools/common/meson.build
@@ -0,0 +1,14 @@
+tools_common_inc = include_directories('.')
+
+tools_util_dep = declare_dependency(
+    sources: [
+        'util.c',
+        'util.h',
+    ],
+    include_directories: [
+        tools_common_inc,
+        common_inc,
+    ],
+)
+
+subdir('pf_util')
diff --git a/tools/common/pf_util/meson.build b/tools/common/pf_util/meson.build
@@ -0,0 +1,33 @@
+pf_util_inc = include_directories('.')
+
+pf_util = static_library('pf_util',
+    'pf_util.c',
+    'pf_util.h',
+
+    c_args: [
+        '-DIN_TOOLS',
+    ],
+
+    include_directories: [
+        common_inc,
+    ],
+
+    dependencies: [
+        tools_util_dep,
+        common_utils_dep,
+        mbedtls_static_dep,
+        protected_files_dep,
+    ],
+
+    install: true,
+    install_rpath: get_option('prefix') / get_option('libdir'),
+)
+
+pf_util_dep = declare_dependency(
+    link_with: pf_util,
+    include_directories: [
+        pf_util_inc,
+        tools_common_inc,
+        protected_files_inc,
+    ],
+)
diff --git a/tools/sgx/common/pf_util.c → tools/common/pf_util/pf_util.c b/tools/sgx/common/pf_util.c → tools/common/pf_util/pf_util.c
diff --git a/tools/sgx/common/pf_util.h → tools/common/pf_util/pf_util.h b/tools/sgx/common/pf_util.h → tools/common/pf_util/pf_util.h
diff --git a/tools/sgx/common/util.c → tools/common/util.c b/tools/sgx/common/util.c → tools/common/util.c
diff --git a/tools/sgx/common/util.h → tools/common/util.h b/tools/sgx/common/util.h → tools/common/util.h
diff --git a/tools/meson.build b/tools/meson.build
@@ -11,6 +11,10 @@ common_render_defines = [
     '-D', 'BINDIR=@0@'.format(get_option('bindir')),
 ]
 
+subdir('common')
+subdir('pf_crypt')
+subdir('pf_tamper')
+
 if direct
     hostpalpath_direct = get_option('prefix') / pkglibdir / 'direct'
     custom_target('gramine-direct',

diff --git a/tools/sgx/pf_crypt/meson.build → tools/pf_crypt/meson.build b/tools/sgx/pf_crypt/meson.build → tools/pf_crypt/meson.build
@@ -2,7 +2,7 @@ executable('gramine-sgx-pf-crypt',
     'pf_crypt.c',
 
     dependencies: [
-        sgx_util_dep,
+        pf_util_dep,
     ],
 
     install: true,

diff --git a/tools/sgx/pf_crypt/pf_crypt.c → tools/pf_crypt/pf_crypt.c b/tools/sgx/pf_crypt/pf_crypt.c → tools/pf_crypt/pf_crypt.c
diff --git a/tools/sgx/pf_tamper/meson.build → tools/pf_tamper/meson.build b/tools/sgx/pf_tamper/meson.build → tools/pf_tamper/meson.build
@@ -2,7 +2,7 @@ executable('gramine-sgx-pf-tamper',
     'pf_tamper.c',
 
     dependencies: [
-        sgx_util_dep,
+        pf_util_dep,
     ],
 
     include_directories: common_inc, # for api.h

diff --git a/tools/sgx/pf_tamper/pf_tamper.c → tools/pf_tamper/pf_tamper.c b/tools/sgx/pf_tamper/pf_tamper.c → tools/pf_tamper/pf_tamper.c
diff --git a/tools/sgx/common/meson.build b/tools/sgx/common/meson.build
@@ -1,23 +1,12 @@
 sgx_util = static_library('sgx_util',
-    'pf_util.c',
-    'pf_util.h',
     'quote.c',
     'quote.h',
-    'util.c',
-    'util.h',
 
-    c_args: [
-        '-DIN_TOOLS',
-    ],
+    include_directories: pal_sgx_inc, # this is only for `sgx_arch.h` and `sgx_attest.h`
 
-    include_directories: [
-        pal_sgx_inc, # this is only for `sgx_arch.h` and `sgx_attest.h`
-        common_inc,
-    ],
     dependencies: [
+        tools_util_dep,
         common_utils_dep,
-        mbedtls_static_dep,
-        protected_files_dep,
     ],
 
     install: true,
@@ -28,7 +17,7 @@ sgx_util_dep = declare_dependency(
     link_with: sgx_util,
     include_directories: [
         include_directories('.'),
+        tools_common_inc,
         pal_sgx_inc, # this is only for `sgx_arch.h` and `sgx_attest.h`
-        protected_files_inc,
     ],
 )
diff --git a/tools/sgx/meson.build b/tools/sgx/meson.build
@@ -1,7 +1,5 @@
 subdir('common')
 
 subdir('is-sgx-available')
-subdir('pf_crypt')
-subdir('pf_tamper')
 subdir('quote-view')
 subdir('ra-tls')