hyperenclave容器里跑teeapp

[1853582]

Issue Type

Others

Source

binary

Capsule Manager Version

0.1.0b0

Capsule Manager SDK Version

0.1.0b0

Tee Apps Version

0.1.0b0

OS Platform and Distribution

ubuntu 20.04

Python version

3.8

Bazel version

No response

GCC/Compiler version

No response

What happend and What you expected to happen.

我尝试在hyperenclave中运行teeapp，但是在构建镜像的时候，对teeapp代码进行编译
bazel --output_base=target build -c opt --define tee_type=hyper //teeapps/...
报错：找不到sgx_report.h等sgx sdk的头文件

Reproduction code to reproduce the issue.

build.sh：
set -e

BLUE='\033[1;34m'
NC='\033[0m'

script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"
workspace_dir="$script_dir"

target_dir="/home/teeapp"
python_dir="$target_dir/python-occlum"

mkdir -p $target_dir/task
bazel clean --expunge
bazel --output_base=target build -c opt --define tee_type=hyper //teeapps/...
rm -rf $target_dir/occlum
mkdir -p $target_dir/occlum

cd $target_dir/occlum
mkdir -p teeapps/biz

# copy biz algorithms
for folder in $workspace_dir/teeapps/biz/*; do
  if [ -d "$folder" ]; then
    folder_name=$(basename "$folder")
    if [ $folder_name == "testdata" ]; then
      continue
    fi
    cp $folder/*.py teeapps/biz/
  fi
done

[1853582]

这个sgx的头文件在hyperenclave容器的/opt/intel/sgxsdk/include里面是有的，感觉是没有正确引入，现在的做法就是把之前teeapp构建的dockerfile中的基础镜像换成了hyperenclave的镜像occlum/hyperenclave:0.27.10-hypermode-1.3.0-ubuntu20.04

[zhongtianq]

你好，首先说明一下目前trustflow暂不支持hyper enclave。支持的tee类型有intel sgx2、tdx和hygon csv。

另外对于你编译的这个问题，编译指令里面--define tee_type=hyper是没有作用的。 这个bazel的define具体作用位置为： https://github.com/asterinas/trustflow/blob/main/trustflow/attestation/generation/wrapper/BUILD.bazel

指定sgx2与tdx的时候才会依赖dcap，然后间接依赖到sgx_sdk，才会把sgx_sdk引入，否则它不在bazel的include路径下。 https://github.com/asterinas/trustflow/blob/main/bazel/dcap.BUILD#L22 https://github.com/asterinas/trustflow/blob/main/bazel/repositories.bzl#L118