search

ccc-certifier-framework / certifier-framework-for-confidential-computing

The Confidential Computing Certifier Framework consists of a client API called the Certifier-API and server-based policy evaluation called the Certifier Service. It simplifies and unifies programming and operations support for multi-vendor Confidential Computing platforms by providing support for scalable, policy-driven trust management including
Apache License 2.0
52 stars 15 forks source link

make in openenclave_test/ on SGX-machine fails with unresolved references during link phase. #122

Open gapisback opened 1 year ago

gapisback commented 1 year ago

After fixing Makefiles to handle the reference(s) to certprotos/certifier.proto [ changes arising from fixes to address issue #116 ], the following simple make command fails on SGX-machine:

sgx-server:[60] $ pwd
/home/sgx/agurajada/certifier-framework-for-confidential-computing/openenclave_test

make

The fix to access certifier_service/certprotos/certifier.proto is working fine:

Processing /home/sgx/openenclave-bin/share/pkgconfig/../../include/openenclave/edl/sgx/switchless.edl.
Success.
../protobufs-bin/bin/protoc --cpp_out=. --proto_path=../../certifier_service/certprotos ../../certifier_service/certprotos/certifier.proto

Later we fail at link phase:

cc -g -c -nostdinc -m64 -fPIE -ftls-model=local-exec -fvisibility=hidden -fstack-protector-strong -fno-omit-frame-pointer
-ffunction-sections -fdata-sections -I/home/sgx/openenclave-bin/share/pkgconfig/../../include/openenclave/3rdparty/libc 
-I/home/sgx/openenclave-bin/share/pkgconfig/../../include/openenclave/3rdparty -I/home/sgx/openenclave-bin/share/pkgconfig/../../include  
-I.. -DOE_API_VERSION=2 ./attestation_t.c

g++ -o enclave ecalls.o attestation_t.o certifier.pb.o certifier.o support.o test_support.o simulated_enclave.o application_enclave.o attestation.o sealing.o 
/home/sgx/openenclave-bin/share/pkgconfig/../../lib/openenclave/enclave/objects-Debug/oeseal_gcmaes/seal_gcmaes.c.o -L/home/sgx/openenclave-bin/share/pkgconfig/../../lib/openenclave/enclave -nostdlib -nodefaultlibs -nostartfiles -Wl,--no-undefined -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--export-dynamic -Wl,-pie -Wl,--build-id -Wl,-z,noexecstack -Wl,-z,now -Wl,-gc-sections -loeenclave -loelibcxx -loelibc -loesyscall -loecore -loecryptoopenssl -lopensslssl -lopensslcrypto -loelibc -loesyscall -loecore -L../protobufs-bin/lib -lprotobuf -loeenclave -loelibcxx -loelibc -loesyscall -loecore -loehostfs

/usr/bin/ld: test_support.o: in function `construct_standard_evidence_package(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, bool, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, signed_claim_sequence*, signed_claim_sequence*, key_message*, key_message*, evidence_package*)':

Further failures:

/home/sgx/agurajada/certifier-framework-for-confidential-computing/openenclave_test/enclave/../../src/test_support.cc:151: undefined reference to `get_vse_clause_from_signed_claim(signed_claim_message const&, vse_clause*)'
/usr/bin/ld: /home/sgx/agurajada/certifier-framework-for-confidential-computing/openenclave_test/enclave/../../src/test_support.cc:335: 

undefined reference to `construct_what_to_say(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, key_message&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)'
/usr/bin/ld: test_support.o: in function `test_local_certify(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, bool, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&)':
/home/sgx/agurajada/certifier-framework-for-confidential-computing/openenclave_test/enclave/../../src/test_support.cc:512:

 undefined reference to `init_certifier_rules(certifier_rules&)'
/usr/bin/ld: /home/sgx/agurajada/certifier-framework-for-confidential-computing/openenclave_test/enclave/../../src/test_support.cc:545: undefined reference to `validate_evidence(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, signed_claim_sequence&, signed_claim_sequence&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, evidence_package&, key_message&)'
/usr/bin/ld: simulated_enclave.o: in function `simulated_Attest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, int, unsigned char*, int*, unsigned char*)':
/home/sgx/agurajada/certifier-framework-for-confidential-computing/openenclave_test/enclave/../../src/simulated_enclave.cc:252: undefined reference to `sign_report(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, key_message const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:52: build] Error 1

NOTE: Similarly: $ make in openenclave_test/enclave also fails.

This whole build in this openenclave_test/ needs to be re-examined.

gapisback commented 1 year ago

Not important to resolve before the summit.