Update Asylo and absl version

- fix a couple missing dependencies - add rules to build sigstruct, used for SGX remote attestation Ref project-oak#241
tiziano88 · Oct 1, 2019 · f38d680 · f38d680
1 parent f52d570
commit f38d680
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 20 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM gcr.io/asylo-framework/asylo:buildenv-v0.4.0
+FROM gcr.io/asylo-framework/asylo:buildenv-v0.4.1
 
 RUN apt-get -y update && apt-get install -y git curl clang-format shellcheck libncurses5 xml2
 

diff --git a/WORKSPACE b/WORKSPACE
@@ -21,20 +21,20 @@ load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
 
 http_archive(
     name = "com_google_absl",
-    sha256 = "cd4dd948bfe3655269656277eb83dbeefcb1368d7c6b329e93cc8ca9a688e5e6",
-    strip_prefix = "abseil-cpp-27c30ec671cb7b5ba84c4e79feff7fd0b0ac6338",
+    sha256 = "27184e97131edb9a289b1c2cd404c234afa5ceaae44c5eb6713138cb674535aa",
+    strip_prefix = "abseil-cpp-ac78ffc3bc0a8b295cab9a03817760fd460df2a1",
     urls = [
-        # Head commit on 2019-05-23.
-        "https://github.com/abseil/abseil-cpp/archive/27c30ec671cb7b5ba84c4e79feff7fd0b0ac6338.zip",
+        # Head commit on 2019-09-12.
+        "https://github.com/abseil/abseil-cpp/archive/ac78ffc3bc0a8b295cab9a03817760fd460df2a1.zip",
     ],
 )
 
 # Asylo Framework.
 http_archive(
     name = "com_google_asylo",
-    sha256 = "b622044f967da3b8a8e2c76a18afe0014baab3226a902db0b87255f3ffc31c2c",
-    strip_prefix = "asylo-dfdc44744e3b18531830deb37c5633f648e6cdbd",
-    urls = ["https://github.com/google/asylo/archive/dfdc44744e3b18531830deb37c5633f648e6cdbd.tar.gz"],
+    sha256 = "c3ff01a7b974ea8c0713fccf16027756d2c75aca2e2af73a73ffcedd3b4b3e2a",
+    strip_prefix = "asylo-5ab253e2db786a9cccbc397aac2338531d4aa119",
+    urls = ["https://github.com/google/asylo/archive/5ab253e2db786a9cccbc397aac2338531d4aa119.tar.gz"],
 )
 
 # Google Test

diff --git a/oak/server/BUILD b/oak/server/BUILD
@@ -124,6 +124,7 @@ cc_library(
         ":wasm_node",
         "//oak/common:app_config",
         "//oak/proto:enclave_cc_proto",
+        "//oak/proto:oak_api_cc_proto",
         "//oak/server:logging_node",
         "//oak/server/storage:storage_node",
         "@com_google_absl//absl/memory",

diff --git a/oak/server/asylo/BUILD b/oak/server/asylo/BUILD
@@ -23,10 +23,13 @@ load(
     "@com_google_asylo//asylo/bazel:asylo.bzl",
     "enclave_loader",
 )
+load(
+    "@com_google_asylo//asylo/bazel:copts.bzl",
+    "ASYLO_DEFAULT_COPTS",
+)
 load(
     "@linux_sgx//:sgx_sdk.bzl",
-    "sgx_enclave",
-    "sgx_enclave_configuration",
+    "sgx",
 )
 
 cc_library(
@@ -73,33 +76,41 @@ cc_library(
     ],
 )
 
-sgx_enclave_configuration(
+sgx.enclave_configuration(
     name = "grpc_enclave_config",
     # gRPC needs more than the default amount of heap to run. ~1.2GB.
     heap_max_size = "0x47000000",
     tcs_num = "200",
 )
 
-sgx_enclave(
-    name = "oak_enclave.so",
+sgx.unsigned_enclave(
+    name = "oak_enclave_unsigned.so",
     srcs = [
         "oak_enclave.cc",
     ],
-    config = "grpc_enclave_config",
-    # Explicitly disable stamping in order to achieve reproducible builds.
-    # TODO: Remove when we depend on a version of Asylo past
-    # https://github.com/google/asylo/commit/9c557c22f84b1d27ee7a9d1791af8dd2faabe7cc.
-    stamp = 0,
+    copts = ASYLO_DEFAULT_COPTS,
     deps = [
         "//oak/server/asylo:enclave_server",
         "@com_google_asylo//asylo/grpc/util:enclave_server",
     ],
 )
 
+sgx.debug_enclave(
+    name = "oak_enclave_debug.so",
+    unsigned = ":oak_enclave_unsigned.so",
+    config = ":grpc_enclave_config",
+)
+
+sgx.generate_sigstruct(
+    name = "oak_enclave_sigstruct",
+    unsigned = ":oak_enclave_unsigned.so",
+    config = ":grpc_enclave_config",
+)
+
 enclave_loader(
     name = "oak",
     srcs = ["asylo_oak_main.cc"],
-    enclaves = {"enclave": "//oak/server/asylo:oak_enclave.so"},
+    enclaves = {"enclave": "//oak/server/asylo:oak_enclave_debug.so"},
     loader_args = ["--enclave_path='{enclave}'"],
     deps = [
         ":asylo_oak_manager",

diff --git a/oak/server/asylo/enclave_server.cc b/oak/server/asylo/enclave_server.cc
@@ -34,7 +34,6 @@
 #include "include/grpcpp/server.h"
 #include "include/grpcpp/server_builder.h"
 #include "oak/proto/enclave.pb.h"
-#include "oak/server/module_invocation.h"
 #include "oak/server/oak_runtime.h"
 
 namespace oak {