2. Vault.sh¶
vault.sh
is a sample build script for building eapps/hosts,
building an appropriate Eyrie configuration, and packaging all three
into a self-extracting archive.
In most cases, changing the variables in the script will be sufficient to build a custom enclave.
The hello world tutorial vault script is as follows:
################################################################
# Replace the variables #
################################################################
NAME=hello
VAULT_DIR=`dirname $0`
BUILD_COMMAND="make -C eapp && make -C host"
OUTPUT_DIR=$KEYSTONE_SDK_DIR/../buildroot_overlay/root/$NAME
EYRIE_DIR=$KEYSTONE_SDK_DIR/rts/eyrie
EYRIE_PLUGINS="freemem untrusted_io_syscall linux_syscall env_setup"
PACKAGE_FILES="eapp/hello \
host/runner \
$EYRIE_DIR/eyrie-rt"
PACKAGE_SCRIPT="./runner hello eyrie-rt"
We will go through what each variable is for, and how the script builds the enclave.
NAME
defines the name of the enclave. It will be used to generate the final enclave package.
VAULT_DIR
is the path to the script. The script will change the directory to $VAULT_DIR
before running the build commands.
BUILD_COMMAND
defines the build commands. This example has Makefile
in each of the
directory, so the script just needs to execute make
at each directory to build both the eapp and
the host.
OUTPUT_DIR
is the path to the output files. Since we started from Quick Start, we put the build outputs to the buildroot overlay directory so
that we can see them in the QEMU disk image.
EYRIE_DIR
is the path to the Eyrie runtime source code.
EYRIE_PLUGINS
defines what plugins you want to include in the runtime.
PACKAGE_FILES
defines which files you want to include in the final enclave package.
vault.sh
uses Makeself to generate a self-extracting archive for the
enclave.
The package usually includes the host binary (i.e., host/runner
), the eapp binary (i.e.,
eapp/hello
), and the runtime binary (i.e., $EYRIE_DIR/eyrie-rt
)
PACKAGE_SCRIPT
defines the input command to makeself
. The self-extracting archive will
execute this command after the decompression.
2.1. Eyrie Runtime¶
If you have completed Quick Start, the runtime source code
would have been already located at $EYRIE_DIR
.
You can find the following command in vault.sh
, which builds the Eyrie runtime.
$EYRIE_DIR/build.sh $EYRIE_PLUGINS