libra_tls_verify_epid.so

10 views
Skip to first unread message

Thomas Crowley

unread,
Mar 7, 2022, 5:40:07 AMMar 7
to Gramine Users
Gramine Developers,
  Is there a way to build libra_tls_verify_epid.so on an arm device? I am trying to do remote attestation from an ARM processor.  From the build process I could only see building the entire project, which only supports x86.

Thank you,
Tom

Michał Kowalczyk

unread,
Mar 7, 2022, 5:42:19 AMMar 7
to Thomas Crowley, Gramine Users
Hi,

Unfortunately we only support x86 at the moment. But porting the verification libraries should be easy, AFAIR they don't have any inline assembly.

Best,
Michał

Thomas Crowley

unread,
Mar 8, 2022, 5:44:16 AMMar 8
to Michał Kowalczyk, Gramine Users
Michal,
  I believe I have the epid library ported.  Do you know if there is an easy way to just build the gramine modified mbedtls libraries?

Tom

Michał Kowalczyk

unread,
Mar 8, 2022, 7:49:36 AMMar 8
to Thomas Crowley, Gramine Users
You mean to build _only_ this library, that's your problem? (because the rest of Gramine won't compile on arm)
If so then I'm not sure, you'd need to check Meson documentation to see if you can build only a single subproject. But I think it's doable, you just need to find a proper cmdline switch for `meson build` ;)

Thomas Crowley

unread,
Mar 8, 2022, 8:07:03 AMMar 8
to Michał Kowalczyk, Gramine Users
I do mean build only the mbedtls library.  To get my port of the epid verification library to work I had to patch mbedtls 2.26.0 which gramine is already doing.  I would like to be able to pull down the gramine project, build the mbedtls libraries and then build my epid verification library.  I will start reading the meson build documentation.

Thank you
Tom

Wojtek Porczyk

unread,
Mar 8, 2022, 5:01:08 PMMar 8
to Thomas Crowley, Michał Kowalczyk, Gramine Users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Tue, Mar 08, 2022 at 08:06:51AM -0500, Thomas Crowley wrote:
> I do mean build only the mbedtls library. To get my port of the epid
> verification library to work I had to patch mbedtls 2.26.0 which gramine is
> already doing. I would like to be able to pull down the gramine project,
> build the mbedtls libraries and then build my epid verification library. I
> will start reading the meson build documentation.

You should be able to unpack (unwrap) the subproject, then `meson setup` it
directly. That's the theory at least. I don't know what will happen if you
actually try to install it directly, but it might work.

If your port becomes viable, we might think about splitting mbedtls+libratls
to another repo, to make it easier to build for other architectures without
messing with meson subprojects. Those are brittle if you don't know exactly
how wraps work.


- --
pozdrawiam / best regards
Wojtek Porczyk
Gramine / Invisible Things Lab

I do not fear computers,
I fear lack of them.
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAmIn0h4ACgkQv2vZMhA6
I1G4ZA//TAq4KOe5qxQiJhj5hoUHMtCr0Hh6w60SB1RTq2zCxbG+zPUvtCCPEBYf
NR3Fy4qgRiATqZow+2nU2/PuVHxUtSYs2fJfh0awQy3QTGyKL/gsWd35EU+q5Yht
d48/BNIwFeOEAdk/AREzgw1/aGbOwme71puT4Flby9i3qY9egzZ3SQq2C9OA5cjJ
enxjylwPJG1Fx5YQnOFcp6JXEtkr5FjYlSv2W+DgwsSvfISPDl4eLdmFAwJAlXqG
u/35MQLGwbZKHa6IhWTE1SEoLic2UomIQudjpLtVkNydVBJGSIGB5/dvIBfpg6DF
pLUUGstNnjcWWQH9/GAEVUm8tg5q9LMBudSWnp+LxKz4xEYd31XH6OosbtjdwNlQ
WQDIccOK+KAiSxIYMbuHbmC2ieyUC3EHySERgH2+W7kCesGUSW5vd46R9MksrVwF
XQYS29xKemmEqtBx7PWgQDBS1B2f0OkfOgV6WNaQStg76hKH+LS0S07XuE4DGqkJ
sFCHBB+/i7d/+A6gkTZrBNDCzRSor8l5Ke+OEt9AU+/Lh/tkFUW6eMsZ7qSYA8YN
2nsIwjPl58jR/rCKmlRE2Z7XMOCWpgbfnEiQRVWLlFnC8M2hIX8iYg4NjkpD19gf
xc9wB6J8j9Bt8Z+fbI/P4X7KMvLnUQAoViXNmQXOH5/4i22Ea8I=
=52ad
-----END PGP SIGNATURE-----

Thomas Crowley

unread,
Mar 10, 2022, 2:31:41 PMMar 10
to Wojtek Porczyk, Thomas Crowley, Michał Kowalczyk, Gramine Users
Turns out it is not much of a port.  You just need to repackage the couple of source files required for the libra_tls_verify_epid.so library. 

obj = ra_tls_verify_epid.o \
ra_tls_verify_common.o \
attestation.o \
ias.o \
util.o \
cJSON.o \
cJSON_Utils.o
Reply all
Reply to author
Forward
0 new messages