Long-Term Supported Versions

    Innovation Versions

      Developer Guide

      This chapter provides an example of using secGear to develop a C language program helloworld, helping you understand how to use secGear to develop applications.

      Downloading Examples

      git clone https://gitee.com/openeuler/secGear.git
      

      Directory Structure

      cd examples/helloworld
      
      #Directory structure:
      ├── helloworld
      │   ├── CMakeLists.txt
      │   ├── enclave
      │   │   ├── CMakeLists.txt
      │   │   ├── Enclave.config.xml
      │   │   ├── Enclave.lds
      │   │   ├── hello.c
      │   │   ├── manifest.txt
      │   │   └── config_cloud.ini
      │   ├── helloworld.edl
      │   └── host
      │       ├── CMakeLists.txt
      │       └── main.c
      

      The code body consists of three parts:

      • main.c: REE program
      • helloworld.edl: header file of the APIs called by the REE and TEE
      • hello.c: TEE program

      Preparations

      In addition to the preceding three parts, there are compilation project file (CMakeLists.txt) and developer licenses (Enclave.config.xml/Enclave.lds of Intel SGX and manifest.txt/config_cloud.ini of Kunpeng).

      NOTE:

      After the application is successful, the developer license file is obtained and needs to be stored in the corresponding code directory.

      Development Procedure

      Reconstructing a confidential computing application based on secGear is similar to independently extracting functional modules. The procedure is as follows: Identify sensitive data processing logic, extract it into an independent library, deploy it in the TEE, and define APIs provided by the REE in the EDL file.

      The following figure shows the development procedure.

      1. Develop the main function and APIs in the REE, manage the enclave, and call functions in the TEE.
      2. Develop the EDL file (similar to the C language header file that defines the interaction APIs between the REE and TEE).
      3. Develop TEE APIs.
      4. Call the code generation tool codegener to automatically generate the interaction source code between the REE and TEE based on the EDL file and compile the source code to the binary files of the REE and TEE. The REE logic directly calls the corresponding API of the TEE without considering the automatically generated interaction code, reducing the development cost.
      5. Call the signing tool to sign binary files in the TEE to implement trusted boot of the TEE program.

      Build and Run

      Arm Environment

      // clone secGear repository
      git clone https://gitee.com/openeuler/secGear.git
      
      // build secGear and examples
      cd secGear
      source environment
      mkdir debug && cd debug && cmake -DENCLAVE=GP .. && make && sudo make install
      
      // run helloworld
      /vendor/bin/secgear_helloworld
      

      x86 Environment

      // clone secGear repository
      git clone https://gitee.com/openeuler/secGear.git
      
      // build secGear and examples
      cd secGear
      source /opt/intel/sgxsdk/environment && source environment
      mkdir debug && cd debug && cmake .. && make && sudo make install
      
      // run helloworld
      ./examples/helloworld/host/secgear_helloworld
      

      Bug Catching

      Buggy Content

      Bug Description

      Submit As Issue

      It's a little complicated....

      I'd like to ask someone.

      PR

      Just a small problem.

      I can fix it online!

      Bug Type
      Specifications and Common Mistakes

      ● Misspellings or punctuation mistakes;

      ● Incorrect links, empty cells, or wrong formats;

      ● Chinese characters in English context;

      ● Minor inconsistencies between the UI and descriptions;

      ● Low writing fluency that does not affect understanding;

      ● Incorrect version numbers, including software package names and version numbers on the UI.

      Usability

      ● Incorrect or missing key steps;

      ● Missing prerequisites or precautions;

      ● Ambiguous figures, tables, or texts;

      ● Unclear logic, such as missing classifications, items, and steps.

      Correctness

      ● Technical principles, function descriptions, or specifications inconsistent with those of the software;

      ● Incorrect schematic or architecture diagrams;

      ● Incorrect commands or command parameters;

      ● Incorrect code;

      ● Commands inconsistent with the functions;

      ● Wrong screenshots.

      Risk Warnings

      ● Lack of risk warnings for operations that may damage the system or important data.

      Content Compliance

      ● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

      ● Copyright infringement.

      How satisfied are you with this document

      Not satisfied at all
      Very satisfied
      Submit
      Click to create an issue. An issue template will be automatically generated based on your feedback.
      Bug Catching
      编组 3备份