CCF/cmake/open_enclave.cmake

# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the Apache 2.0 License.

if(NOT COMPILE_TARGET STREQUAL "sgx")
  set(COMPONENT "OEHOSTVERIFY")
endif()

# Find OpenEnclave package
find_package(OpenEnclave 0.19.3 CONFIG REQUIRED)
# As well as pulling in openenclave:: targets, this sets variables which can be
# used for our edge cases (eg - for virtual libraries). These do not follow the
# standard naming patterns, for example use OE_INCLUDEDIR rather than
# OpenEnclave_INCLUDE_DIRS

option(USE_OPENSSL_3 "Use OpenSSL 3.x for Open Enclave builds" ON)
if(USE_OPENSSL_3)
  set(OE_OPENSSL_LIBRARY openenclave::oecryptoopenssl_3)
else()
  set(OE_OPENSSL_LIBRARY openenclave::oecryptoopenssl)
endif()

if(COMPILE_TARGET STREQUAL "sgx")
  set(OE_TARGET_LIBC openenclave::oelibc)
  set(OE_TARGET_ENCLAVE_AND_STD
      openenclave::oeenclave openenclave::oelibcxx openenclave::oelibc
      ${OE_OPENSSL_LIBRARY}
  )
  # These oe libraries must be linked in specific order
  set(OE_TARGET_ENCLAVE_CORE_LIBS
      openenclave::oeenclave openenclave::oesnmalloc openenclave::oecore
      openenclave::oesyscall
  )

  option(LVI_MITIGATIONS "Enable LVI mitigations" ON)

  function(add_lvi_mitigations name)
    if(LVI_MITIGATIONS)
      # Enable clang-11 built-in LVI mitigation
      target_compile_options(${name} PRIVATE -mlvi-cfi)
    endif()
  endfunction()

  set(OE_HOST_LIBRARY openenclave::oehost)
else()
  set(OE_HOST_LIBRARY openenclave::oehostverify)
endif()
Use Open Enclave hostverify package for virtual and SNP builds (#4431) 2022-11-02 18:12:51 +03:00			`# Copyright (c) Microsoft Corporation. All rights reserved.`
			`# Licensed under the Apache 2.0 License.`

			`if(NOT COMPILE_TARGET STREQUAL "sgx")`
			`set(COMPONENT "OEHOSTVERIFY")`
			`endif()`

			`# Find OpenEnclave package`
[release/4.x] Cherry pick: Update to Open Enclave 0.19.3 (#5460) (#5466) 2023-07-18 19:44:41 +03:00			`find_package(OpenEnclave 0.19.3 CONFIG REQUIRED)`
Use Open Enclave hostverify package for virtual and SNP builds (#4431) 2022-11-02 18:12:51 +03:00			`# As well as pulling in openenclave:: targets, this sets variables which can be`
			`# used for our edge cases (eg - for virtual libraries). These do not follow the`
			`# standard naming patterns, for example use OE_INCLUDEDIR rather than`
			`# OpenEnclave_INCLUDE_DIRS`

[release/4.x] Cherry pick: OpenSSL3: remove use of deprecated functions (#5481) (#5637) Co-authored-by: Julien Maffre <jumaffre@microsoft.com> 2023-09-11 11:52:55 +03:00			`option(USE_OPENSSL_3 "Use OpenSSL 3.x for Open Enclave builds" ON)`
			`if(USE_OPENSSL_3)`
			`set(OE_OPENSSL_LIBRARY openenclave::oecryptoopenssl_3)`
			`else()`
			`set(OE_OPENSSL_LIBRARY openenclave::oecryptoopenssl)`
			`endif()`

Use Open Enclave hostverify package for virtual and SNP builds (#4431) 2022-11-02 18:12:51 +03:00			`if(COMPILE_TARGET STREQUAL "sgx")`
			`set(OE_TARGET_LIBC openenclave::oelibc)`
			`set(OE_TARGET_ENCLAVE_AND_STD`
			`openenclave::oeenclave openenclave::oelibcxx openenclave::oelibc`
[release/4.x] Cherry pick: OpenSSL3: remove use of deprecated functions (#5481) (#5637) Co-authored-by: Julien Maffre <jumaffre@microsoft.com> 2023-09-11 11:52:55 +03:00			`${OE_OPENSSL_LIBRARY}`
Use Open Enclave hostverify package for virtual and SNP builds (#4431) 2022-11-02 18:12:51 +03:00			`)`
			`# These oe libraries must be linked in specific order`
			`set(OE_TARGET_ENCLAVE_CORE_LIBS`
			`openenclave::oeenclave openenclave::oesnmalloc openenclave::oecore`
			`openenclave::oesyscall`
			`)`

			`option(LVI_MITIGATIONS "Enable LVI mitigations" ON)`

			`function(add_lvi_mitigations name)`
			`if(LVI_MITIGATIONS)`
Upgrade to OE 0.19.0-rc1 (#5165) 2023-04-19 17:42:34 +03:00			`# Enable clang-11 built-in LVI mitigation`
			`target_compile_options(${name} PRIVATE -mlvi-cfi)`
Use Open Enclave hostverify package for virtual and SNP builds (#4431) 2022-11-02 18:12:51 +03:00			`endif()`
			`endfunction()`

			`set(OE_HOST_LIBRARY openenclave::oehost)`
			`else()`
			`set(OE_HOST_LIBRARY openenclave::oehostverify)`
			`endif()`