Assignment-7-sgximpl #13
2 changed files with 7 additions and 7 deletions
|
@ -75,7 +75,7 @@ else
|
||||||
endif
|
endif
|
||||||
|
|
||||||
App_C_Files := app/main.c app/proxy.c app/proxysetup.c app/employee.c app/util.c app/embedded_device.c
|
App_C_Files := app/main.c app/proxy.c app/proxysetup.c app/employee.c app/util.c app/embedded_device.c
|
||||||
App_Include_Paths := -IInclude -Iapp -I$(SGX_SDK)/include
|
App_Include_Paths := -IInclude -Iapp -I$(SGX_SDK)/include -I/usr/local/openssl-3.3.1/include
|
||||||
|
|
||||||
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
||||||
|
|
||||||
|
@ -91,8 +91,8 @@ else
|
||||||
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
||||||
endif
|
endif
|
||||||
|
|
||||||
Openssl_Link_Flags = `pkg-config --libs openssl`
|
OPENSSL := -Wl,-Bstatic -L/usr/local/openssl-3.3.1/lib64 -lssl -lcrypto -Wl,-Bdynamic -ldl
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread $(Openssl_Link_Flags)
|
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread -lsgx_urts $(OPENSSL)
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
ifneq ($(SGX_MODE), HW)
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
App_Link_Flags += -lsgx_uae_service_sim
|
||||||
|
@ -210,7 +210,7 @@ app/enclave_u.o: app/enclave_u.c
|
||||||
@echo "CC <= $<"
|
@echo "CC <= $<"
|
||||||
|
|
||||||
app/%.o: app/%.c
|
app/%.o: app/%.c
|
||||||
@$(CC) $(app_C_Flags) -c $< -o $@
|
@$(CC) $(App_C_Flags) -c $< -o $@
|
||||||
@echo "CC <= $<"
|
@echo "CC <= $<"
|
||||||
|
|
||||||
$(App_Name): app/enclave_u.o $(App_C_Objects)
|
$(App_Name): app/enclave_u.o $(App_C_Objects)
|
||||||
|
|
|
@ -14,7 +14,7 @@ echo "As she settled in, the IT team, always vigilant, prepared the signature pr
|
||||||
echo "The proxy was now ready to guard the integrity of their firmware."
|
echo "The proxy was now ready to guard the integrity of their firmware."
|
||||||
|
|
||||||
echo "With the proxy ready, Alice compiled the latest stable version of the firmware. This firmware would soon run on life-saving medical devices, a fact that weighed heavily on her as she meticulously checked every detail."
|
echo "With the proxy ready, Alice compiled the latest stable version of the firmware. This firmware would soon run on life-saving medical devices, a fact that weighed heavily on her as she meticulously checked every detail."
|
||||||
dd if=/dev/urandom of=$TMP/firmware.bin bs=1G count=1 &> /dev/null
|
dd if=/dev/urandom of=$TMP/firmware.bin bs=1M count=1 2> /dev/null
|
||||||
|
|
||||||
echo "Once satisfied with the build, Alice signed the firmware with her private key. This was her mark, an assurance to the company that the firmware came from a trusted source."
|
echo "Once satisfied with the build, Alice signed the firmware with her private key. This was her mark, an assurance to the company that the firmware came from a trusted source."
|
||||||
./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der
|
./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der
|
||||||
|
@ -31,7 +31,7 @@ echo "Oskar, driven by his vendetta, signed the firmware with his private key, i
|
||||||
./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der
|
./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der
|
||||||
|
|
||||||
echo "With a smug grin, he tried to pass his signed firmware through the proxy. But the system was built to withstand such threats. The proxy, ever vigilant, scrutinized the incoming data."
|
echo "With a smug grin, he tried to pass his signed firmware through the proxy. But the system was built to withstand such threats. The proxy, ever vigilant, scrutinized the incoming data."
|
||||||
cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der && echo "Oskar's firmware signing attempt seemed successful. (This should not happen in a secure system!)" || echo "The proxy detected Oskar's unauthorized key and rejected the firmware. His malicious intent was thwarted, and the firmware remained secure."
|
cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der 2> /dev/null && echo "Oskar's firmware signing attempt seemed successful. (This should not happen in a secure system!)" || echo "The proxy detected Oskar's unauthorized key and rejected the firmware. His malicious intent was thwarted, and the firmware remained secure."
|
||||||
|
|
||||||
echo "With Oskar's attempt foiled, Embedded Solutions could breathe a sigh of relief. The integrity of their firmware was intact, safeguarded by the robust security measures of their signature proxy system. Alice and her team could continue their work with confidence, knowing that their systems were safe from internal and external threats."
|
echo "With Oskar's attempt foiled, Embedded Solutions could breathe a sigh of relief. The integrity of their firmware was intact, safeguarded by the robust security measures of their signature proxy system. Alice and her team could continue their work with confidence, knowing that their systems were safe from internal and external threats."
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue