forked from fritzalder/faulty-point-unit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.travis.yml
62 lines (56 loc) · 4.48 KB
/
.travis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
os: linux
dist: bionic
notifications:
email: true
services:
- docker
# submodules will be pulled in the Docker container
git:
submodules: false
language: c
script:
- docker run $DOCKER_USERNAME/sgx-fpu /bin/bash -c "$SCRIPT"
# Add two jobs for each type of paper test, for each SDK
jobs:
include:
- name: "Build and push Docker image"
stage: "Build Intel SGX-SDK simulator"
script:
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
- make build
- docker images
- docker tag sgx-fpu $DOCKER_USERNAME/sgx-fpu
- docker push $DOCKER_USERNAME/sgx-fpu
- name: "Table 1 - Vulnerable Intel SGX-SDK"
stage: "Run FPU poisoning attacks on vulnerable and patched runtimes"
env: SCRIPT="./sdk_helper.sh install_vulnerable && source ./sdk_helper.sh vulnerable && cd 01_table1_basic-poc && ./eval_simulator.sh"
- name: "Table 1 - Patched Intel SGX-SDK"
env: SCRIPT="./sdk_helper.sh install_patched && source ./sdk_helper.sh patched && cd 01_table1_basic-poc && ./eval_simulator.sh"
- name: "Table 2 - Build and run vulnerable SGX-LKL runtime"
env: SCRIPT="cd 02_table2_affected_runtimes/sgx-lkl/ && sudo ./build.sh && sudo ./run-test.sh && cat sgx-lkl-poisoned-run.txt"
script:
- travis_wait 60 docker run --privileged $DOCKER_USERNAME/sgx-fpu /bin/bash -c "$SCRIPT"
- name: "Table 2 - Build and run vulnerable OE runtime"
env: SCRIPT="cd ~ && git clone https://github.com/fritzalder/faulty-point-unit.git && cd faulty-point-unit/02_table2_affected_runtimes/openenclave/ && git submodule init && git submodule update && sudo dpkg -i Ubuntu_1804_open-enclave_0.9.0_amd64.deb && source /opt/openenclave/share/openenclave/openenclaverc && cd hello-fpu/ && make && make simulate"
script:
- docker run oeciteam/oetools-full-18.04 /bin/bash -c "$SCRIPT"
- name: "Table 2 - Build and run patched OE runtime"
env: SCRIPT="cd ~ && git clone https://github.com/fritzalder/faulty-point-unit.git && cd faulty-point-unit/02_table2_affected_runtimes/openenclave/ && git submodule init && git submodule update && sudo dpkg -i Ubuntu_1804_open-enclave_0.10.0_amd64.deb && source /opt/openenclave/share/openenclave/openenclaverc && cd hello-fpu/ && make && make simulate"
script:
- docker run oeciteam/oetools-full-18.04 /bin/bash -c "$SCRIPT"
- name: "Table 2 - Build and run vulnerable GoTEE runtime"
env: SCRIPT="cd 02_table2_affected_runtimes/gotee/gotee-fpu/ && go get github.com/aghosn/serializer && PATH=$PATH:$HOME/go/bin && sudo make && cd example/hello-world/ && make && SIM=1 ./main"
- name: "Table 2 - Build vulnerable Rust-EDP runtime"
env: SCRIPT="cd 02_table2_affected_runtimes/rust-edp/ && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > rustup-init.sh && sh ./rustup-init.sh -y && source ~/.cargo/env && rustup default nightly-2020-02-01 && rustup target add x86_64-fortanix-unknown-sgx --toolchain nightly-2020-02-01 && rustc --version && cd rust-sgx-fpu/ && cargo install --locked --path ./fortanix-sgx-tools fortanix-sgx-tools && cargo install --locked --path ./sgxs-tools sgxs-tools && cd ../hello-world/ && cargo build --target x86_64-fortanix-unknown-sgx"
- name: "Figure 4 - Vulnerable Intel SGX-SDK (reduced run to not exceed Travis timeout)"
env: SCRIPT="./sdk_helper.sh install_vulnerable && source ./sdk_helper.sh vulnerable && cd 03_section-4_controlled-channel && ./test_sim.sh && ./binary_search.py -a 100 && ./plot.py -f results.csv"
- name: "Figure 4 - Patched Intel SGX-SDK (reduced run to not exceed Travis timeout)"
env: SCRIPT="./sdk_helper.sh install_patched && source ./sdk_helper.sh patched && cd 03_section-4_controlled-channel && ./test_sim.sh && ./binary_search.py -a 100 && ./plot.py -f results.csv"
- name: "Table 3 - Vulnerable Intel SGX-SDK"
script:
- travis_wait 60 docker run $DOCKER_USERNAME/sgx-fpu /bin/bash -c "$SCRIPT"
env: SCRIPT="./sdk_helper.sh install_vulnerable && source ./sdk_helper.sh vulnerable && cd 04_section-5_mnist-javascript/eval/ && ./run_tests.py --simulator -a 100 --travis && ./eval.py -p test_output"
- name: "Table 3 - Patched Intel SGX-SDK"
script:
- travis_wait 60 docker run $DOCKER_USERNAME/sgx-fpu /bin/bash -c "$SCRIPT"
env: SCRIPT="./sdk_helper.sh install_patched && source ./sdk_helper.sh patched && cd 04_section-5_mnist-javascript/eval/ && ./run_tests.py --simulator -a 100 --travis && ./eval.py -p test_output"