build nsm driver into aws targets

Makefile

@@ -122,6 +122,18 @@ $(OUT_DIR)/$(TARGET):
 $(CACHE_DIR):
 	mkdir -p $(CACHE_DIR)
 
+
+$(CACHE_DIR)/aws-nitro-enclaves-sdk-bootstrap/.git/HEAD:
+	$(call toolchain,$(USER), " \
+		cd /cache; \
+		git clone $(AWS_NITRO_DRIVER_REPO); \
+		cd aws-nitro-enclaves-sdk-bootstrap; \
+		git checkout $(AWS_NITRO_DRIVER_REF); \
+		git rev-parse --verify HEAD | grep -q $(AWS_NITRO_DRIVER_REF) || { \
+			echo 'Error: Git ref/branch collision.'; exit 1; \
+		}; \
+	")
+
 $(CACHE_DIR)/aws-nitro-enclaves-image-format/.git/HEAD:
 	$(call toolchain,$(USER), " \
 		cd /cache; \
@@ -254,7 +266,7 @@ $(CACHE_DIR)/linux-$(LINUX_VERSION)/usr/gen_init_cpio: \
 		gcc usr/gen_init_cpio.c -o usr/gen_init_cpio \
 	")
 
-$(OUT_DIR)/rootfs.cpio: \
+$(OUT_DIR)/$(TARGET)/rootfs.cpio: \
 	$(OUT_DIR)/busybox \
 	$(OUT_DIR)/init \
 	$(CACHE_DIR)/linux-$(LINUX_VERSION)/usr/gen_init_cpio
@@ -265,9 +277,13 @@ ifeq ($(DEBUG), true)
 	cp $(SRC_DIR)/scripts/busybox_init $(CACHE_DIR)/$(TARGET)/rootfs/init
 	cp $(OUT_DIR)/busybox $(CACHE_DIR)/$(TARGET)/rootfs/bin/
 	echo "file /bin/busybox /cache/rootfs/bin/busybox 0755 0 0" \
-		> $(CACHE_DIR)/$(TARGET)/rootfs.list
+		>> $(CACHE_DIR)/$(TARGET)/rootfs.list
 else
 	cp $(OUT_DIR)/init $(CACHE_DIR)/$(TARGET)/rootfs/init
+endif
+ifeq ($(TARGET), aws)
+	echo "file /nsm.ko /out/aws/nsm.ko 0755 0 0" \
+		>> $(CACHE_DIR)/$(TARGET)/rootfs.list
 endif
 	$(call toolchain,$(USER)," \
 		cd /cache/$(TARGET)/rootfs && \
@@ -275,9 +291,9 @@ endif
 		find . -mindepth 1 -printf '%P\0' && \
 		cd /cache/linux-$(LINUX_VERSION) && \
 		usr/gen_initramfs.sh \
-			-o /out/rootfs.cpio \
+			-o /out/$(TARGET)/rootfs.cpio \
 			/cache/$(TARGET)/rootfs.list && \
-		cpio -itv < /out/rootfs.cpio && \
+		cpio -itv < /out/$(TARGET)/rootfs.cpio && \
 		sha256sum /out/rootfs.cpio; \
 	")
 
@@ -287,6 +303,7 @@ $(OUT_DIR)/$(TARGET)/bzImage: \
 		cd /cache/linux-$(LINUX_VERSION) && \
 		cp /config/$(TARGET)/linux.config .config && \
 		make olddefconfig && \
+		make modules_prepare && \
 		make -j$(CPUS) ARCH=$(ARCH) bzImage && \
 		cp arch/x86_64/boot/bzImage /out/$(TARGET) && \
 		sha256sum /out/$(TARGET)/bzImage; \
@@ -301,6 +318,17 @@ ifeq ($(TARGET), aws)
 	")
 endif
 
+$(OUT_DIR)/aws/nsm.ko: \
+	$(CACHE_DIR)/aws-nitro-enclaves-sdk-bootstrap/.git/HEAD
+ifeq ($(TARGET), aws)
+	$(call toolchain,$(USER)," \
+		cd /cache/aws-nitro-enclaves-sdk-bootstrap/ \
+		&& make -C /cache/linux-$(LINUX_VERSION) M=/cache/aws-nitro-enclaves-sdk-bootstrap/nsm-driver \
+		&& cp nsm-driver/nsm.ko /out/aws/nsm.ko; \
+	")
+endif
+
+
 $(OUT_DIR)/aws/nitro.eif: \
 	$(OUT_DIR)/aws/eif_build \
 	$(OUT_DIR)/$(TARGET)/bzImage \

config/global.env

@@ -17,6 +17,9 @@ export BUSYBOX_KEY = C9E9416F76E610DBD09D040F47B70C55ACC9965B
 export LINUX_KEY = 647F28654894E3BD457199BE38DBBDC86092693E
 export LINUX_KEYS_REPO = https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git
 
+export AWS_NITRO_DRIVER_REPO = https://github.com/aws/aws-nitro-enclaves-sdk-bootstrap.git
+export AWS_NITRO_DRIVER_REF = ed24913346a34d719afa2031299253160a2e3460
+
 # Toolchain
 export DEBIAN_HASH = 1b8cc57a5e02f508b814f930e6451fdb27014ad4f64e0b42f46d0eae4c59af96
 export AWS_EIF_REF = 485fab0b37c1127347056f163c6cd0ae756f7cd0

src/init/init.c

@@ -182,8 +182,8 @@ void init_nsm_driver() {
 int main() {
     init_dev();
     init_console();
-    //init_nsm_driver();
+    init_nsm_driver();
     enclave_ready();
-    puts("\nHello World!\n");
+    puts("\nHello World with NSM!\n");
     reboot(RB_AUTOBOOT);
 }