From 4c4e22278a92eb4967ce3a75b441f36e60c1b185 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 8 Oct 2024 17:52:40 +0100 Subject: [PATCH] psw/ae: blank out ld-linux.so interpretor path from AEs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The enclaves are getting built as ELF executables, and thus the linker will embed the current ld-linux.so path for the host OS environment in the binary: $ readelf -a libsgx_pce.signed.so | grep interpreter [Requesting program interpreter: /nix/store/xmprbk52mlcdsljz66m8yf7cf0xf36n1-glibc-2.38-44/lib/ld-linux-x86-64.so.2] The SGX enclaves are never loaded using ld-linux.so, as SGX has custom code for loading enclaves in the required manner. This embedded ld-linux.so path thus serves no functional purpose, while also making it harder to do a reproducible build of the enclaves outside of the NixOS environment. This patch blanks out the NixOX interpretor path, by setting it to the empty string. Fixes: https://github.com/intel/linux-sgx/issues/1040 Signed-off-by: Daniel P. Berrangé --- psw/ae/buildenv.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/psw/ae/buildenv.mk b/psw/ae/buildenv.mk index c92cc9371..6501e6387 100644 --- a/psw/ae/buildenv.mk +++ b/psw/ae/buildenv.mk @@ -78,7 +78,7 @@ LDTFLAGS = -L$(SGX_LIB_DIR) -Wl,--whole-archive $(TRTSLIB) -Wl,--no-whole-archi -Wl,--start-group $(EXTERNAL_LIB) -Wl,--end-group -Wl,--build-id \ -Wl,--version-script=$(ROOT_DIR)/build-scripts/enclave.lds $(ENCLAVE_LDFLAGS) -LDTFLAGS += -Wl,-Map=out.map -Wl,--undefined=version -Wl,--gc-sections +LDTFLAGS += -Wl,-Map=out.map -Wl,--undefined=version -Wl,--gc-sections -Wl,-dynamic-linker, DEFINES := -D__linux__