[Assignment-7] update Makefile and simulate.sh
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m0s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m6s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 33s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 9s
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m0s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m6s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 33s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 9s
This commit is contained in:
Sascha Tommasone
parent
8e9502871b
commit
870343b41c
GPG key ID:
751068A86FCAA217
2 changed files with 7 additions and 7 deletions
|
|
@ -75,7 +75,7 @@ else
|
||||||
endif
|
endif
|
||||||
|
|
||||||
App_C_Files := app/main.c app/proxy.c app/proxysetup.c app/employee.c app/util.c app/embedded_device.c
|
App_C_Files := app/main.c app/proxy.c app/proxysetup.c app/employee.c app/util.c app/embedded_device.c
|
||||||
App_Include_Paths := -IInclude -Iapp -I$(SGX_SDK)/include
|
App_Include_Paths := -IInclude -Iapp -I$(SGX_SDK)/include -I/usr/local/openssl-3.3.1/include
|
||||||
|
|
||||||
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
||||||
|
|
||||||
|
|
@ -91,8 +91,8 @@ else
|
||||||
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
||||||
endif
|
endif
|
||||||
|
|
||||||
Openssl_Link_Flags = `pkg-config --libs openssl`
|
OPENSSL := -Wl,-Bstatic -L/usr/local/openssl-3.3.1/lib64 -lssl -lcrypto -Wl,-Bdynamic -ldl
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread $(Openssl_Link_Flags)
|
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread -lsgx_urts $(OPENSSL)
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
ifneq ($(SGX_MODE), HW)
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
App_Link_Flags += -lsgx_uae_service_sim
|
||||||
|
|
@ -210,7 +210,7 @@ app/enclave_u.o: app/enclave_u.c
|
||||||
@echo "CC <= $<"
|
@echo "CC <= $<"
|
||||||
|
|
||||||
app/%.o: app/%.c
|
app/%.o: app/%.c
|
||||||
@$(CC) $(app_C_Flags) -c $< -o $@
|
@$(CC) $(App_C_Flags) -c $< -o $@
|
||||||
@echo "CC <= $<"
|
@echo "CC <= $<"
|
||||||
|
|
||||||
$(App_Name): app/enclave_u.o $(App_C_Objects)
|
$(App_Name): app/enclave_u.o $(App_C_Objects)
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ echo "As she settled in, the IT team, always vigilant, prepared the signature pr
|
||||||
echo "The proxy was now ready to guard the integrity of their firmware."
|
echo "The proxy was now ready to guard the integrity of their firmware."
|
||||||
|
|
||||||
echo "With the proxy ready, Alice compiled the latest stable version of the firmware. This firmware would soon run on life-saving medical devices, a fact that weighed heavily on her as she meticulously checked every detail."
|
echo "With the proxy ready, Alice compiled the latest stable version of the firmware. This firmware would soon run on life-saving medical devices, a fact that weighed heavily on her as she meticulously checked every detail."
|
||||||
dd if=/dev/urandom of=$TMP/firmware.bin bs=1G count=1 &> /dev/null
|
dd if=/dev/urandom of=$TMP/firmware.bin bs=1M count=1 2> /dev/null
|
||||||
|
|
||||||
echo "Once satisfied with the build, Alice signed the firmware with her private key. This was her mark, an assurance to the company that the firmware came from a trusted source."
|
echo "Once satisfied with the build, Alice signed the firmware with her private key. This was her mark, an assurance to the company that the firmware came from a trusted source."
|
||||||
./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der
|
./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der
|
||||||
|
|
@ -31,8 +31,8 @@ echo "Oskar, driven by his vendetta, signed the firmware with his private key, i
|
||||||
./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der
|
./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der
|
||||||
|
|
||||||
echo "With a smug grin, he tried to pass his signed firmware through the proxy. But the system was built to withstand such threats. The proxy, ever vigilant, scrutinized the incoming data."
|
echo "With a smug grin, he tried to pass his signed firmware through the proxy. But the system was built to withstand such threats. The proxy, ever vigilant, scrutinized the incoming data."
|
||||||
cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der && echo "Oskar's firmware signing attempt seemed successful. (This should not happen in a secure system!)" || echo "The proxy detected Oskar's unauthorized key and rejected the firmware. His malicious intent was thwarted, and the firmware remained secure."
|
cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der 2> /dev/null && echo "Oskar's firmware signing attempt seemed successful. (This should not happen in a secure system!)" || echo "The proxy detected Oskar's unauthorized key and rejected the firmware. His malicious intent was thwarted, and the firmware remained secure."
|
||||||
|
|
||||||
echo "With Oskar's attempt foiled, Embedded Solutions could breathe a sigh of relief. The integrity of their firmware was intact, safeguarded by the robust security measures of their signature proxy system. Alice and her team could continue their work with confidence, knowing that their systems were safe from internal and external threats."
|
echo "With Oskar's attempt foiled, Embedded Solutions could breathe a sigh of relief. The integrity of their firmware was intact, safeguarded by the robust security measures of their signature proxy system. Alice and her team could continue their work with confidence, knowing that their systems were safe from internal and external threats."
|
||||||
|
|
||||||
echo "This concludes the story of Alice, Oskar, and the secure firmware signing process at Embedded Solutions Inc. Through the diligent efforts of trusted employees and advanced security technology, the integrity and safety of their embedded devices were preserved."
|
echo "This concludes the story of Alice, Oskar, and the secure firmware signing process at Embedded Solutions Inc. Through the diligent efforts of trusted employees and advanced security technology, the integrity and safety of their embedded devices were preserved."
|
||||||
Loading…
Reference in a new issue