Migrating Makefile to Autotools

Signed-off-by: Larry Dewey <[email protected]>

Makefile.am

@@ -0,0 +1 @@
+SUBDIRS = src

configure.ac

@@ -0,0 +1,61 @@
+dnl Init the autoconf process
+dnl (Program Name and Version Number)
+AC_INIT(sev-tool, 1.7)
+
+
+dnl Safety checks in case user overwritten --srcdir
+AC_CONFIG_SRCDIR(./src/sevapi.h)
+
+dnl Store the auxiliary build tools (e.g., install-sh, config.sub, config.guess)
+dnl in this dir (build-aux)
+AC_CONFIG_AUX_DIR(build-aux)
+
+dnl Check that OpenSSL is >= 1.1.0 by looking for version specific APIs
+AC_SEARCH_LIBS(EVP_PKEY_base_id, crypto, [],
+			   [AC_MSG_ERROR([Incompatible version of OpenSSL found])])
+
+dnl Commented out because we are currently using sev-tool/lib/psp-sev.h
+dnl
+dnl Ensure that the SEV header is present in glibc.
+dnl AC_CHECK_HEADER(/usr/include/linux/psp-sev.h, [],
+dnl                 [AC_MSG_ERROR([Necessary libraries are missing])])
+
+dnl Init automake, and specify this program use relaxed structures.
+dnl i.e. this program doesn't follow the gnu coding standards, and doesn't have
+dnl ChangeLog, COPYING, AUTHORS, INSTALL, README etc. files.
+AM_INIT_AUTOMAKE([-Wall -Werror foreign])
+
+AC_CANONICAL_HOST
+
+build_linux=no
+build_windows=no
+build_mac=no
+
+case "${host_os}" in
+	linux*)
+		build_linux=yes
+		;;
+	cygwin*|mingw*)
+		build_windows=yes
+		;;
+	darwin*)
+		build_mac=yes
+		;;
+	*)
+		AC_MSG_ERROR(["OS $host_os is not supported"])
+		;;
+esac
+
+AM_CONDITIONAL([LINUX], [test "$build_linux" = "yes"])
+AM_CONDITIONAL([WINDOWS], [test "$build_windows" = "yes"])
+AM_CONDITIONAL([OSX], [test "$build_mac" = "yes"])
+
+dnl Check for C++ compiler
+AC_PROG_CXX
+
+dnl Tells automake to create a Makefile
+dnl See https://www.gnu.org/software/automake/manual/html_node/Requirements.html
+AC_CONFIG_FILES([Makefile src/Makefile])
+
+dnl Generate the output
+AC_OUTPUT

build.sh → deps-install.sh

@@ -44,10 +44,6 @@ else
   }
 fi
 
-# save the current directory to we can go back to it at the end
-OLD_DIR=$(pwd)
-debug $LINENO ":" "OLD_DIR => " ${OLD_DIR}
-
 OS_RELEASE=$(cat /etc/os-release)
 debug $LINENO ":" "OS_RELEASE => " ${OS_RELEASE}
 
@@ -125,20 +121,117 @@ then
     fi
 fi
 
+fcomp()
+{
+	python -c "print(0 if '${1}' < '${2}' else 1)"
+}
+
+check_ssl()
+{
+	SSL_VERSION="1.1.0j"
+	ACCEPTED_SSL_VERSION="1.1.0"
+	SYSTEM_SSL_VERSION=$(openssl version | awk '{print $2}' | sed "s/[a-zA-Z-]//g")
+
+	CURRENT_DIR=$(pwd)
+
+	if [ $(fcomp ${SYSTEM_SSL_VERSION} ${ACCEPTED_SSL_VERSION}) ] &&
+	   [ ! -d ./openssl/ ]
+	then
+		debug $LINENO ":" "Local directory of openssl not detected..."
+		echo "Your version of openssl is not new enough!"
+		echo "Would you like to build a self-contained instance of the required openssl version"
+		printf "(internet connection required)? [y/N] "
+		read ssl_response
+
+		case ${ssl_response} in
+			[yY]*)
+				debug $LINENO ":" "User responded with YES."
+
+				echo "Downloading, compiling, and building against openssl version ${SSL_VERSION}"
+
+				# Download an acceptable version of openssl
+				wget https://www.openssl.org/source/openssl-${SSL_VERSION}.tar.gz
+
+				# create openssl directory
+				mkdir -p openssl
+
+				# Extract the tarball.
+				tar -xf openssl-${SSL_VERSION}.tar.gz -C openssl --strip-components 1
+
+				# Removing the tarball.
+				rm -f openssl-${SSL_VERSION}.tar.gz
+
+				# Enter the openssl directory, and build the library.
+				cd openssl/
+				./config
+				make -j64
+
+				cd ${CURRENT_DIR}
+
+				# Remove system ssl libraries from src Makefile.am
+				sed -i 's/^\# linked.*$//g' src/Makefile.am
+				sed -i 's/^sevtool_LDADD.*$//g' src/Makefile.am
+
+				# Add local ssl libraries to the src Makefile.am
+				echo "SSL_DIR=../openssl" >> src/Makefile.am
+				echo "sevtool_LDADD = \$(SSL_DIR)/libcrypto.a -ldl" >> src/Makefile.am
+				echo "sevtool_CXXFLAGS += -isystem \$(SSL_DIR)/include -isystem \$(SSL_DIR)" >> src/Makefile.am
+				;;
+			*)
+				debug $LINENO ":" "User responded with no."
+				echo "You will need to make sure you manually install all required dependencies."
+				;;
+		esac
+	elif [ $(fcomp ${SYSTEM_SSL_VERSION} ${ACCEPTED_SSL_VERSION}) ] &&
+		 [ -d ./openssl/ ]
+	then
+		debug $LINENO ":" "Local directory of openssl detected..."
+		echo "Your version of openssl is not new enough!"
+		printf "Would you like to locally compile and build against the appropriate version? [y/N] "
+		read ssl_response
+
+		case ${ssl_response} in
+			[yY]*)
+				# Enter the openssl directory, and rebuild the library.
+				cd openssl/
+				./config
+				make -j64
+
+				# No adjustments to the automake file should be necessary as they were already done once.
+
+				cd ${CURRENT_DIR}
+				;;
+			*)
+				debug $LINENO ":" "User responded with no."
+				echo "You will need to make sure you manually install all required dependencies."
+				;;
+		esac
+	else
+		debug $LINENO ":" "Proper version of openssl detected as system install."
+	fi
+}
+
 # Install dependencies if they are needed.
 if [ ${NEED_DEPS} -eq 1 ]
 then
-    debug $LINENO ":" "A dependency is missing, installing now."
-    debug $LINENO ":" "Running Command: \"sudo ${INSTALLER} install -y git make gcc "\
-          "zip ${SSL_DEV} ${GCC_CPP}\""
-    sudo ${INSTALLER} install -y git make gcc zip wget libssl-dev ${SSL_DEV} ${GCC_CPP}
+	echo   "One or more required software dependencies are missing on your system."
+	printf "Would you like to have them automatically installed? [y/N] "
+	read response
+
+	case ${response} in
+		[yY]*)
+			debug $LINENO ":" "User responded with YES."
+			debug $LINENO ":" "Running Command: \"sudo ${INSTALLER} install -y git make gcc "\
+				  "zip wget autoconf ${SSL_DEV} ${GCC_CPP}\""
+			sudo ${INSTALLER} install -y git make gcc zip wget autoconf ${SSL_DEV} ${GCC_CPP}
+			;;
+		*)
+			debug $LINENO ":" "User responded with no."
+			echo "You will need to make sure you manually install all required dependencies."
+			;;
+	esac
 fi
 
-# Rebuild SEV Tool binary
-cd src/
-make clean
-make -j64
-cd ../
+check_ssl
 
-# Return to original directory
-cd ${OLD_DIR}
+echo "With all dependencies met, you should be able to run \"autoreconf -if && ./configure && make\" to compile the sevtool."

readme.md

@@ -9,7 +9,7 @@ Updated: 2019-04-08
 - The SEV API can be found here: https://developer.amd.com/sev/
 
 ## OS Requirements
-  - Your Kernel must support SEV. 
+  - Your Kernel must support SEV.
   - If running Linux, the ccp Kernel driver must be running and supported, as that is how the SEV-Tool communicates to the firmware. To tell if your Kernel supports SEV and the ccp driver is working correctly, run a dmesg and look for the following line:
      ```sh
       $ ccp [xxxx:xx:xx.x]: SEV API:x.xx build:x
@@ -27,12 +27,18 @@ Updated: 2019-04-08
     - https://packages.ubuntu.com/bionic-updates/amd64/libssl-dev/download
     - https://packages.ubuntu.com/bionic-updates/amd64/libssl1.1/download
     - sudo dpkg -i [DEB_PACKAGE]
+	- __OR__ you may run the `deps-install.sh` script to meet this
+	  requirement (see below).
   - Ubuntu 18.04 might not come with OpenSSL 1.1.x pre-installed, so it will need to updated through apt-get
 
 ## Downloading the SEV-Tool
 1. Boot into a Kernel that supports SEV (see above to confirm your Kernel supports SEV)
-2. Install git, make, gcc, g++ and dependencies
-   - If running Debian, Ubuntu
+2. Install git, make, gcc, g++, and openssl dependencies
+   - In most cases, you can run `deps-install.sh`.
+     ```sh
+	  $ sh deps-install.sh
+	 ```
+   - If you would like to manually install dependencies, and are running Debian, Ubuntu
      ```sh
       $ sudo apt install git make gcc g++ -y --allow-unauthenticated
      ```
@@ -41,26 +47,25 @@ Updated: 2019-04-08
      ```sh
      $ git clone [email protected]:AMDESE/sev-tool.git
      ```
-3. Compile the SEV-Tool. 
+3. Compile the SEV-Tool.
    - Running the build script does the following things:
       - Downloads, configs, and builds the OpenSSL Git code (submodule init/update)
       - Cleans and builds the SEV-Tool
    - To run the build script
      ```sh
      $ cd sev-tool
-     $ sh ./build.sh
+     $ autoreconf -vif && ./configure && make
      ```
 
 ## How to Run the SEV-Tool
 1. Pull latest changes from Git for any new added/modified tests
      ```sh
      $ cd sev-tool
      $ git pull
-     $ sh ./build.sh
+     $ autoreconf -vif && ./configure && make
      ```
 2.	Run the tool with the help flag (-h or --help):
      ```sh
-     $ cd src
      $ sudo ./sevtool -h
      ```
 - The help menu (and also the documentation below) will provide you with instructions on input parameters, etc
@@ -69,7 +74,7 @@ Updated: 2019-04-08
 - The input flag format for every command is as follows and will be explained further in the coming sections
      ```sh
      $ sudo ./sevtool [optional_input_flags] [command_flag] [required_command_arguments]
-     ``` 
+     ```
 
 ## Optional Input Flags for Every Command
 * The -h or --help flag will display the help menu to the user
@@ -138,7 +143,7 @@ Note: All input and output cert's mentioned below are SEV (special format) Certs
 1. factory_reset
      - Input args: none
      - Outputs: none
-     - Note: in the current SEV API, this command was renamed to PLATFORM_RESET 
+     - Note: in the current SEV API, this command was renamed to PLATFORM_RESET
      - Example
          ```sh
          $ sudo ./sevtool --factory_reset
@@ -160,8 +165,8 @@ Note: All input and output cert's mentioned below are SEV (special format) Certs
 4. pek_csr
      - Optional input args: --ofolder [folder_path]
          - This allows the user to specify the folder where the tool will export the certificate signing request
-     - Outputs: 
-         - If --[verbose] flag used: The pek_csr will be printed out to the screen as a hex dump and as a readable format 
+     - Outputs:
+         - If --[verbose] flag used: The pek_csr will be printed out to the screen as a hex dump and as a readable format
          - If --[ofolder] flag used: The pek_csr will be written as files to the specified folder as a hex dump and as a readable format. Files: pek_csr_out.cert and pek_csr_out_readable.cert
      - Example
          ```sh
@@ -186,7 +191,7 @@ Note: All input and output cert's mentioned below are SEV (special format) Certs
          ```
 7. pek_cert_import
 This command imports an OCA private key from the user, runs a platform_status command to get the API major/minor used to create the certificate, runs the pek_csr to create the PEK certificate signing request, signs the PEK signing request with the OCA private key, and calls pek_cert_import to import the PEK and OCA certificates.
-     - Required input args: The unencrypted OCA Private key file (.pem). 
+     - Required input args: The unencrypted OCA Private key file (.pem).
      - Outputs: none
      - Example
          ```sh
@@ -272,15 +277,15 @@ This command calls the get_id command and passes that ID into the AMD KDS server
                Digest: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                MNonce: 4fbe0bedbad6c86ae8f68971d103e554
                TIK: 66320db73158a35a255d051758e95ed4
-            
+
              Output Measurement:
              6faab2daae389bcd3405a05d6cafe33c0414f7bedd0bae19ba5f38b7fd1664ea
-     
+
             Command Successful
          ```
     - Note that, for security reasons, the TIK will not be shown when the user runs the tool
 15. validate_cert_chain
-     - This function imports the entire cert chain as separate cert files and validates it. 
+     - This function imports the entire cert chain as separate cert files and validates it.
      - When calling this command, please unzip the certs into the folder you expect the tool to use.
      - The steps are as follows:
         - Imports the PDH, PEK, OCA, CEK, ASK, and ARK certs
@@ -307,7 +312,7 @@ This command calls the get_id command and passes that ID into the AMD KDS server
          $ sudo ./sevtool --ofolder ./certs --generate_launch_blob 39
          ```
 17. package_secret
-     - This command reads in the file generated by generate_launch_blob (launch_blob.txt) to get the TEK and also reads in the secert file (secret.txt) to be encrypted/wrapped by the TEK. It then outputs a file (packaged_secret.txt) which is then passed into Launch_Secret as part of the normal API flow 
+     - This command reads in the file generated by generate_launch_blob (launch_blob.txt) to get the TEK and also reads in the secert file (secret.txt) to be encrypted/wrapped by the TEK. It then outputs a file (packaged_secret.txt) which is then passed into Launch_Secret as part of the normal API flow
      - Required input args: --ofolder [folder_path]
          - This allows the user to specify the folder where the tool will look for the launch blob file and the secrets file, and where it will export the packaged secret file to
      - Outputs:
@@ -318,10 +323,10 @@ This command calls the get_id command and passes that ID into the AMD KDS server
          ```
 
 ## Running tests
-To run tests to check that each command is functioning correctly, run the test_all command and check that the entire thing returns success. 
+To run tests to check that each command is functioning correctly, run the test_all command and check that the entire thing returns success.
 1. test_all
      - Required input args: --ofolder [folder_path]
-         - Make a directly that the tests can use to store certs/data in during the test. Note that the tool will clear this directly before the tests are run.   
+         - Make a directly that the tests can use to store certs/data in during the test. Note that the tool will clear this directly before the tests are run.
      - Example
          ```sh
          $ sudo ./sevtool --ofolder ./tests --test_all

src/Makefile.am

@@ -0,0 +1,18 @@
+# The name of the resulting application after it is build.
+bin_PROGRAMS = sevtool
+
+sevtool_SOURCES = amdcert.cpp commands.cpp\
+				  main.cpp sevcert.cpp\
+				  utilities.cpp tests.cpp
+if LINUX
+sevtool_SOURCES += sevcore_linux.cpp
+else
+sevtool_SOURCES += sevcore_win.cpp
+endif
+
+# linked libraries
+sevtool_LDADD = -lcrypto -lssl
+
+# Compilation flags
+sevtool_CXXFLAGS = -g -Wall -Wextra -Wconversion -pthread -std=c++11 -I../lib
+

src/sevcore_linux.cpp

@@ -17,7 +17,7 @@
 #ifdef __linux__
 #include "sevcore.h"
 #include "utilities.h"
-#include "linux/psp-sev.h"
+#include "psp-sev.h"
 #include <sys/ioctl.h>      // for ioctl()
 #include <sys/mman.h>       // for mmap() and friends
 #include <cstdio>           // for std::rename