|Cell/B.E. Security SDK: Building apps: Introduction||INFObomb|
|A quick read introducing how to build and secure applications with the Security SDK 3.0.||More INFObombs|
The normal process flow for building secure applications comprises the following steps:
Easy, right? Let's look a little closer.
Building and testing
The most common way to build and test a secure application would be to build and test the application as a non-secure application using all of the standard tools and libraries of the SDK, then modify the application to invoke the SPE emulated isolation mode. Please see the Cell Broadband Engine Programming Tutorial for instructions and tips for programming using the non-secure SDK.
Modifying an existing application to run in SPE isolation mode involves the following steps:
Again, what's the emulated isolation mode?
Before, you were stuck with using a security-enabled simulator to execute the runtime Cell/B.E. Security SDK stack. With the emulated isolation mode, you can develop and execute the stack on an IBM QS2x blade server or a regular (meaning: non-security-enabled) simulator. It allows the GNU project debugger GDB to work with the security application while you're developing it. If you're only planning to follow the first approach (not using the hardware SPU isolation feature), then this is the mode for you.
Bonus: The SPE Secure Application Build Tool, spu-isolated-app
The isolated SPE application build tool is a standalone application that signs and (optionally) encrypts the SPE secure application using the supplied keys. The specifics of the key usage model and hierarchy are described in the "Key Hierarchy" section of the original documentation or in the developerWorks quick-read installments starting with Cell/B.E. Security SDK: Key hierarchy from a high level.
The tool binary is installed as /opt/cell/sdk/prototype/usr/bin/spu-isolated-app. The source, installed by the cell-spu-isolation-tool-source rpm, is installed in the directory /opt/ibm/cell-sdk/prototype/src/tools/isolation. The flow at build-time is as follows:
The application is called with the following parameter list:
The build tool expects keys and certificates in PEM format. If you have keys or certificates in DER format, then you can convert to PEM format using openssl or other tools.
Editor's note: To wrap up this two-parter, next we'll look at a programming example.
Taken from the Cell BE Security SDK v3.0 Installation and User's Guide. Download the SDK. Check out some reference guides in the Cell Resource Center SDK library.
|ORIGINAL DOCUMENTATION | DOWNLOAD SDK | SDK LIBRARY | MORE INFObombs | BACK to BLOG | BACK to ZONE|