diff --git a/example/README.md b/example/README.md index 332ada1a..40427903 100644 --- a/example/README.md +++ b/example/README.md @@ -7,7 +7,7 @@ This example introduces the development and deployment of a whole-flow confident ## Highlights -* Whole-flow sensitive data protection by utilizing the Occlum [`Init-RA`](../demos/remote_attestation/init_ra_flow/) solution. +* Whole-flow sensitive data protection by utilizing the Occlum [`GRPC RATLS`](../../tools/toolchains/grpc_ratls/) solution. * Directly generate inference service (`Tensorflow-serving`) running in TEE from Docker image (`tensorflow/serving`) without modification. @@ -88,7 +88,7 @@ Below are the two Occlum images. * **occlum_server** It works as the role of GRPC-RATLS server. -The primary content are from demo [`ra_tls`](../demos/ra_tls). +The primary content are from toolchain [`ra_tls`](../tools/toolchains/grpc_ratls). * **occlum_tf** diff --git a/example/build_content.sh b/example/build_content.sh index 307442c7..bba80f8f 100755 --- a/example/build_content.sh +++ b/example/build_content.sh @@ -3,22 +3,14 @@ set -e script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -export DEP_LIBS_DIR="${script_dir}/dep_libs" export INITRA_DIR="${script_dir}/init_ra" -export RATLS_DIR="${script_dir}/../demos/ra_tls" +export RATLS_DIR="${script_dir}/../tools/toolchains/grpc_ratls" export TF_DIR="${script_dir}/tf_serving" function build_ratls() { - rm -rf ${DEP_LIBS_DIR} && mkdir ${DEP_LIBS_DIR} pushd ${RATLS_DIR} - ./download_and_prepare.sh - ./build_and_install.sh musl - ./build_occlum_instance.sh musl - - cp ./grpc-src/examples/cpp/ratls/build/libgrpc_ratls_client.so ${DEP_LIBS_DIR}/ - cp ./grpc-src/examples/cpp/ratls/build/libhw_grpc_proto.so ${DEP_LIBS_DIR}/ - + ./build.sh popd } diff --git a/example/init_ra/build.rs b/example/init_ra/build.rs index 8a70a4cd..f3d489f5 100644 --- a/example/init_ra/build.rs +++ b/example/init_ra/build.rs @@ -1,5 +1,7 @@ fn main() { - println!("cargo:rustc-link-search=native=../dep_libs"); + println!("cargo:rustc-link-search=native=/opt/occlum/toolchains/dcap_lib/musl"); + println!("cargo:rustc-link-search=native=/opt/occlum/toolchains/grpc_ratls/musl"); println!("cargo:rustc-link-lib=dylib=grpc_ratls_client"); println!("cargo:rustc-link-lib=dylib=hw_grpc_proto"); + println!("cargo:rustc-link-lib=dylib=occlum_dcap") } \ No newline at end of file diff --git a/example/init_ra_client.yaml b/example/init_ra_client.yaml index 300599d1..47fe9553 100644 --- a/example/init_ra_client.yaml +++ b/example/init_ra_client.yaml @@ -8,12 +8,14 @@ targets: - target: /lib/ copy: - files: - - ${DEP_LIBS_DIR}/libgrpc_ratls_client.so + - /opt/occlum/toolchains/grpc_ratls/musl/libgrpc_ratls_client.so + - /opt/occlum/toolchains/grpc_ratls/musl/libhw_grpc_proto.so + - /opt/occlum/toolchains/dcap_lib/musl/libocclum_dcap.so.0.1.0 - target: / copy: - files: - dynamic_config.json - - target: /usr/share/grpc/ + - target: /etc copy: - - files: - - ${RATLS_DIR}/grpc-src/etc/roots.pem + - dirs: + - /etc/ssl diff --git a/example/ra_server.yaml b/example/ra_server.yaml index d7225594..450360b1 100644 --- a/example/ra_server.yaml +++ b/example/ra_server.yaml @@ -4,13 +4,15 @@ targets: - target: /bin/ copy: - files: - - ${RATLS_DIR}/grpc-src/examples/cpp/ratls/build/server + - /opt/occlum/toolchains/grpc_ratls/musl/server + - target: /lib/ + copy: + - files: + - /opt/occlum/toolchains/grpc_ratls/musl/libgrpc_ratls_server.so + - /opt/occlum/toolchains/grpc_ratls/musl/libhw_grpc_proto.so + - /opt/occlum/toolchains/dcap_lib/musl/libocclum_dcap.so.0.1.0 - target: / copy: - files: - dynamic_config.json - ../secret_config.json - - target: /usr/share/grpc/ - copy: - - files: - - ${RATLS_DIR}/grpc-src/etc/roots.pem