Fix init_ra HW action timing issue

.github/workflows/hw_mode_test.yml

@@ -835,57 +835,6 @@ jobs:
       if: ${{ always() }}
       run: docker stop ${{ env.CONTAINER_NAME }}
 
-  RA_TLS_test:
-    if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
-    runs-on: ${{ matrix.self_runner }}
-    strategy:
-      matrix:
-        self_runner: [[self-hosted, SGX2-HW]]
-
-    steps:
-    - name: Clean before running
-      run: |
-        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
-
-    - name: Checkout code
-      if: github.event_name == 'push'
-      uses: actions/checkout@v2
-      with:
-        submodules: true
-
-    - name: Checkout code from fork
-      if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
-      uses: actions/checkout@v2
-      with:
-        ref: refs/pull/${{ github.event.pull_request.number }}/merge
-        submodules: true
-
-    - uses: ./.github/workflows/composite_action/hw
-      with:
-        container-name: ${{ github.job }}
-        build-envs: 'OCCLUM_RELEASE_BUILD=1'
-
-    - name: Download source code
-      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/ra_tls; ./download_and_prepare.sh"
-    
-    - name: Build and install gRPC+RATLS
-      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/ra_tls; ./build_and_install.sh musl"
-
-    - name: Build occlum instances
-      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/ra_tls; ./build_occlum_instance.sh musl"
-
-    - name: Run gRPC server
-      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/ra_tls; ./run.sh server &"
-    
-    - name: Run gRPC client
-      run: |
-        sleep ${{ env.nap_time }};
-        docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/ra_tls; ./run.sh client cert"
- 
-    - name: Clean the environment
-      if: ${{ always() }}
-      run: docker stop ${{ env.CONTAINER_NAME }}
-
   Init_RA_test:
     if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
     runs-on: ${{ matrix.self_runner }}
@@ -916,21 +865,22 @@ jobs:
         container-name: ${{ github.job }}
         build-envs: 'OCCLUM_RELEASE_BUILD=1'
 
-    - name: Build the init-ra all content
+    - name: Install dependencies
-      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/init_ra_flow; ./build_content.sh"
+      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "apt update && apt install -y netcat"
 
-    - name: Run init-ra server and client(flask-tls) on backgroud
+    - name: Build the init-ra all content
-      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/init_ra_flow; ./run.sh"
+      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum/demos/remote_attestation/init_ra_flow; ./build_content.sh"
+
+    - name: Run init-ra server and client(flask-tls) on backgroud tiil ready
+      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/init_ra_flow; ./run_till_ready.sh"
 
     - name: Test PUT data with certificate
-      run: |
+      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/init_ra_flow;
-        docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/init_ra_flow;
+            curl --cacert flask.crt -X PUT https://localhost:4996/customer/1 -d "data=Tom""
-        curl --cacert flask.crt -X PUT https://localhost:4996/customer/1 -d "data=Tom"
 
     - name: Test GET data with certificate
-      run: |
+      run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/init_ra_flow;
-        docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/init_ra_flow;
+            curl --cacert flask.crt -X GET https://localhost:4996/customer/1"
-        curl --cacert flask.crt -X GET https://localhost:4996/customer/1
 
     - name: Clean the environment
       if: ${{ always() }}

demos/remote_attestation/init_ra_flow/run_till_ready.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+set -e
+
+GRPC_SERVER_IP=localhost
+GRPC_SERVER_PORT=50051
+FLASK_SERVER_IP=localhost
+FLASK_SERVER_PORT=4996
+
+echo "Start GRPC server on backgound ..."
+
+pushd occlum_server
+occlum run /bin/server &
+popd
+
+while ! nc -z $GRPC_SERVER_IP $GRPC_SERVER_PORT; do
+  sleep 1
+done
+
+echo "Start Flask-TLS restful web portal on backgound ..."
+
+pushd occlum_client
+occlum run /bin/rest_api.py &
+popd
+
+while ! nc -z $FLASK_SERVER_IP $FLASK_SERVER_PORT; do
+  sleep 1
+done

docs/remote_attestation.md

@@ -26,6 +26,12 @@ For details how to use the library, please refer to the [`demo`](../demos/remote
 
 The source code of the library is in the [`path`](../tools/toolchains/dcap_lib/).
 
+## Init-RA solution
+
+To ease the effort to utilize the remote attestation in real project, Occlum provides a `Init RA` way to seperate the RA operation and the actual application. With this way, the APP developers don't need know too much about the RA and the application doesn't need to be modified for RA.
+
+Details please refer to the demo [`init_ra_flow`](demos/remote_attestation/init_ra_flow).
+
 ## SGX KSS (Key Separation and Sharing feature) support
 
 Starting from SGX2, there is a new Key Separation and Sharing feature which provides more  flexibility. The new feature gives user a chance to fill in some meaningful information to the enclave either in the signing or running stage.