general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update some documents

Browse Source
This commit is contained in:
Hui, Chunyang 2022-06-30 11:19:19 +00:00 committed by volcano
parent e3ba85d1f0
commit 6812b5dd67
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@ -88,7 +88,7 @@ Occlum can be configured easily via a configuration file named `Occlum.json`, wh
"default_stack_size": "4MB", "default_stack_size": "4MB",
// The max size of memory allocated by brk syscall // The max size of memory allocated by brk syscall
"default_heap_size": "16MB", "default_heap_size": "16MB",
// The max size of memory by mmap syscall // The max size of memory by mmap syscall (OBSOLETE. Users don't need to modify this field. Keep it only for compatibility)
"default_mmap_size": "32MB" "default_mmap_size": "32MB"
}, },
// Entry points // Entry points
@ -185,24 +185,24 @@ occlum stop
## How to Use? ## How to Use?
We have built and tested Occlum on Ubuntu 18.04 with or without hardware SGX support (if the CPU does not support SGX, Occlum can be run in the SGX simulation mode). To give Occlum a quick try, one can use the Occlum Docker image by following the steps below: We have built and tested Occlum on Ubuntu 20.04 with or without hardware SGX support (if the CPU does not support SGX, Occlum can be run in the SGX simulation mode). To give Occlum a quick try, one can use the Occlum Docker image by following the steps below:
Step 1-3 are to be done on the host OS (Linux): Step 1-3 are to be done on the host OS (Linux):
1. Install [Intel SGX driver for Linux](https://github.com/intel/linux-sgx-driver), which is required by Intel SGX SDK. 1. For Linux kernel before 5.11, [Intel SGX driver for Linux](https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/driver/linux) must be installed manually.
2. Install [enable_rdfsbase kernel module](https://github.com/occlum/enable_rdfsbase), which enables Occlum to use `rdfsbase`-family instructions in enclaves. 2. For Linux kernel before 5.9, install [enable_rdfsbase kernel module](https://github.com/occlum/enable_rdfsbase), which enables Occlum to use `rdfsbase`-family instructions in enclaves.
3. Run the Occlum Docker container, which has Occlum and its demos preinstalled: 3. Run the Occlum Docker container, which has Occlum and its demos preinstalled:
For old IAS driver (not DCAP aware): For old IAS driver (not DCAP aware):
```bash ```bash
docker run -it --device /dev/isgx occlum/occlum:[version]-ubuntu18.04 docker run -it --device /dev/isgx occlum/occlum:[version]-ubuntu20.04
``` ```
For DCAP driver before v1.41: For DCAP driver before v1.41:
```bash ```bash
docker run -it --device /dev/sgx/enclave --device /dev/sgx/provision occlum/occlum:[version]-ubuntu18.04 docker run -it --device /dev/sgx/enclave --device /dev/sgx/provision occlum/occlum:[version]-ubuntu20.04
``` ```
For DCAP driver since v1.41 or in-tree kernel driver: For DCAP driver since v1.41 or in-tree kernel driver:
@ -211,10 +211,10 @@ Step 1-3 are to be done on the host OS (Linux):
# (1) Create softlinks on host # (1) Create softlinks on host
mkdir -p /dev/sgx mkdir -p /dev/sgx
cd /dev/sgx && ln -sf ../sgx_enclave enclave && ln -sf ../sgx_provision provision cd /dev/sgx && ln -sf ../sgx_enclave enclave && ln -sf ../sgx_provision provision
docker run -it --device /dev/sgx/enclave --device /dev/sgx/provision occlum/occlum:[version]-ubuntu18.04 docker run -it --device /dev/sgx/enclave --device /dev/sgx/provision occlum/occlum:[version]-ubuntu20.04
# (2) Create the docker with privileged mode # (2) Create the docker with privileged mode
docker run -it --privileged -v /dev/sgx_enclave:/dev/sgx/enclave -v /dev/sgx_provision:/dev/sgx/provision occlum/occlum:[version]-ubuntu18.04 docker run -it --privileged -v /dev/sgx_enclave:/dev/sgx/enclave -v /dev/sgx_provision:/dev/sgx/provision occlum/occlum:[version]-ubuntu20.04
``` ```
Step 4-5 are to be done on the guest OS running inside the Docker container: Step 4-5 are to be done on the guest OS running inside the Docker container:
@ -279,6 +279,8 @@ Occlum supports running any executable binaries that are 1) based on [musl libc]
The two aforementioned requirements are not only satisfied by the Occlum toolchain, but also the native toolchains from some Linux distributions, e.g., [Alpine Linux](https://www.alpinelinux.org/). We think Alpine Linux, a popular Linux distribution that emphasizes simplicity and security, is a natural fit for Occlum. We have provided demos (see [Python](demos/python/)) to run unmodified apps from [Alpine Linux packages](https://pkgs.alpinelinux.org/packages). The two aforementioned requirements are not only satisfied by the Occlum toolchain, but also the native toolchains from some Linux distributions, e.g., [Alpine Linux](https://www.alpinelinux.org/). We think Alpine Linux, a popular Linux distribution that emphasizes simplicity and security, is a natural fit for Occlum. We have provided demos (see [Python](demos/python/)) to run unmodified apps from [Alpine Linux packages](https://pkgs.alpinelinux.org/packages).
Since `0.19.0`, Occlum added Glibc support. Thus, now users can run executables from popular Linux distributions (e.g., Ubuntu) on Occlum without recompiling them.
## How to Debug? ## How to Debug?
To debug an app running upon Occlum, one can harness Occlum's builtin support for GDB via `occlum gdb` command. More info can be found [here](demos/gdb_support/). To debug an app running upon Occlum, one can harness Occlum's builtin support for GDB via `occlum gdb` command. More info can be found [here](demos/gdb_support/).

2
docs/resource_config_guide.md
View File

@ -18,7 +18,7 @@ resources.
- Error message: `[____Mmap] Error = ENOMEM (#12, Out of memory): not - Error message: `[____Mmap] Error = ENOMEM (#12, Out of memory): not
enough memory` enough memory`
- Solution: Enlarge `process.default_mmap_size` - Solution: Enlarge `resource_limits.user_space_size`
2. Brk syscall error: 2. Brk syscall error:
- Error message: `[_____Brk] Error = EINVAL (#22, Invalid argument): New - Error message: `[_____Brk] Error = EINVAL (#22, Invalid argument): New