From acb750b5e40ad6003d25b9f789022d35df997ce2 Mon Sep 17 00:00:00 2001 From: "Zheng, Qi" Date: Fri, 17 Sep 2021 16:06:07 +0800 Subject: [PATCH] Add remote attestation HW demo test Signed-off-by: Zheng, Qi --- .github/workflows/hw_mode_test.yml | 59 ++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/.github/workflows/hw_mode_test.yml b/.github/workflows/hw_mode_test.yml index 7b38aa16..c85bd902 100644 --- a/.github/workflows/hw_mode_test.yml +++ b/.github/workflows/hw_mode_test.yml @@ -1042,3 +1042,62 @@ jobs: - name: Clean the environment if: ${{ always() }} run: docker stop $tf_serving_test + + Remote_attestation_test: + if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} + runs-on: ${{ matrix.self_runner }} + strategy: + matrix: + self_runner: [[self-hosted, SGX2-HW]] + + steps: + - name: Clean before running + run: | + sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}" + + - name: Checkout code + if: github.event_name == 'push' + uses: actions/checkout@v2 + with: + submodules: true + + - name: Checkout code from fork + if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} + uses: actions/checkout@v2 + with: + ref: refs/pull/${{ github.event.pull_request.number }}/merge + submodules: true + + - name: Get Occlum version + run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; + + - name: Create container + run: | + if [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then + ra_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04); + else + echo "Unsupported Hardware" + fi; + echo "ra_test=$ra_test" >> $GITHUB_ENV + + - name: Update PCCS server + run: docker exec $ra_test bash -c "sed -r -i 's/PCCS_URL=https:\/\/localhost:8081\/sgx\/certification\/v3\//PCCS_URL=https:\/\/sgx-dcap-server.cn-shanghai.aliyuncs.com\/sgx\/certification\/v3\//g' /etc/sgx_default_qcnl.conf" + + - name: Change download source of crates.io + run: | + docker exec $ra_test bash -c "cat <<- EOF >/root/.cargo/config + [source.crates-io] + registry = \"https://github.com/rust-lang/crates.io-index\" + replace-with = 'ustc' + [source.ustc] + registry = \"git://mirrors.ustc.edu.cn/crates.io-index\" + EOF" + + - name: Build dependencies + run: docker exec $ra_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule" + + - name: Build source + run: docker exec $ra_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=y make install" + + - name: Build and run remote attestation demo + run: docker exec $ra_test bash -c "cd /root/occlum/demos/remote_attestation/dcap; ./run_dcap_quote_on_occlum.sh"