Add remote attestation HW demo test
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
This commit is contained in:
Zheng, Qi
Zongmin.Gu
parent
339f25a84b
commit
acb750b5e4
59
.github/workflows/hw_mode_test.yml
vendored
59
.github/workflows/hw_mode_test.yml
vendored
@ -1042,3 +1042,62 @@ jobs:
|
|||||||
- name: Clean the environment
|
- name: Clean the environment
|
||||||
if: ${{ always() }}
|
if: ${{ always() }}
|
||||||
run: docker stop $tf_serving_test
|
run: docker stop $tf_serving_test
|
||||||
|
|
||||||
|
Remote_attestation_test:
|
||||||
|
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
|
||||||
|
runs-on: ${{ matrix.self_runner }}
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
self_runner: [[self-hosted, SGX2-HW]]
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Clean before running
|
||||||
|
run: |
|
||||||
|
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
|
||||||
|
|
||||||
|
- name: Checkout code
|
||||||
|
if: github.event_name == 'push'
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
submodules: true
|
||||||
|
|
||||||
|
- name: Checkout code from fork
|
||||||
|
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||||
|
submodules: true
|
||||||
|
|
||||||
|
- name: Get Occlum version
|
||||||
|
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV;
|
||||||
|
|
||||||
|
- name: Create container
|
||||||
|
run: |
|
||||||
|
if [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
|
||||||
|
ra_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
|
||||||
|
else
|
||||||
|
echo "Unsupported Hardware"
|
||||||
|
fi;
|
||||||
|
echo "ra_test=$ra_test" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Update PCCS server
|
||||||
|
run: docker exec $ra_test bash -c "sed -r -i 's/PCCS_URL=https:\/\/localhost:8081\/sgx\/certification\/v3\//PCCS_URL=https:\/\/sgx-dcap-server.cn-shanghai.aliyuncs.com\/sgx\/certification\/v3\//g' /etc/sgx_default_qcnl.conf"
|
||||||
|
|
||||||
|
- name: Change download source of crates.io
|
||||||
|
run: |
|
||||||
|
docker exec $ra_test bash -c "cat <<- EOF >/root/.cargo/config
|
||||||
|
[source.crates-io]
|
||||||
|
registry = \"https://github.com/rust-lang/crates.io-index\"
|
||||||
|
replace-with = 'ustc'
|
||||||
|
[source.ustc]
|
||||||
|
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
|
||||||
|
EOF"
|
||||||
|
|
||||||
|
- name: Build dependencies
|
||||||
|
run: docker exec $ra_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
|
||||||
|
|
||||||
|
- name: Build source
|
||||||
|
run: docker exec $ra_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=y make install"
|
||||||
|
|
||||||
|
- name: Build and run remote attestation demo
|
||||||
|
run: docker exec $ra_test bash -c "cd /root/occlum/demos/remote_attestation/dcap; ./run_dcap_quote_on_occlum.sh"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user