Add remote attestation HW demo test

Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
2021-09-17 16:06:07 +08:00 · 2021-09-17 16:06:07 +08:00 · acb750b5e4
commit acb750b5e4
parent 339f25a84b
1 changed files with 59 additions and 0 deletions
--- a/.github/workflows/hw_mode_test.yml
+++ b/.github/workflows/hw_mode_test.yml
@ -1042,3 +1042,62 @@ jobs:
    - name: Clean the environment
      if: ${{ always() }}
      run: docker stop $tf_serving_test
+
+  Remote_attestation_test:
+    if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
+    runs-on: ${{ matrix.self_runner }}
+    strategy:
+      matrix:
+        self_runner: [[self-hosted, SGX2-HW]]
+
+    steps:
+    - name: Clean before running
+      run: |
+        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
+
+    - name: Checkout code
+      if: github.event_name == 'push'
+      uses: actions/checkout@v2
+      with:
+        submodules: true
+
+    - name: Checkout code from fork
+      if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
+      uses: actions/checkout@v2
+      with:
+        ref: refs/pull/${{ github.event.pull_request.number }}/merge
+        submodules: true
+
+    - name: Get Occlum version
+      run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV;
+
+    - name: Create container
+      run: |
+        if [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
+          ra_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
+        else
+          echo "Unsupported Hardware"
+        fi;
+        echo "ra_test=$ra_test" >> $GITHUB_ENV
+
+    - name: Update PCCS server
+      run: docker exec $ra_test bash -c "sed -r -i 's/PCCS_URL=https:\/\/localhost:8081\/sgx\/certification\/v3\//PCCS_URL=https:\/\/sgx-dcap-server.cn-shanghai.aliyuncs.com\/sgx\/certification\/v3\//g' /etc/sgx_default_qcnl.conf"
+
+    - name: Change download source of crates.io
+      run: |
+        docker exec $ra_test bash -c "cat <<- EOF >/root/.cargo/config
+        [source.crates-io]
+        registry = \"https://github.com/rust-lang/crates.io-index\"
+        replace-with = 'ustc'
+        [source.ustc]
+        registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
+        EOF"
+
+    - name: Build dependencies
+      run: docker exec $ra_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
+
+    - name: Build source
+      run: docker exec $ra_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=y make install"
+
+    - name: Build and run remote attestation demo
+      run: docker exec $ra_test bash -c "cd /root/occlum/demos/remote_attestation/dcap; ./run_dcap_quote_on_occlum.sh"