general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add swtpm demo

Browse Source 
add tss script
This commit is contained in:
Devki Jha 2023-07-20 11:18:02 +01:00 committed by volcano
parent 111230618c
commit b0989b6d46
7 changed files with 153 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.github/workflows/demo_test.yml vendored
View File

@ -871,3 +871,26 @@ jobs:
- name: Run runtime boot instance - name: Run runtime boot instance
run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/runtime_boot/boot_instance && occlum run /bin/occlum_bash_test.sh" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/runtime_boot/boot_instance && occlum run /bin/occlum_bash_test.sh"
Swtpm_test:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v1
with:
submodules: true
- uses: ./.github/workflows/composite_action/sim
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: download and build swtpm
run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/swtpm; ./install_swtpm.sh"
- name: Run swtpm server
run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/swtpm && SGX_MODE=SIM ./run_swtpm.sh" &
- name: download tss and run a test
run: |
sleep ${{ env.nap_time }};
docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/swtpm; ./run_client.sh"

1
demos/README.md
View File

@ -28,6 +28,7 @@ This set of demos shows how real-world apps can be easily run inside SGX enclave
* [redis](redis/): A demo of [Redis](https://redis.io). * [redis](redis/): A demo of [Redis](https://redis.io).
* [sofaboot](sofaboot/): A demo of [SOFABoot](https://github.com/sofastack/sofa-boot), an open source Java development framework based on Spring Boot. * [sofaboot](sofaboot/): A demo of [SOFABoot](https://github.com/sofastack/sofa-boot), an open source Java development framework based on Spring Boot.
* [sqlite](sqlite/) A demo of [SQLite](https://www.sqlite.org) SQL database engine. * [sqlite](sqlite/) A demo of [SQLite](https://www.sqlite.org) SQL database engine.
* [swtpm](swtpm/) A demo of [SWTPM](https://github.com/stefanberger/swtpm) Software Trusted Platform Module (TPM) Emulator.
* [tensorflow](tensorflow/tensorflow_training): A demo of [TensorFlow](https://www.tensorflow.org/) MNIST classification training. * [tensorflow](tensorflow/tensorflow_training): A demo of [TensorFlow](https://www.tensorflow.org/) MNIST classification training.
* [tensorflow_lite](tensorflow_lite/): A demo and benchmark of [TensorFlow Lite](https://www.tensorflow.org/lite) inference engine. * [tensorflow_lite](tensorflow_lite/): A demo and benchmark of [TensorFlow Lite](https://www.tensorflow.org/lite) inference engine.
* [tensorflow_serving](tensorflow/tensorflow_serving): A demo of [TensorFlow Serving](https://github.com/tensorflow/serving) * [tensorflow_serving](tensorflow/tensorflow_serving): A demo of [TensorFlow Serving](https://github.com/tensorflow/serving)

40
demos/swtpm/README.md Normal file
View File

@ -0,0 +1,40 @@
# Run SWTPM on Occlum
[`SWTPM`](https://github.com/stefanberger/swtpm) is a widely used open-source software-based Trusted Platform Module (TPM) emulator based on [`Libtpms`](https://github.com/stefanberger/libtpms). This project demonstrates how SWTPM can be used in SGX enclave using Occlum.
Step 1: Download and install SWTPM
```
./install_swtpm.sh
```
This command downloads Libtpms and SWTPM source code and builds from it.
When completed, all SWTPM related binaries and tools are installed.
Step 2: Run SWTPM
```
./run_swtpm.sh
```
This command initializes and runs the SWTPM in SGX.
When completed, the server starts to wait for TPM Software Stack (TSS). SWTPM is compatible with all type of TSS. For more information on TSS, check [`IBM's TPM2.0 TSS`](https://sourceforge.net/p/ibmtpm20tss/tss/ci/master/tree/) or [`TCG TPM2 TSS`](https://github.com/tpm2-software/tpm2-tss).
(Optional) Step 3: Test with [`IBM's TPM2.0 TSS`](https://sourceforge.net/p/ibmtpm20tss/tss/ci/master/tree/)
```
./run_client.sh
```
This command first install TSS and specifies the TPM ports. Next, it starts the TPM and runs getrandom function to create a random number of 128 Bytes. The output is similar to as given below.
```
d5 7b b6 98 ce 93 c1 55 66 0d 90 d0 24 ae fc 3a
89 09 00 a7 ea d3 ca c8 4d 40 46 60 53 21 00 0a
eb a7 eb ef 13 3e 0a de df 29 85 8c 50 34 c0 0c
2a 9e 74 e4 50 65 c2 30 16 eb e8 e3 a2 74 a9 7c
84 06 7c 0f 4e 10 1c 0c 80 fb a7 1c 0b ba 13 d7
de 25 e0 44 2f 22 75 76 70 87 e0 a3 c5 bb 28 5c
df 26 a5 92 48 e2 3a e5 77 ce 76 df 76 84 3a 6a
b7 97 33 94 8d 57 2e 90 b5 61 89 cb 62 ed ce 09
```

32
demos/swtpm/install_swtpm.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/bash
set -e
script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
# Prepare environment
DEPS="git gcc-multilib fuse automake autoconf libtool make gcc libc-dev libssl-dev libc6-dev libgmp-dev libnspr4-dev libnss3-dev pkg-config libfuse-dev libglib2.0-dev expect libtasn1-dev socat tpm-tools python3-twisted gnutls-dev gnutls-bin libjson-glib-dev libseccomp-dev gawk net-tools build-essential devscripts equivs"
apt-get update
apt-get install -y ${DEPS}
# 1. Init occlum workspace
[ -d occlum_instance ] || occlum new occlum_instance
# 2. Install libtpms and swtpm to specified position
[ -d $script_dir/libtpms ] || mkdir $script_dir/libtpms &&
cd $script_dir/libtpms &&
git clone https://github.com/stefanberger/libtpms.git . &&
./autogen.sh --with-openssl --prefix=/usr --with-tpm2 &&
make &&
make check &&
make install &&
cd ..
[ -d $script_dir/swtpm ] || mkdir $script_dir/swtpm &&
cd $script_dir/swtpm &&
git clone https://github.com/stefanberger/swtpm.git . &&
./autogen.sh --prefix=/usr &&
make &&
make check &&
make install

18
demos/swtpm/run_client.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
# Download and install TSS
wget https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss1.5.0.tar.gz/download -O ibmtss1.5.0.tar.gz
mkdir ibmtss
cd ibmtss
tar zxvf ../ibmtss1.5.0.tar.gz
cd utils
make -f makefiletpmc
# Set the TPM variables for TSS
export TPM_COMMAND_PORT=2321 TPM_PLATFORM_PORT=2322 TPM_SERVER_NAME=localhost TPM_INTERFACE_TYPE=socsim TPM_SERVER_TYPE=raw
# Start the TPM and test
./startup
./getrandom -by 128

24
demos/swtpm/run_swtpm.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/bash
set -e
BLUE='\033[1;34m'
NC='\033[0m'
[ -d /bin/myvtpm ] || mkdir /bin/myvtpm
cd occlum_instance && rm -rf image
copy_bom -f ../swtpm.yaml --root image --include-dir /opt/occlum/etc/template
new_json="$(jq '.resource_limits.user_space_size = "800MB" |
.resource_limits.kernel_space_heap_size = "600MB"|
.env.default += ["LD_LIBRARY_PATH=/bin/:/opt/occlum/glibc/lib/"] ' Occlum.json)" && \
echo "${new_json}" > Occlum.json
# Build Occlum
echo -e "${BLUE}Occlum build swtpm${NC}"
occlum build
# Run the python demo
echo -e "${BLUE}Occlum start swtpm${NC}"
occlum run /bin/swtpm socket --tpmstate dir=/bin/myvtpm --tpm2 --ctrl type=tcp,port=2322,bindaddr=0.0.0.0 --server type=tcp,port=2321,bindaddr=0.0.0.0 --flags not-need-init --seccomp action=none

15
demos/swtpm/swtpm.yaml Normal file
View File

@ -0,0 +1,15 @@
includes:
- base.yaml
# copy directories
targets:
- target: /bin
copy:
- dirs:
- /usr/bin/
- /usr/lib/swtpm/
- ../libtpms/src/.libs/
- /usr/lib/x86_64-linux-gnu/
- target: /bin/myvtpm
copy:
- dirs:
- /bin/myvtpm