add swtpm demo

add tss script
2023-07-20 11:18:02 +01:00 · 2023-07-20 11:18:02 +01:00 · b0989b6d46
commit b0989b6d46
parent 111230618c
7 changed files with 153 additions and 0 deletions
--- a/.github/workflows/demo_test.yml
+++ b/.github/workflows/demo_test.yml
@ -871,3 +871,26 @@ jobs:

    - name: Run runtime boot instance
      run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/runtime_boot/boot_instance && occlum run /bin/occlum_bash_test.sh"
+
+  Swtpm_test:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v1
+      with:
+        submodules: true
+
+    - uses: ./.github/workflows/composite_action/sim
+      with:
+        container-name: ${{ github.job }}
+        build-envs: 'OCCLUM_RELEASE_BUILD=1'
+
+    - name: download and build swtpm
+      run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/swtpm; ./install_swtpm.sh"
+
+    - name: Run swtpm server
+      run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/swtpm && SGX_MODE=SIM ./run_swtpm.sh" & 
+
+    - name: download tss and run a test
+      run: |
+        sleep ${{ env.nap_time }};
+        docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/swtpm; ./run_client.sh"
--- a/demos/README.md
+++ b/demos/README.md
@ -28,6 +28,7 @@ This set of demos shows how real-world apps can be easily run inside SGX enclave
 * [redis](redis/): A demo of [Redis](https://redis.io).
 * [sofaboot](sofaboot/): A demo of [SOFABoot](https://github.com/sofastack/sofa-boot), an open source Java development framework based on Spring Boot.
 * [sqlite](sqlite/) A demo of [SQLite](https://www.sqlite.org) SQL database engine.
+* [swtpm](swtpm/) A demo of [SWTPM](https://github.com/stefanberger/swtpm) Software Trusted Platform Module (TPM) Emulator.
 * [tensorflow](tensorflow/tensorflow_training): A demo of [TensorFlow](https://www.tensorflow.org/) MNIST classification training.
 * [tensorflow_lite](tensorflow_lite/): A demo and benchmark of [TensorFlow Lite](https://www.tensorflow.org/lite) inference engine.
 * [tensorflow_serving](tensorflow/tensorflow_serving): A demo of [TensorFlow Serving](https://github.com/tensorflow/serving) 
--- a/demos/swtpm/README.md
+++ b/demos/swtpm/README.md
@ -0,0 +1,40 @@
+# Run SWTPM on Occlum
+
+[`SWTPM`](https://github.com/stefanberger/swtpm) is a widely used open-source software-based Trusted Platform  Module (TPM) emulator based on [`Libtpms`](https://github.com/stefanberger/libtpms). This project demonstrates how SWTPM can be used in SGX enclave using Occlum.
+
+Step 1: Download and install SWTPM
+```
+./install_swtpm.sh
+```
+This command downloads Libtpms and SWTPM source code and builds from it.
+When completed, all SWTPM related binaries and tools are installed.
+
+Step 2: Run SWTPM
+```
+./run_swtpm.sh
+```
+This command initializes and runs the SWTPM in SGX.
+
+When completed, the server starts to wait for TPM Software Stack (TSS). SWTPM is compatible with all type of TSS. For more information on TSS, check [`IBM's TPM2.0 TSS`](https://sourceforge.net/p/ibmtpm20tss/tss/ci/master/tree/) or [`TCG TPM2 TSS`](https://github.com/tpm2-software/tpm2-tss).
+
+
+(Optional) Step 3: Test with [`IBM's TPM2.0 TSS`](https://sourceforge.net/p/ibmtpm20tss/tss/ci/master/tree/)
+```
+./run_client.sh
+```
+This command first install TSS and specifies the TPM ports. Next, it starts the TPM and runs getrandom function to create a random number of 128 Bytes. The output is similar to as given below.
+
+ ```
+ d5 7b b6 98 ce 93 c1 55 66 0d 90 d0 24 ae fc 3a 
+ 89 09 00 a7 ea d3 ca c8 4d 40 46 60 53 21 00 0a 
+ eb a7 eb ef 13 3e 0a de df 29 85 8c 50 34 c0 0c 
+ 2a 9e 74 e4 50 65 c2 30 16 eb e8 e3 a2 74 a9 7c 
+ 84 06 7c 0f 4e 10 1c 0c 80 fb a7 1c 0b ba 13 d7 
+ de 25 e0 44 2f 22 75 76 70 87 e0 a3 c5 bb 28 5c 
+ df 26 a5 92 48 e2 3a e5 77 ce 76 df 76 84 3a 6a 
+ b7 97 33 94 8d 57 2e 90 b5 61 89 cb 62 ed ce 09
+```
+
+
+
+
--- a/demos/swtpm/install_swtpm.sh
+++ b/demos/swtpm/install_swtpm.sh
@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -e
+script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}"  )" >/dev/null 2>&1 && pwd )"
+
+# Prepare environment
+DEPS="git gcc-multilib fuse automake autoconf libtool make gcc libc-dev libssl-dev libc6-dev libgmp-dev libnspr4-dev libnss3-dev pkg-config libfuse-dev libglib2.0-dev expect libtasn1-dev socat tpm-tools python3-twisted gnutls-dev gnutls-bin libjson-glib-dev libseccomp-dev gawk net-tools build-essential devscripts equivs"
+
+apt-get update
+apt-get install -y ${DEPS}
+
+# 1. Init occlum workspace
+[ -d occlum_instance ] || occlum new occlum_instance
+
+# 2. Install libtpms and swtpm to specified position
+[ -d $script_dir/libtpms ] || mkdir $script_dir/libtpms && 
+	cd $script_dir/libtpms && 
+	git clone https://github.com/stefanberger/libtpms.git . &&
+	./autogen.sh --with-openssl --prefix=/usr --with-tpm2 &&
+	make &&
+	make check &&
+	make install &&
+	cd ..
+
+[ -d $script_dir/swtpm ] || mkdir $script_dir/swtpm && 
+	cd $script_dir/swtpm && 
+	git clone https://github.com/stefanberger/swtpm.git . &&
+    ./autogen.sh --prefix=/usr &&
+	make &&
+	make check &&
+	make install
+
--- a/demos/swtpm/run_client.sh
+++ b/demos/swtpm/run_client.sh
@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Download and install TSS
+wget https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss1.5.0.tar.gz/download -O ibmtss1.5.0.tar.gz
+mkdir ibmtss
+cd ibmtss
+tar zxvf ../ibmtss1.5.0.tar.gz
+cd utils
+make -f makefiletpmc
+
+
+# Set the TPM variables for TSS
+export TPM_COMMAND_PORT=2321 TPM_PLATFORM_PORT=2322 TPM_SERVER_NAME=localhost TPM_INTERFACE_TYPE=socsim TPM_SERVER_TYPE=raw
+
+
+# Start the TPM and test
+./startup
+./getrandom -by 128
--- a/demos/swtpm/run_swtpm.sh
+++ b/demos/swtpm/run_swtpm.sh
@ -0,0 +1,24 @@
+#!/bin/bash
+set -e
+
+BLUE='\033[1;34m'
+NC='\033[0m'
+
+[ -d /bin/myvtpm ] ||  mkdir /bin/myvtpm
+cd occlum_instance && rm -rf image
+copy_bom -f ../swtpm.yaml --root image --include-dir /opt/occlum/etc/template
+
+new_json="$(jq '.resource_limits.user_space_size = "800MB" |
+        .resource_limits.kernel_space_heap_size = "600MB"|
+        .env.default += ["LD_LIBRARY_PATH=/bin/:/opt/occlum/glibc/lib/"] ' Occlum.json)" && \
+echo "${new_json}" > Occlum.json
+
+# Build Occlum
+echo -e "${BLUE}Occlum build swtpm${NC}"
+occlum build
+
+# Run the python demo
+echo -e "${BLUE}Occlum start swtpm${NC}"
+
+occlum run /bin/swtpm socket --tpmstate dir=/bin/myvtpm --tpm2 --ctrl type=tcp,port=2322,bindaddr=0.0.0.0 --server type=tcp,port=2321,bindaddr=0.0.0.0 --flags not-need-init --seccomp action=none
+
--- a/demos/swtpm/swtpm.yaml
+++ b/demos/swtpm/swtpm.yaml
@ -0,0 +1,15 @@
+includes:
+  - base.yaml
+# copy directories 
+targets:
+  - target: /bin
+    copy:
+      - dirs:
+         - /usr/bin/
+         - /usr/lib/swtpm/
+         - ../libtpms/src/.libs/
+         - /usr/lib/x86_64-linux-gnu/
+  - target: /bin/myvtpm
+    copy:
+      - dirs:
+         - /bin/myvtpm