general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,450 Commits 3 Branches 0 Tags 8.1 MiB
9c510dbaf5
Commit Graph

275 Commits

Author SHA1 Message Date
Zheng, Qi
a270eb4af1 Build and install dcap lib when make submodule 
This reverts commit 4c99c875e7bddec85431ddb883adea58b7e530cd.
 2022-02-11 11:10:02 +08:00
Zheng, Qi
4c99c875e7 [dockerfiles] Install dcap lib in Occlum docker images 2022-02-09 10:27:44 +08:00
Zheng, Qi
637dc73b1b Add dcap library into Occlum prebuilt toolchains 2022-02-09 10:27:44 +08:00
zongmin.gu
39f268891e Update the docker file for SGX SDK 2.15.1 2021-12-06 19:19:53 +08:00
Zheng, Qi
7db9d9b955 Add SGX KSS support 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-12-06 15:46:34 +08:00
Zheng, Qi
d21bcf245e Install openjdk 8 to occlum toolchain 2021-12-06 13:47:27 +08:00
Hui, Chunyang
17e86e87d0 Fix building CI image for TF serving and Openvino 2021-11-08 19:15:00 +08:00
Hui, Chunyang
edaf2374b0 Support building CI image for different branches 2021-11-08 19:15:00 +08:00
Zheng, Qi
28baa5b080 Make sure replacing ':' with '\:' in Makefile targets 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-11-03 14:54:27 +08:00
Zheng, Qi
e24a9944e3 Make sure bash is built as PIE 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-11-03 08:12:42 +08:00
zongmin.gu
b4d89f6c77 Update CentOS base image 2021-10-22 17:16:52 +08:00
Shuocheng Wang
25006ee673 Add clang dependency to docker file 2021-10-22 17:16:52 +08:00
Zheng, Qi
a825499d47 Update busybox to support new glibc (>2.31) 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-22 17:16:52 +08:00
Zheng, Qi
b79adca20d Update dockerfile to build busybox into toolchain 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-17 16:48:48 +08:00
Zheng, Qi
2d351c9d31 Add occlum busybox prebuild script into toolchain 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-10-17 16:48:48 +08:00
zongmin.gu
c49e3d8027 Use Intel IPP in SGX SDK 2021-10-01 08:29:25 +08:00
zongmin.gu
7286c0c02c Update with SGX SDK 2.14 2021-10-01 08:29:25 +08:00
Hui, Chunyang
a0453f1262 Add capabilities of building grpc CI image from different branches 2021-09-26 21:06:02 +08:00
jianfengjiang
f0793b0d30 implement autodep for copydirs 2021-09-24 19:02:26 +08:00
Zheng, Qi
aeca3cd5cb Update aliyunlinux sgx rpm source 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-09-23 19:33:36 +08:00
Zheng, Qi
ea67f50fc2 Add building bash into occlum docker image 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-09-23 19:33:36 +08:00
Zheng, Qi
6a8815706d Add bash build script for both occlum-gcc and gcc 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-09-23 19:33:36 +08:00
jianfengjiang
d598f36700 Modify flink demo with copy_bom 2021-09-23 15:42:15 +08:00
jianfengjiang
4a69b58479 Infer default dynamic loader 2021-09-23 15:42:15 +08:00
jianfengjiang
9a85361e35 Modify demos to enable autodep without creating softlinks 2021-09-23 15:42:15 +08:00
jianfengjiang
0fa5f434cc Enhance autodep with LD_LIBRARY_PATH 2021-09-23 15:42:15 +08:00
jianfengjiang
ff986cce1f Use structOpt to replace clap 2021-09-23 15:42:15 +08:00
Zheng, Qi
2795b8672f Use toolchains from the git clone source instead of from the local path 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-09-22 19:39:47 +08:00
Zheng, Qi
36990fc97c Remove obsolete dockerfiles 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-09-22 12:54:39 +08:00
jiangjianfeng
da4669b8c4 Modify java demo with copy_bom 2021-09-17 15:50:15 +08:00
jiangjianfeng
f8abcd9a1f Modify hello_cc demo with copy_bom 2021-09-17 15:50:15 +08:00
jiangjianfeng
31ee9ea404 Add real file operations 2021-09-17 15:50:15 +08:00
jiangjianfeng
9c2005348a Remove redundant operations 2021-09-17 15:50:15 +08:00
jiangjianfeng
f5a5de669b Find dependencies for each elf file 2021-09-17 15:50:15 +08:00
jiangjianfeng
e47a0673e0 Resolve environmental variables in bom file 2021-09-17 15:50:15 +08:00
jiangjianfeng
53d1d0010d Add operations to manage NormalFile 2021-09-17 15:50:15 +08:00
jiangjianfeng
d2656a3571 Add operations to manage Source. 
Source represents operations with the same source directory.
 2021-09-17 15:50:15 +08:00
jiangjianfeng
66997b2852 Add operations to manage Target. 
Target represents operations with the same destination.
 2021-09-17 15:50:15 +08:00
jiangjianfeng
6f81a58a03 Find all included bom files recursively 2021-09-17 15:50:15 +08:00
jiangjianfeng
614b958082 Add basic operations to manage structure Bom 2021-09-17 15:50:15 +08:00
jiangjianfeng
c172b2be5c Add structures to store the content of bom file 2021-09-17 15:50:15 +08:00
jiangjianfeng
6a0435d9b6 Define error numbers 2021-09-17 15:50:15 +08:00
jiangjianfeng
33d074e280 Parse command line options 2021-09-17 15:50:15 +08:00
Zheng, Qi
69d3d3fca2 Fix the error when building glibc with gcc 9 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-09-16 16:32:51 +08:00
zongmin.gu
dd8231c8a2 Update the openanolis URL in alinux3 docker file 2021-09-15 14:49:25 +08:00
zongmin.gu
cb18a03deb Add rsync into the docker image 2021-09-15 14:49:25 +08:00
ClawSeven
136c2cca95 Seperate ssl generation with environment preparation 2021-09-03 18:42:50 +08:00
ClawSeven
ed3641a66a Optimize tensorflow_serving workflow 2021-08-16 16:58:03 +08:00
Zheng, Qi
f73d417847 Make it accordance for occlum package name and extracted dir name 
For example, in occlum_instance dir, do "occlum package occlum_test".
After extracting the occlum_test.tar.gz, we will get "occlum_test"
instead of "occlum_instance".

Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-08-11 20:01:56 +08:00
Zheng, Qi
05d4c7d7db Add similation and debug mode occlum package check and support 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
 2021-08-07 20:44:19 +08:00
LI Qing
42bed8d338 Remove the mount config for tmp dir 2021-08-03 19:45:56 +08:00
Hui, Chunyang
dc67dfb9aa Re-enable aliyunlinux 3 image as default aliyunlinux image 2021-07-23 14:03:33 +08:00
Hui, Chunyang
fe74bb91dd Fix deb package building error and add extra checks for version 2021-07-19 19:08:01 +08:00
LI Qing
1c625f53b8 Remove the cpu online file from image 2021-07-14 11:00:42 +08:00
Hui, Chunyang
04c3f485dc Add aliyunlinux 3 docker image support 2021-07-09 16:00:16 +08:00
LI Qing
1e24dcea6a Modify the protect-integrity tool to print result on file 2021-06-28 21:11:41 +08:00
Hui, Chunyang
2217cf83b9 Update Intel SGX SDK version to 2.13.3 2021-06-25 21:12:42 +08:00
Hui, Chunyang
eaf47d1662 Fix aliyunlinux image building and testing error 2021-06-15 15:27:14 +08:00
Hui, Chunyang
41bbb3763d Fix dockerfile error 
1. Make "bash" the default shell when building image
2. Add libarchive dependency for centos image
 2021-06-11 16:26:30 +08:00
zongmin.gu
3756f0658c Update rust-toolchain to nightly-2020-10-25 2021-06-04 11:59:11 +08:00
zongmin.gu
437b6245d3 Check AESM status with aesm socket file 2021-06-03 10:54:37 +08:00
Hui, Chunyang
a9850745f8 Add dockerfile for Aliyun Linux image 2021-05-18 20:55:22 +08:00
Hui, Chunyang
2a45fdd3b0 Fix occlum build "-f" option mistakenly rebuild other targets 
Remove "--always-remake" option and add "--no-builtin-rules" to avoid
mistakenly rebuild unwanted targets.

Fixed issue #430
 2021-05-17 12:05:36 +08:00
zongmin.gu
b2c0f5e647 Update golang version to 1.16.3 2021-04-16 09:34:26 +08:00
Nils Hanke
986620dd71 Add nano to Dockerfiles 2021-04-13 10:21:01 +08:00
LI Qing
64a980f529 Add time syscall and default localtime support 2021-03-26 16:56:57 +08:00
zongmin.gu
bcb3396622 Update the installer readme 2021-03-15 10:33:55 +08:00
zongmin.gu
27500f0461 Fix docker image for SGX1 HW 2021-03-15 10:33:32 +08:00
LI Qing
d81511ec8c Polish the docs and usage for the encrypted image 2021-03-11 11:34:53 +08:00
Hui, Chunyang
5db07a2029 Fix installer for new release 
This commit fixed three errors:
(1) Fix Github action virtual enironment out of free disk space
(2) Add "init" binary which is recently added for encrypted image
(3) Bypass "Missing build-id" error when RPM packaging
 2021-03-08 14:12:43 +08:00
zongmin.gu
17fcaf85e1 Bump version to 0.21.0 2021-03-03 16:07:51 +08:00
zongmin.gu
9af92f2ebf Update base image from CentOS 8.1 to CentOS 8.2 2021-03-03 16:07:51 +08:00
zongmin.gu
ad3b172506 Update docker file to use offical SGX 2.13 PSW and DCAP binaries 2021-03-03 16:07:51 +08:00
zongmin.gu
37f08da482 Remove sccache because the latest sccache does not work with nightly Rust 2021-03-03 16:07:51 +08:00
Hui, Chunyang
73dc43e03f Ignore AESM status for simulation mode 2021-03-02 16:31:13 +08:00
LI Qing
7deeccb03b Fix the error of demos with encrypted fs image 2021-03-02 13:25:36 +08:00
LI Qing
c3a02ffc28 Add support for the encrypted fs image 2021-03-01 16:45:01 +08:00
He Sun
cca7910c2f Add CI support for gVisor syscall test image 2021-01-22 13:22:41 +08:00
Hui, Chunyang
96bfe7eeae Fix gRPC and OpenVINO CI image demo location 2021-01-20 17:39:05 +08:00
LI Qing
0b51d83811 Add ProcFS 2021-01-20 12:42:00 +08:00
LI Qing
d6cd89f03b Add DevFS for device files 2021-01-20 11:40:39 +08:00
LI Qing
c27825c436 Add the check for AESM service before run 2021-01-08 13:23:36 +08:00
LI Qing
7c07457d1e Enhance the check before running an instance 2021-01-08 13:23:36 +08:00
Hui, Chunyang
29ba19c34f Add version dependencies for rpm and deb packages 2020-12-28 10:15:40 +08:00
Hui, Chunyang
5abfe64960 Rename installer to work with musl-gcc 2020-12-22 08:45:01 +08:00
He Sun
f1e5f574ca Add support for DCAP 
1. Five new ioctl commands of /dev/sgx are added for occlum
applications to securely get and verify DCAP quote;
2. Not all the functions of the intel DCAP package are open to
developers to simplify the DCAP usage;
3. The test may only run on the platform with DCAP driver installed;
4. A macro OCCLUM_DISABLE_DCAP is used to separate the DCAP code from
the other code.
5. Skip DCAP test when DCAP driver is not detected or in simulation mode
 2020-12-19 19:53:31 +08:00
LI Qing
81c53a7097 Fix the "occlum init" command's failure on CentOS 2020-12-19 19:53:31 +08:00
He Sun
ea1272f69a Update the lcov source for centos docker image 2020-12-19 19:53:31 +08:00
He Sun
ba48e65428 Install lcov in occlum docker images 
Lcov will be used for code coverage generation.
 2020-12-17 16:42:11 +08:00
LI Qing
22b02850a3 Add Glibc as an optional libc and fix test cases 2020-12-16 19:21:22 +08:00
Hui, Chunyang
ea64939cac Fix json parse debuggable flag 2020-12-02 13:29:41 +08:00
Hui, Chunyang
9c3f595f0e Add support for building docker image with specific Occlum branch 2020-11-20 09:24:24 +08:00
zongmin.gu
9504e8f681 Enable optimized string and math lib in Occlum 2020-11-17 14:42:39 +08:00
He Sun
0bb8f5922e Use sccache to accelerate Rust build 2020-11-05 21:54:57 +08:00
Hui, Chunyang
8d1e1838d3 Fix package build errors 
1. Fix repeatedly linking dynamic libraries for occlum-run
2. Fix gcc toolchain deb package build error
3. Remove redundant file from installer file list
4. Change symlink target path to relative path
 2020-10-22 16:47:47 +08:00
Hui, Chunyang
8fbd6295bf Add Golang installer 2020-10-14 13:17:58 +08:00
Hui, Chunyang
f4e1352b41 Add Python demo CI 2020-10-13 16:06:02 +08:00
Hui, Chunyang
4269395f1d Remove python from Occlum commands 2020-10-10 14:59:42 +08:00
Hui, Chunyang
b97f903bf9 Get rid of occlum-gen-default-occlum-json script 
Integrate it with previous gen_enclave_conf and rename to gen_internal_conf which
are now used generate both internal Occlum.json and Enclave.xml
 2020-10-10 14:59:42 +08:00
Hui, Chunyang
1f6fc3d27a Fix copy softlink for make install and deb installer 2020-09-29 18:06:04 +08:00
Hui, Chunyang
ce147df2c9 Enable TFLite and OpenVINO test for CI and add CI image build action 2020-09-29 16:51:38 +08:00
LI Qing
5e1635e2b8 Change the calling interface with sefs-cli 2020-09-25 16:34:07 +08:00
zongmin.gu
b28aee68b7 Upgrade Intel SGX SDK to 2.11 and Rust SGX SDK accordingly 2020-09-18 15:39:58 +08:00
Hui, Chunyang
668b825ef4 Remove OCCLUM_RELEASE_ENCLAVE env from user commands 
Also fix a bug for deployment environment.
 2020-09-18 12:39:12 +08:00
Hui, Chunyang
bfc0576ee7 Add "occlum package" command 2020-09-18 12:39:12 +08:00
LI Qing
ec9ffed1b0 Add "occlum mount" command to mount the secure FS 2020-09-18 12:39:12 +08:00
He Sun
44583e15be Add default /etc/hosts during occlum init 2020-09-18 12:39:12 +08:00
Hui, Chunyang
c6d4a34b7f Modify rpm installer to align with current intallation structure 2020-09-18 12:39:12 +08:00
Hui, Chunyang
1310eb9363 Add DEB installer for Occlum and C/C++ toolchains 2020-09-18 12:39:12 +08:00
Hui, Chunyang
617f75904f Install occlum needed sgx-sdk tools to occlum dir 
When installers are used, sgx-sdk of Occlum version could have conflicts with official sgx-sdk.
This patch will make sure Occlum command use Occlum specific sgx-sdk.
Also add symbolic links to PAL library of hardware mode when installing.
 2020-09-18 12:39:12 +08:00
LI Qing
a151198d11 Fix the golang demo's failure to run 2020-08-26 10:45:04 +08:00
Tate, Hongliang Tian
ccb5e6bef4 Bump version to 0.15.1 2020-08-21 00:19:57 +08:00
Hui, Chunyang
dcad3ea1d9 Fix make error when image file name has space 2020-08-20 17:01:47 +08:00
Hui, Chunyang
89c292e2df Fix some dependency errors when running on CentOS 8 2020-08-19 10:40:04 +00:00
He Sun
33e840143a Add Dockerfile based on CentOS 8.1 2020-08-17 22:28:03 +08:00
Tate, Hongliang Tian
3e3a1955af Bump version to 0.15.0 2020-08-15 19:19:53 +08:00
Hui, Chunyang
9435b1a196 Add RPM installer for Occlum and C/C++ toolchains 2020-08-15 19:12:40 +08:00
LI Qing
cd5cc0cb5c Update Java toolchains 
1. Replace the OpenJDK with an unmodified OpenJDK from Alpine Linux
2. Add Alibaba Dragonwell as the default JDK for the Java demos
 2020-08-15 19:12:39 +08:00
Hui, Chunyang
66e5cefec2 Add "occlum new" command 2020-08-15 19:12:39 +08:00
Hui, Chunyang
85501d8993 Improve implementation for occlum build 
This commit mainly accomplish two things:
1. Use makefile to manage dependencies for `occlum build`, which can save lots of time
2. Take dirs `build`, `run` outside from `.occlum`. Remove env var "OCCLUM_INSTANCE_DIR"
 2020-08-15 19:12:39 +08:00
LI Qing
3f6bcec1c5 Substitute ramFS with a temporary SEFS at "/tmp" 2020-08-15 19:12:39 +08:00
Hui, Chunyang
259c485427 Use new build directory arch 2020-08-11 13:47:17 +08:00
Tate, Hongliang Tian
5e8f997d4d Make PIE the default mode for Go toolchain 
Occlum-compatible executable binaries must be Position-Independent
Executable (PIE). Previously, to build such binaries, the users need to
explicitly give `-buildmode=pie` flag to `occlum-go`. Apparently, this
is error-prone. This commit sets `-buildmode=pie` by default for `occlum-go`.

In addition, this commit upgrades the Go version to 1.13.7.
 2020-08-11 05:35:43 +00:00
LI Qing
572873d9a4 Enable UnionFS 2020-07-23 21:40:34 +08:00
LI Qing
1f30d75713 Add Java demo 2020-07-17 17:35:24 +00:00
LI Qing
81eb364c5b Install zlib in occlum-gcc toolchians 2020-07-17 17:31:41 +00:00
zongmin.gu
c7e225a4eb Fix the centos version 
When user cat /etc/system-release, user would know the centos version. It should be 7.5
 2020-07-17 16:39:02 +08:00
zongmin.gu
3382a68807 Fix docker image build failure 2020-07-11 20:35:21 +08:00
Hui, Chunyang
406f30ec7a Polish build and install process 
Remove redundent files and make processes for SGX simulation mode and hardware mode.
 2020-07-08 11:51:33 +00:00
Hui, Chunyang
6909629241 Add Occlum version for dynamic libraries 2020-06-22 07:36:03 +00:00
He Sun
28440b0d69 Build in the MAC of the occlum configuration file with objcopy 
1. Objcopy the MAC of Occlum.json to libocclum-libos.so before signature
during occlum build.
2. Remove the files and codes no longer used.
 2020-06-13 03:33:32 +00:00
He Sun
f020fed2ae Use Intel SGX SDK reserved memory as the user space memory 2020-06-13 03:33:32 +00:00
zongmin.gu
942321363d Combine the enclave configuration into the occlum configuration file 
Update the occlum.json to align with the gen_enclave_conf design.
Below is the two updated structures:
   "metadata": {
        "product_id": 0,
        "version_number": 0,
        "debuggable": true
    },
    "resource_limits": {
        "max_num_of_threads": 32,
        "kernel_space_heap_size": "32MB",
        "kernel_space_stack_size": "1MB",
        "user_space_size": "256MB"
    }
 2020-06-05 11:03:47 +08:00
LI Qing
9b611e5f00 Update musl to v1.1.24 2020-06-02 05:39:29 +00:00
Hui, Chunyang
c1911e6585 Add demo for shell (FISH) script 2020-05-28 19:55:09 +08:00
Hui, Chunyang
5b695c9539 Format c/c++ files in src, tools and test 2020-05-27 07:09:18 +00:00
Hui, Chunyang
03ba13aec7 Add "make format" and "make format-check" to check format for c/c++ files 2020-05-27 07:08:59 +00:00
He Sun
b29aa1d6d0 Add the Occlum-compatible Rust toolchains and a demo 2020-05-22 14:36:11 +08:00
LI Qing
f193f271a4 Update docker file for CentOS 2020-05-21 02:14:00 +00:00
LI Qing
6d72e10fc1 Add Golang toolchain and the demo 
This commit provides a modified Go runtime in Docker image.
Now we can build a Go program using `occlum-go`, then run it
in SGX enclaves by Occlum.
The Golang demo demonstrates how to build and run a web server
program written in Go.
 2020-05-15 03:02:42 +00:00
Zongmin
0c3466f4ad Add three new occlum commands: start, exec and stop 
Usage:
//start the occlum server
occlum start

//execute the command inside occlum
occlum exec [cmd] [-- <args>]

//stop the occlum server
occlum stop
 2020-05-15 03:02:42 +00:00
Hui, Chunyang
255f277f30 Build Occlum tools in SGX simulation mode by default 2020-05-15 03:02:42 +00:00
Zongmin
a6d97d5b4f Update the sdk version to 2.9.1 
Fix std::alloc::Alloc not found
The lastest Rust changes the trait to std::alloc::AllocRef.

Update the docker files to support sgx 2.9.1

Remove the compilerRT dependency for rust sdk update
 2020-05-15 03:02:42 +00:00
Hui, Chunyang
6a17e6292c Add support for user specified instance dir name 
The default instance dir of Occlum is ".occlum". User now can specify the name
by declaring environment variable "OCCLUM_INSTANCE_DIR"
 2020-05-15 02:59:16 +00:00
Tate, Hongliang Tian
60b1e2c28d Make the command line tool more robust 
The CLI tool is robust in the sense that it can handle the execution of
init/build/run/gdb commands in any order (as long as the commands are invoked
sequentially, not concurrently).
 2020-04-02 10:51:03 +08:00
Hui,Chunyang
4ebedd9bf5 Improve simulation mode user experience 
Simulation mode and hardware mode can both work without rebuild Occlum.
 2020-03-07 09:44:49 +00:00
sanqian.hcy
b08f5b9ceb Add support for SGX simulation mode 
1. Use arch_prctl to replace RDFSBASE/WRFSBASE
Ptrace can't get right value if WRFSBASE is called which
will make debugger fail in simulation mode. Use arch_prctl
to replace these instructions in simulation mode.

2. Disable the busy thread in exit_group test
exit_group doesn't have a real implementation yet but test
under SGX simulation mode give core dump for exit_group test.
Disable the busy loop thread and the core dump disappear.

3. Add SDK lib path to LD_LIBRARY_PATH
Linker sometims can't find urts_sim and uae_service_sim when
running. Explicitly add path to LD_LIBRARY_PATH when running
occlum command.

Signed-off-by: sanqian.hcy <sanqian.hcy@antfin.com>
 2020-03-01 06:42:33 +00:00
LI Qing
045ea46e9f Extend CPUID emulation for Intel Celeron and newer Intel CPUs 2020-02-28 10:53:38 +00:00
LI Qing
bd56504b20 Add GDB support for apps running upon Occlum 
Please see the "gdb_support" in demos to find out how to
use GDB to debug your apps running upon Occlum.
 2020-02-14 07:52:45 +00:00
He Sun
cfa6532768 Fix bugs that fail CentOS Dockerfile 2020-02-14 06:19:48 +00:00