Compare commits
10 Commits
89b104d783
...
c3bd5c05be
Author | SHA1 | Date | |
---|---|---|---|
c3bd5c05be | |||
8da971f886 | |||
2fda445fb8 | |||
|
c527430f20 | ||
|
d561c140bd | ||
|
bb50ab7652 | ||
|
b38deb14ff | ||
|
bb48c63339 | ||
|
2d80821665 | ||
|
6620c8a428 |
@ -87,6 +87,10 @@ runs:
|
|||||||
- name: Configure Occlum features
|
- name: Configure Occlum features
|
||||||
run: |
|
run: |
|
||||||
if [[ "${{ matrix.self_runner[2] }}" == "EDMM" ]]; then
|
if [[ "${{ matrix.self_runner[2] }}" == "EDMM" ]]; then
|
||||||
docker exec ${{ env.CONTAINER_NAME }} bash -c "jq '.feature.enable_posix_shm = true | .feature.enable_edmm = true' /opt/occlum/etc/template/Occlum.json > /tmp.json && mv /tmp.json /opt/occlum/etc/template/Occlum.json"
|
if [[ "${{ matrix.self_runner[3] }}" == "IO_Uring" ]]; then
|
||||||
|
docker exec ${{ env.CONTAINER_NAME }} bash -c "jq '.feature.enable_posix_shm = true | .feature.enable_edmm = true | .feature.io_uring = 1' /opt/occlum/etc/template/Occlum.json > /tmp.json && mv /tmp.json /opt/occlum/etc/template/Occlum.json";
|
||||||
|
else
|
||||||
|
docker exec ${{ env.CONTAINER_NAME }} bash -c "jq '.feature.enable_posix_shm = true | .feature.enable_edmm = true' /opt/occlum/etc/template/Occlum.json > /tmp.json && mv /tmp.json /opt/occlum/etc/template/Occlum.json";
|
||||||
|
fi;
|
||||||
fi;
|
fi;
|
||||||
shell: bash
|
shell: bash
|
@ -25,7 +25,7 @@ runs:
|
|||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
- name: Create container
|
- name: Create container
|
||||||
run: docker run -itd --name=${{ inputs.container-name }} -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }}
|
run: docker run -itd --name=${{ inputs.container-name }} --privileged -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }}
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
- uses: ./.github/workflows/composite_action/prebuild
|
- uses: ./.github/workflows/composite_action/prebuild
|
||||||
@ -40,6 +40,14 @@ runs:
|
|||||||
run: docker exec ${{ inputs.container-name }} bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; ${{ inputs.build-envs}} make install"
|
run: docker exec ${{ inputs.container-name }} bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; ${{ inputs.build-envs}} make install"
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
|
# When there comes new features, the configuration should be enabled accordingly
|
||||||
|
- name: Configure Occlum features
|
||||||
|
run: |
|
||||||
|
if [[ "${{ matrix.features }}" == "IO_Uring" ]]; then
|
||||||
|
docker exec ${{ inputs.container-name }} bash -c "jq '.feature.io_uring = 1' /opt/occlum/etc/template/Occlum.json > /tmp.json && mv /tmp.json /opt/occlum/etc/template/Occlum.json";
|
||||||
|
fi;
|
||||||
|
shell: bash
|
||||||
|
|
||||||
- name: Remove occlum installation package
|
- name: Remove occlum installation package
|
||||||
run: docker exec ${{ inputs.container-name }} bash -c "cd /root/occlum; rm -rf ./build; rm -rf ./src; rm -rf ./deps"
|
run: docker exec ${{ inputs.container-name }} bash -c "cd /root/occlum; rm -rf ./build; rm -rf ./src; rm -rf ./deps"
|
||||||
shell: bash
|
shell: bash
|
||||||
|
127
.github/workflows/demo_test.yml
vendored
127
.github/workflows/demo_test.yml
vendored
@ -14,6 +14,9 @@ concurrency:
|
|||||||
jobs:
|
jobs:
|
||||||
C_cpp_rust_golang_embedded_mode_support_test:
|
C_cpp_rust_golang_embedded_mode_support_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -112,6 +115,9 @@ jobs:
|
|||||||
|
|
||||||
Java_support_test:
|
Java_support_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -146,6 +152,9 @@ jobs:
|
|||||||
|
|
||||||
Fish_test:
|
Fish_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -177,6 +186,9 @@ jobs:
|
|||||||
|
|
||||||
Bazel_test:
|
Bazel_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -213,6 +225,9 @@ jobs:
|
|||||||
|
|
||||||
Https_server_test:
|
Https_server_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -246,6 +261,9 @@ jobs:
|
|||||||
|
|
||||||
Local_attestation_test:
|
Local_attestation_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -275,6 +293,9 @@ jobs:
|
|||||||
|
|
||||||
Sqlite_test:
|
Sqlite_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -303,6 +324,9 @@ jobs:
|
|||||||
|
|
||||||
Xgboost_test:
|
Xgboost_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -334,6 +358,9 @@ jobs:
|
|||||||
|
|
||||||
Tensorflow_lite_test:
|
Tensorflow_lite_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -365,6 +392,9 @@ jobs:
|
|||||||
|
|
||||||
Pytorch_test:
|
Pytorch_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -393,6 +423,9 @@ jobs:
|
|||||||
|
|
||||||
Distributed_Pytorch_test:
|
Distributed_Pytorch_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -431,6 +464,9 @@ jobs:
|
|||||||
|
|
||||||
Tensorflow_test:
|
Tensorflow_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -460,6 +496,9 @@ jobs:
|
|||||||
# Below tests needs test image to run faster
|
# Below tests needs test image to run faster
|
||||||
Grpc_musl_test:
|
Grpc_musl_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -504,6 +543,9 @@ jobs:
|
|||||||
|
|
||||||
Grpc_glibc_test:
|
Grpc_glibc_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -552,6 +594,9 @@ jobs:
|
|||||||
|
|
||||||
Grpc_tls_test:
|
Grpc_tls_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -593,6 +638,9 @@ jobs:
|
|||||||
|
|
||||||
Openvino_test:
|
Openvino_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -630,6 +678,9 @@ jobs:
|
|||||||
# Python test also needs its own image because in Alpine environment, modules are built locally and consumes a lot of time.
|
# Python test also needs its own image because in Alpine environment, modules are built locally and consumes a lot of time.
|
||||||
Python_musl_support_test:
|
Python_musl_support_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -670,6 +721,9 @@ jobs:
|
|||||||
# Python glibc support test
|
# Python glibc support test
|
||||||
Python_glibc_support_test:
|
Python_glibc_support_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -706,6 +760,9 @@ jobs:
|
|||||||
# Redis test
|
# Redis test
|
||||||
Redis_support_test:
|
Redis_support_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -745,6 +802,9 @@ jobs:
|
|||||||
|
|
||||||
Flink_test:
|
Flink_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -797,6 +857,9 @@ jobs:
|
|||||||
|
|
||||||
Cluster_serving_test:
|
Cluster_serving_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -825,6 +888,9 @@ jobs:
|
|||||||
|
|
||||||
Enclave_RA_TLS_test:
|
Enclave_RA_TLS_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -859,6 +925,9 @@ jobs:
|
|||||||
|
|
||||||
Vault_test:
|
Vault_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -896,6 +965,9 @@ jobs:
|
|||||||
|
|
||||||
Sofaboot_test:
|
Sofaboot_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -936,6 +1008,9 @@ jobs:
|
|||||||
|
|
||||||
Netty_UT_test:
|
Netty_UT_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -961,12 +1036,24 @@ jobs:
|
|||||||
|
|
||||||
- name: Run netty unit test demo
|
- name: Run netty unit test demo
|
||||||
run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/netty_ut && SGX_MODE=SIM ./run_netty_ut_jdk8.sh"
|
run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/netty_ut && SGX_MODE=SIM ./run_netty_ut_jdk8.sh"
|
||||||
|
|
||||||
|
- name: Check netty unit demo results
|
||||||
|
run: |
|
||||||
|
if [[ "${{ matrix.features }}" == "IO_Uring" ]]; then
|
||||||
|
docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/netty_ut && cat netty-test-heap512m.log | grep '189 tests successful'";
|
||||||
|
else
|
||||||
|
docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/netty_ut && cat netty-test-heap512m.log | grep '190 tests successful'";
|
||||||
|
fi
|
||||||
|
shell: bash
|
||||||
|
|
||||||
- name: Clean Netty test
|
- name: Clean Netty test
|
||||||
run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos && rm -rf ./netty_ut"
|
run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos && rm -rf ./netty_ut"
|
||||||
|
|
||||||
Bash_test:
|
Bash_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -995,6 +1082,9 @@ jobs:
|
|||||||
|
|
||||||
Sysbench_test:
|
Sysbench_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -1027,6 +1117,9 @@ jobs:
|
|||||||
|
|
||||||
Gvisor_syscalls_test:
|
Gvisor_syscalls_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -1062,10 +1155,19 @@ jobs:
|
|||||||
run: docker exec $gvisor_test bash -c "git clone https://github.com/occlum/gvisor.git"
|
run: docker exec $gvisor_test bash -c "git clone https://github.com/occlum/gvisor.git"
|
||||||
|
|
||||||
- name: Run gvisor syscall test
|
- name: Run gvisor syscall test
|
||||||
run: docker exec $gvisor_test bash -c "cd /root/gvisor/occlum && SGX_MODE=SIM ./run_occlum_passed_tests.sh"
|
run: |
|
||||||
|
if [[ "${{ matrix.features }}" == "IO_Uring" ]]; then
|
||||||
|
docker exec $gvisor_test bash -c "cd /root/gvisor/occlum && SGX_MODE=SIM ./run_occlum_passed_tests.sh uring";
|
||||||
|
else
|
||||||
|
docker exec $gvisor_test bash -c "cd /root/gvisor/occlum && SGX_MODE=SIM ./run_occlum_passed_tests.sh";
|
||||||
|
fi;
|
||||||
|
shell: bash
|
||||||
|
|
||||||
Flask_tls_test:
|
Flask_tls_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -1108,6 +1210,9 @@ jobs:
|
|||||||
|
|
||||||
Iperf2_test:
|
Iperf2_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -1143,6 +1248,9 @@ jobs:
|
|||||||
|
|
||||||
Linux_LTP_test:
|
Linux_LTP_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -1175,6 +1283,9 @@ jobs:
|
|||||||
|
|
||||||
FIO_test:
|
FIO_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -1203,6 +1314,9 @@ jobs:
|
|||||||
|
|
||||||
PaddlePaddle_test:
|
PaddlePaddle_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -1231,6 +1345,9 @@ jobs:
|
|||||||
|
|
||||||
RuntimeBoot_test:
|
RuntimeBoot_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -1259,6 +1376,9 @@ jobs:
|
|||||||
|
|
||||||
Swtpm_test:
|
Swtpm_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- name: Remove unnecessary files
|
- name: Remove unnecessary files
|
||||||
run: |
|
run: |
|
||||||
@ -1293,6 +1413,9 @@ jobs:
|
|||||||
|
|
||||||
Filebench_test:
|
Filebench_test:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
features: [Legacy, IO_Uring]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v1
|
- uses: actions/checkout@v1
|
||||||
with:
|
with:
|
||||||
|
58
.github/workflows/hw_mode_test.yml
vendored
58
.github/workflows/hw_mode_test.yml
vendored
@ -25,7 +25,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -80,7 +80,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -179,7 +179,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, PKU]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring, PKU]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -220,7 +220,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Run hello PKU
|
- name: Run hello PKU
|
||||||
run: |
|
run: |
|
||||||
if [[ "${{ matrix.self_runner[3] }}" == "PKU" ]]; then
|
if [[ "${{ matrix.self_runner[4] }}" == "PKU" ]]; then
|
||||||
docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/java && ./run_java_on_occlum.sh hello_pku"
|
docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/java && ./run_java_on_occlum.sh hello_pku"
|
||||||
else
|
else
|
||||||
echo "Skip PKU test"
|
echo "Skip PKU test"
|
||||||
@ -237,7 +237,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -289,7 +289,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -336,7 +336,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -383,7 +383,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -427,7 +427,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -505,7 +505,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -580,7 +580,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -677,7 +677,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -741,8 +741,15 @@ jobs:
|
|||||||
- name: Clone gvisor code
|
- name: Clone gvisor code
|
||||||
run: docker exec $gvisor_test bash -c "git clone https://github.com/occlum/gvisor.git"
|
run: docker exec $gvisor_test bash -c "git clone https://github.com/occlum/gvisor.git"
|
||||||
|
|
||||||
|
|
||||||
- name: Run gvisor syscall test
|
- name: Run gvisor syscall test
|
||||||
run: docker exec $gvisor_test bash -c "cd /root/gvisor/occlum; ./run_occlum_passed_tests.sh"
|
run: |
|
||||||
|
if [[ "${{ matrix.self_runner[3] }}" == "IO_Uring" ]]; then
|
||||||
|
docker exec $gvisor_test bash -c "cd /root/gvisor/occlum; ./run_occlum_passed_tests.sh uring";
|
||||||
|
else
|
||||||
|
docker exec $gvisor_test bash -c "cd /root/gvisor/occlum; ./run_occlum_passed_tests.sh";
|
||||||
|
fi;
|
||||||
|
shell: bash
|
||||||
|
|
||||||
- name: Clean the environment
|
- name: Clean the environment
|
||||||
if: ${{ always() }}
|
if: ${{ always() }}
|
||||||
@ -834,7 +841,7 @@ jobs:
|
|||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
# Tensorflow serving test requires AVX512 instruction support. Only the SGX2-HW machine has support for that.
|
# Tensorflow serving test requires AVX512 instruction support. Only the SGX2-HW machine has support for that.
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -920,7 +927,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -960,7 +967,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -1014,7 +1021,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -1069,7 +1076,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -1117,7 +1124,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -1152,6 +1159,15 @@ jobs:
|
|||||||
|
|
||||||
- name: Run netty unit test demo
|
- name: Run netty unit test demo
|
||||||
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/netty_ut && ./run_netty_ut_jdk8.sh"
|
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/netty_ut && ./run_netty_ut_jdk8.sh"
|
||||||
|
|
||||||
|
- name: Check netty unit demo results
|
||||||
|
run: |
|
||||||
|
if [[ "${{ matrix.self_runner[3] }}" == "IO_Uring" ]]; then
|
||||||
|
docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/netty_ut && cat netty-test-heap512m.log | grep '189 tests successful'";
|
||||||
|
else
|
||||||
|
docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/netty_ut && cat netty-test-heap512m.log | grep '190 tests successful'";
|
||||||
|
fi
|
||||||
|
shell: bash
|
||||||
|
|
||||||
- name: Clean the environment
|
- name: Clean the environment
|
||||||
if: ${{ always() }}
|
if: ${{ always() }}
|
||||||
@ -1163,7 +1179,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
@ -1198,7 +1214,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.self_runner }}
|
runs-on: ${{ matrix.self_runner }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM]]
|
self_runner: [[self-hosted, SGX2-HW], [self-hosted, SGX2-HW, EDMM, IO_Uring]]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clean before running
|
- name: Clean before running
|
||||||
|
@ -149,25 +149,25 @@ jobs:
|
|||||||
aptly -no-remove snapshot merge focal-main focal-old focal-new
|
aptly -no-remove snapshot merge focal-main focal-old focal-new
|
||||||
aptly publish snapshot -distribution=focal focal-main
|
aptly publish snapshot -distribution=focal focal-main
|
||||||
|
|
||||||
# - name: Update apt repo for Ubuntu 22.04
|
- name: Update apt repo for Ubuntu 22.04
|
||||||
# run: |
|
|
||||||
# export PATH=/usr/local/bin/aptly_1.5.0_linux_amd64:$PATH
|
|
||||||
# aptly -architectures="amd64" -keyring=/etc/apt/trusted.gpg mirror create jammy-mirror https://occlum.io/occlum-package-repos/debian jammy main
|
|
||||||
# aptly -keyring=/etc/apt/trusted.gpg mirror update jammy-mirror
|
|
||||||
# aptly snapshot create jammy-old from mirror jammy-mirror
|
|
||||||
# aptly -distribution='jammy' -architectures=amd64 repo create deb-jammy-new
|
|
||||||
# aptly repo add deb-jammy-new $GITHUB_WORKSPACE/jammy-debs/*
|
|
||||||
# aptly snapshot create jammy-new from repo deb-jammy-new
|
|
||||||
# aptly -no-remove snapshot merge jammy-main jammy-old jammy-new
|
|
||||||
# aptly publish snapshot -distribution=jammy jammy-main
|
|
||||||
|
|
||||||
- name: Update apt repo for Ubuntu 22.04 for first time
|
|
||||||
run: |
|
run: |
|
||||||
export PATH=/usr/local/bin/aptly_1.5.0_linux_amd64:$PATH
|
export PATH=/usr/local/bin/aptly_1.5.0_linux_amd64:$PATH
|
||||||
|
aptly -architectures="amd64" -keyring=/etc/apt/trusted.gpg mirror create jammy-mirror https://occlum.io/occlum-package-repos/debian jammy main
|
||||||
|
aptly -keyring=/etc/apt/trusted.gpg mirror update jammy-mirror
|
||||||
|
aptly snapshot create jammy-old from mirror jammy-mirror
|
||||||
aptly -distribution='jammy' -architectures=amd64 repo create deb-jammy-new
|
aptly -distribution='jammy' -architectures=amd64 repo create deb-jammy-new
|
||||||
aptly repo add deb-jammy-new $GITHUB_WORKSPACE/jammy-debs/*
|
aptly repo add deb-jammy-new $GITHUB_WORKSPACE/jammy-debs/*
|
||||||
aptly snapshot create jammy-new from repo deb-jammy-new
|
aptly snapshot create jammy-new from repo deb-jammy-new
|
||||||
aptly publish snapshot -distribution=jammy jammy-new
|
aptly -no-remove snapshot merge jammy-main jammy-old jammy-new
|
||||||
|
aptly publish snapshot -distribution=jammy jammy-main
|
||||||
|
|
||||||
|
# - name: Update apt repo for Ubuntu 22.04 for first time
|
||||||
|
# run: |
|
||||||
|
# export PATH=/usr/local/bin/aptly_1.5.0_linux_amd64:$PATH
|
||||||
|
# aptly -distribution='jammy' -architectures=amd64 repo create deb-jammy-new
|
||||||
|
# aptly repo add deb-jammy-new $GITHUB_WORKSPACE/jammy-debs/*
|
||||||
|
# aptly snapshot create jammy-new from repo deb-jammy-new
|
||||||
|
# aptly publish snapshot -distribution=jammy jammy-new
|
||||||
|
|
||||||
- name: Update Git repo
|
- name: Update Git repo
|
||||||
run: |
|
run: |
|
||||||
|
6
.gitignore
vendored
6
.gitignore
vendored
@ -6,3 +6,9 @@ build/
|
|||||||
.DS_Store
|
.DS_Store
|
||||||
src/libos/target/
|
src/libos/target/
|
||||||
tools/toolchains/dcap_lib/target/
|
tools/toolchains/dcap_lib/target/
|
||||||
|
|
||||||
|
# Added by DeTEE
|
||||||
|
**/target
|
||||||
|
**/Cargo.lock
|
||||||
|
.idea
|
||||||
|
|
||||||
|
24
README.md
24
README.md
@ -64,3 +64,27 @@ Thanks go to [all these wonderful contributors to this project](CONTRIBUTORS.md)
|
|||||||
## License
|
## License
|
||||||
|
|
||||||
Occlum is released under BSD License. See the copyright information [here](LICENSE).
|
Occlum is released under BSD License. See the copyright information [here](LICENSE).
|
||||||
|
|
||||||
|
## DeTEE
|
||||||
|
|
||||||
|
Occlum is a part of the DeTEE project. DeTEE is a research project that aims to provide a secure and efficient computing environment for data-intensive applications.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Run the occlum ubuntu 20.04 docker container
|
||||||
|
docker run --device /dev/sgx/enclave --device /dev/sgx/provision --rm --name valytest -it -v /home/vfaychuk:/root/vfaychuk occlum/occlum:latest-ubuntu20.04
|
||||||
|
# inside the container run the following commands
|
||||||
|
apt update && apt install -y ssh-client
|
||||||
|
mkdir -p /root/.ssh && vim /root/.ssh/config
|
||||||
|
#Host gitea.detee.cloud
|
||||||
|
# IdentityFile ~/.ssh/gitea_ed25519
|
||||||
|
vim /root/.ssh/gitea_ed25519
|
||||||
|
# put the server private key to download the repo
|
||||||
|
chown -R root:root /root/.ssh
|
||||||
|
chmod 600 /root/.ssh/gitea_ed25519
|
||||||
|
ssh-keyscan -H gitea.detee.cloud > ~/.ssh/known_hosts
|
||||||
|
git clone git@gitea.detee.cloud:SGX/occlum.git
|
||||||
|
cd occlum && make submodule
|
||||||
|
cd tools/toolchains/utils_lib/
|
||||||
|
# following command installs the utils library which can derive sealing key of the enclave
|
||||||
|
./build.sh
|
||||||
|
```
|
@ -50,7 +50,6 @@ run_netty_ut() {
|
|||||||
-cp /usr/lib/netty/netty-testsuite-4.1.51.Final.jar:/usr/lib/netty/netty-all-4.1.51.Final.jar:/usr/lib/netty/xz-1.5.jar:/usr/lib/netty/hamcrest-library-1.3.jar:/usr/lib/netty/logback-classic-1.1.7.jar \
|
-cp /usr/lib/netty/netty-testsuite-4.1.51.Final.jar:/usr/lib/netty/netty-all-4.1.51.Final.jar:/usr/lib/netty/xz-1.5.jar:/usr/lib/netty/hamcrest-library-1.3.jar:/usr/lib/netty/logback-classic-1.1.7.jar \
|
||||||
--scan-class-path > netty-test-heap512m.log || true
|
--scan-class-path > netty-test-heap512m.log || true
|
||||||
cat netty-test-heap512m.log
|
cat netty-test-heap512m.log
|
||||||
cat netty-test-heap512m.log | grep "190 tests successful"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
run_netty_ut
|
run_netty_ut
|
||||||
|
2
deps/rust-sgx-sdk
vendored
2
deps/rust-sgx-sdk
vendored
@ -1 +1 @@
|
|||||||
Subproject commit 81384ce4d10c67eea5e1ba4ea332087940c1836b
|
Subproject commit 67af3f726726c27d6207e8da8b92922f4b513137
|
2
deps/sefs
vendored
2
deps/sefs
vendored
@ -1 +1 @@
|
|||||||
Subproject commit a4b47b5ac8204f7b1f74a58493a7a6b408c7cf35
|
Subproject commit 30bc4e02c153c092eca37affdb9c7610411a377f
|
58
deps/sefs-cli_hyper.patch
vendored
58
deps/sefs-cli_hyper.patch
vendored
@ -1,5 +1,17 @@
|
|||||||
|
From 21b67e210670f6c7cb7e88d9900699ac52b0c3b1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: ClawSeven <zehuan97@gmail.com>
|
||||||
|
Date: Tue, 23 Jul 2024 10:47:12 +0800
|
||||||
|
Subject: [PATCH] Adapt hyper patch with updated sdk
|
||||||
|
|
||||||
|
---
|
||||||
|
sefs-cli/Makefile | 42 ++++++++++++++++++++---------
|
||||||
|
sefs-cli/app/build.rs | 4 +++
|
||||||
|
sefs-cli/enclave/Enclave.config.xml | 1 +
|
||||||
|
sefs-cli/enclave/Enclave.lds | 3 +++
|
||||||
|
4 files changed, 38 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
diff --git a/sefs-cli/Makefile b/sefs-cli/Makefile
|
diff --git a/sefs-cli/Makefile b/sefs-cli/Makefile
|
||||||
index f0eeb8c..8c6fae0 100644
|
index f0eeb8c..50b9917 100644
|
||||||
--- a/sefs-cli/Makefile
|
--- a/sefs-cli/Makefile
|
||||||
+++ b/sefs-cli/Makefile
|
+++ b/sefs-cli/Makefile
|
||||||
@@ -14,13 +14,19 @@ endif
|
@@ -14,13 +14,19 @@ endif
|
||||||
@ -31,12 +43,14 @@ index f0eeb8c..8c6fae0 100644
|
|||||||
######## Enclave Settings ########
|
######## Enclave Settings ########
|
||||||
|
|
||||||
-ifneq ($(SGX_MODE), HW)
|
-ifneq ($(SGX_MODE), HW)
|
||||||
|
- Trts_Library_Name := sgx_trts_sim
|
||||||
|
- Service_Library_Name := sgx_tservice_sim
|
||||||
+ifeq ($(SGX_MODE), HW)
|
+ifeq ($(SGX_MODE), HW)
|
||||||
+ Trts_Library_Name := sgx_trts
|
+ Trts_Library_Name := sgx_trts
|
||||||
+ Service_Library_Name := sgx_tservice
|
+ Service_Library_Name := sgx_tservice
|
||||||
+else ifeq ($(SGX_MODE), SIM)
|
+else ifeq ($(SGX_MODE), SIM)
|
||||||
Trts_Library_Name := sgx_trts_sim
|
+ Trts_Library_Name := sgx_trts_sim
|
||||||
Service_Library_Name := sgx_tservice_sim
|
+ Service_Library_Name := sgx_tservice_sim
|
||||||
+else ifeq ($(SGX_MODE), HYPER)
|
+else ifeq ($(SGX_MODE), HYPER)
|
||||||
+ Trts_Library_Name := sgx_trts_hyper
|
+ Trts_Library_Name := sgx_trts_hyper
|
||||||
+ Service_Library_Name := sgx_tservice_hyper
|
+ Service_Library_Name := sgx_tservice_hyper
|
||||||
@ -48,12 +62,14 @@ index f0eeb8c..8c6fae0 100644
|
|||||||
-Wl,--version-script=enclave/Enclave.lds
|
-Wl,--version-script=enclave/Enclave.lds
|
||||||
|
|
||||||
-ifneq ($(SGX_MODE), HW)
|
-ifneq ($(SGX_MODE), HW)
|
||||||
|
- RustEnclave_Name := lib/libsefs-cli_sim.so
|
||||||
|
- App_Name := bin/sefs-cli_sim
|
||||||
+ifeq ($(SGX_MODE), HW)
|
+ifeq ($(SGX_MODE), HW)
|
||||||
+ RustEnclave_Name := lib/libsefs-cli.so
|
+ RustEnclave_Name := lib/libsefs-cli.so
|
||||||
+ App_Name := bin/sefs-cli
|
+ App_Name := bin/sefs-cli
|
||||||
+else ifeq ($(SGX_MODE), SIM)
|
+else ifeq ($(SGX_MODE), SIM)
|
||||||
RustEnclave_Name := lib/libsefs-cli_sim.so
|
+ RustEnclave_Name := lib/libsefs-cli_sim.so
|
||||||
App_Name := bin/sefs-cli_sim
|
+ App_Name := bin/sefs-cli_sim
|
||||||
+else ifeq ($(SGX_MODE), HYPER)
|
+else ifeq ($(SGX_MODE), HYPER)
|
||||||
+ RustEnclave_Name := lib/libsefs-cli_hyper.so
|
+ RustEnclave_Name := lib/libsefs-cli_hyper.so
|
||||||
+ App_Name := bin/sefs-cli_hyper
|
+ App_Name := bin/sefs-cli_hyper
|
||||||
@ -72,25 +88,20 @@ index f0eeb8c..8c6fae0 100644
|
|||||||
|
|
||||||
######## App Objects ########
|
######## App Objects ########
|
||||||
diff --git a/sefs-cli/app/build.rs b/sefs-cli/app/build.rs
|
diff --git a/sefs-cli/app/build.rs b/sefs-cli/app/build.rs
|
||||||
index 4bf4c0a..96391ac 100644
|
index 6d54f91..a523baf 100644
|
||||||
--- a/sefs-cli/app/build.rs
|
--- a/sefs-cli/app/build.rs
|
||||||
+++ b/sefs-cli/app/build.rs
|
+++ b/sefs-cli/app/build.rs
|
||||||
@@ -14,6 +14,7 @@ fn main() {
|
@@ -29,6 +29,10 @@ fn main() {
|
||||||
match is_sim.as_ref() {
|
println!("cargo:rustc-link-lib=dylib=sgx_urts");
|
||||||
"SW" | "SIM" => println!("cargo:rustc-link-lib=static=sgx_urts_sim_with_se_event"),
|
println!("cargo:rustc-link-lib=dylib=sgx_uae_service");
|
||||||
"HW" => println!("cargo:rustc-link-lib=dylib=sgx_urts"),
|
}
|
||||||
+ "HYPER" => println!("cargo:rustc-link-lib=static=sgx_urts_hyper_with_se_event"),
|
+ "HYPER" => {
|
||||||
_ => println!("cargo:rustc-link-lib=dylib=sgx_urts"), // Treat undefined as HW
|
+ println!("cargo:rustc-link-lib=dylib=sgx_urts_hyper");
|
||||||
}
|
+ println!("cargo:rustc-link-lib=dylib=sgx_uae_service_hyper");
|
||||||
|
+ }
|
||||||
@@ -21,6 +22,7 @@ fn main() {
|
_ => {
|
||||||
match is_sim.as_ref() {
|
println!("cargo:rustc-link-lib=dylib=sgx_urts");
|
||||||
"SW" | "SIM" => println!("cargo:rustc-link-lib=dylib=sgx_uae_service_sim"),
|
println!("cargo:rustc-link-lib=dylib=sgx_uae_service");
|
||||||
"HW" => println!("cargo:rustc-link-lib=dylib=sgx_uae_service"),
|
|
||||||
+ "HYPER" => println!("cargo:rustc-link-lib=dylib=sgx_uae_service_hyper"),
|
|
||||||
_ => println!("cargo:rustc-link-lib=dylib=sgx_uae_service"), // Treat undefined as HW
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/sefs-cli/enclave/Enclave.config.xml b/sefs-cli/enclave/Enclave.config.xml
|
diff --git a/sefs-cli/enclave/Enclave.config.xml b/sefs-cli/enclave/Enclave.config.xml
|
||||||
index 109fcd2..e69f2b6 100644
|
index 109fcd2..e69f2b6 100644
|
||||||
--- a/sefs-cli/enclave/Enclave.config.xml
|
--- a/sefs-cli/enclave/Enclave.config.xml
|
||||||
@ -119,3 +130,6 @@ index 92bebf2..d93532c 100644
|
|||||||
local:
|
local:
|
||||||
*;
|
*;
|
||||||
};
|
};
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ pub struct QuoteVerifier {
|
|||||||
|
|
||||||
// The latest QvE ISVSVN from Intel PCS.
|
// The latest QvE ISVSVN from Intel PCS.
|
||||||
// It should be updated when a newer QvE is released.
|
// It should be updated when a newer QvE is released.
|
||||||
const QVE_ISVSVN_THRESHOLD: sgx_isv_svn_t = 5;
|
const QVE_ISVSVN_THRESHOLD: sgx_isv_svn_t = 7;
|
||||||
|
|
||||||
impl QuoteVerifier {
|
impl QuoteVerifier {
|
||||||
pub fn new() -> Option<Self> {
|
pub fn new() -> Option<Self> {
|
||||||
|
@ -86,8 +86,8 @@ RUN curl https://sh.rustup.rs -sSf | \
|
|||||||
cargo -V
|
cargo -V
|
||||||
|
|
||||||
# Install SGX PSW
|
# Install SGX PSW
|
||||||
ARG PSW_VERSION=2.20.100.4
|
ARG PSW_VERSION=2.21.100.1
|
||||||
ARG DCAP_VERSION=1.17.100.4
|
ARG DCAP_VERSION=1.18.100.1
|
||||||
RUN apt-get update && aptitude install -y \
|
RUN apt-get update && aptitude install -y \
|
||||||
libsgx-launch-dev=$PSW_VERSION-focal1 \
|
libsgx-launch-dev=$PSW_VERSION-focal1 \
|
||||||
libsgx-epid-dev=$PSW_VERSION-focal1 \
|
libsgx-epid-dev=$PSW_VERSION-focal1 \
|
||||||
@ -125,7 +125,7 @@ RUN apt-get update && aptitude install -y \
|
|||||||
|
|
||||||
# Install SGX SDK
|
# Install SGX SDK
|
||||||
WORKDIR /tmp
|
WORKDIR /tmp
|
||||||
RUN git clone -b sgx_2.20_for_occlum https://github.com/occlum/linux-sgx && \
|
RUN git clone -b sgx_2.21_for_occlum https://github.com/occlum/linux-sgx && \
|
||||||
mkdir /etc/init && \
|
mkdir /etc/init && \
|
||||||
cd linux-sgx && \
|
cd linux-sgx && \
|
||||||
make preparation && \
|
make preparation && \
|
||||||
|
@ -3,9 +3,9 @@ LABEL maintainer="Qi Zheng <huaiqing.zq@antgroup.com>"
|
|||||||
|
|
||||||
# Install SGX DCAP and Occlum runtime
|
# Install SGX DCAP and Occlum runtime
|
||||||
ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1
|
ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1
|
||||||
ARG PSW_VERSION=2.20.100.4
|
ARG PSW_VERSION=2.21.100.1
|
||||||
ARG DCAP_VERSION=1.17.100.4
|
ARG DCAP_VERSION=1.18.100.1
|
||||||
ARG OCCLUM_VERSION=0.30.0
|
ARG OCCLUM_VERSION=0.31.0
|
||||||
RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends gnupg wget ca-certificates jq && \
|
RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends gnupg wget ca-certificates jq && \
|
||||||
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
|
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
|
||||||
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \
|
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \
|
||||||
@ -27,7 +27,7 @@ RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-r
|
|||||||
libsgx-qe3-logic=$DCAP_VERSION-focal1 \
|
libsgx-qe3-logic=$DCAP_VERSION-focal1 \
|
||||||
libsgx-dcap-default-qpl=$DCAP_VERSION-focal1 \
|
libsgx-dcap-default-qpl=$DCAP_VERSION-focal1 \
|
||||||
libsgx-dcap-quote-verify=$DCAP_VERSION-focal1 \
|
libsgx-dcap-quote-verify=$DCAP_VERSION-focal1 \
|
||||||
occlum-runtime=$OCCLUM_VERSION-1 \
|
occlum-runtime=$OCCLUM_VERSION-focal-1 \
|
||||||
&& \
|
&& \
|
||||||
apt clean && \
|
apt clean && \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/*
|
||||||
@ -35,7 +35,7 @@ RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-r
|
|||||||
COPY docker-entrypoint.sh /usr/local/bin/
|
COPY docker-entrypoint.sh /usr/local/bin/
|
||||||
|
|
||||||
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
|
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
|
||||||
# This PCCS value could be updated by env passed from user by below entryp
|
# This PCCS value could be updated by env passed from user by below entrypoint
|
||||||
ENV PCCS_URL="https://localhost:8081/sgx/certification/v3/"
|
ENV PCCS_URL="https://localhost:8081/sgx/certification/v3/"
|
||||||
ENV USE_SECURE_CERT=true
|
ENV USE_SECURE_CERT=true
|
||||||
|
|
||||||
|
@ -86,8 +86,8 @@ RUN curl https://sh.rustup.rs -sSf | \
|
|||||||
cargo -V
|
cargo -V
|
||||||
|
|
||||||
# Install SGX PSW
|
# Install SGX PSW
|
||||||
ARG PSW_VERSION=2.20.100.4
|
ARG PSW_VERSION=2.21.100.1
|
||||||
ARG DCAP_VERSION=1.17.100.4
|
ARG DCAP_VERSION=1.18.100.1
|
||||||
RUN apt-get update && aptitude install -y \
|
RUN apt-get update && aptitude install -y \
|
||||||
libsgx-launch-dev=$PSW_VERSION-jammy1 \
|
libsgx-launch-dev=$PSW_VERSION-jammy1 \
|
||||||
libsgx-epid-dev=$PSW_VERSION-jammy1 \
|
libsgx-epid-dev=$PSW_VERSION-jammy1 \
|
||||||
@ -125,7 +125,7 @@ RUN apt-get update && aptitude install -y \
|
|||||||
|
|
||||||
# Install SGX SDK
|
# Install SGX SDK
|
||||||
WORKDIR /tmp
|
WORKDIR /tmp
|
||||||
RUN git clone -b sgx_2.20_for_occlum https://github.com/occlum/linux-sgx && \
|
RUN git clone -b sgx_2.21_for_occlum https://github.com/occlum/linux-sgx && \
|
||||||
mkdir /etc/init && \
|
mkdir /etc/init && \
|
||||||
cd linux-sgx && \
|
cd linux-sgx && \
|
||||||
make preparation && \
|
make preparation && \
|
||||||
@ -188,9 +188,9 @@ COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK8_PATH/jre/lib/security/cacer
|
|||||||
WORKDIR /root/occlum/tools/toolchains
|
WORKDIR /root/occlum/tools/toolchains
|
||||||
RUN cd dcap_lib && ./build.sh && cd .. && rm -rf dcap_lib
|
RUN cd dcap_lib && ./build.sh && cd .. && rm -rf dcap_lib
|
||||||
|
|
||||||
# # Install AECS Client library
|
# Install AECS Client library
|
||||||
# WORKDIR /root/occlum/tools/toolchains
|
WORKDIR /root/occlum/tools/toolchains
|
||||||
# RUN cd aecs_client && ./build.sh && cd .. && rm -rf aecs_client
|
RUN cd aecs_client && ./build.sh && cd .. && rm -rf aecs_client
|
||||||
|
|
||||||
# Install GRPC RATLS
|
# Install GRPC RATLS
|
||||||
WORKDIR /root/occlum/tools/toolchains
|
WORKDIR /root/occlum/tools/toolchains
|
||||||
@ -200,8 +200,8 @@ RUN cd grpc_ratls && ./build.sh && cd .. && rm -rf grpc_ratls && rm -rf /tmp/grp
|
|||||||
WORKDIR /root
|
WORKDIR /root
|
||||||
RUN cd occlum && \
|
RUN cd occlum && \
|
||||||
source /opt/intel/sgxsdk/environment && \
|
source /opt/intel/sgxsdk/environment && \
|
||||||
OCCLUM_NO_INIT_RA_AECS=1 make submodule && \
|
make submodule && \
|
||||||
OCCLUM_RELEASE_BUILD=1 OCCLUM_NO_INIT_RA_AECS=1 make install && \
|
OCCLUM_RELEASE_BUILD=1 make install && \
|
||||||
cp -r demos /root/demos && \
|
cp -r demos /root/demos && \
|
||||||
rm -rf /root/occlum
|
rm -rf /root/occlum
|
||||||
|
|
||||||
|
@ -1,26 +1,16 @@
|
|||||||
ARG OCCLUM_DEV_IMG=occlum/occlum:0.30.1-test-ubuntu22.04
|
|
||||||
FROM $OCCLUM_DEV_IMG as base
|
|
||||||
|
|
||||||
# Download the Occlum source
|
|
||||||
ARG OCCLUM_BRANCH=0.30.1-dev
|
|
||||||
WORKDIR /root
|
|
||||||
RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum
|
|
||||||
|
|
||||||
# Build Occlum debian packages
|
|
||||||
WORKDIR /root/occlum/tools/installer/deb
|
|
||||||
RUN make && make musl-gcc && GLIBC_VERSION=2.35 make glibc
|
|
||||||
|
|
||||||
|
|
||||||
FROM ubuntu:22.04
|
FROM ubuntu:22.04
|
||||||
LABEL maintainer="Qi Zheng <huaiqing.zq@antgroup.com>"
|
LABEL maintainer="Qi Zheng <huaiqing.zq@antgroup.com>"
|
||||||
|
|
||||||
# Install SGX DCAP and PSW
|
# Install SGX DCAP and PSW
|
||||||
ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1
|
ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1
|
||||||
ARG PSW_VERSION=2.20.100.4
|
ARG PSW_VERSION=2.21.100.1
|
||||||
ARG DCAP_VERSION=1.17.100.4
|
ARG DCAP_VERSION=1.18.100.1
|
||||||
|
ARG OCCLUM_VERSION=0.31.0
|
||||||
RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends gnupg wget ca-certificates jq && \
|
RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends gnupg wget ca-certificates jq && \
|
||||||
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
|
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
|
||||||
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \
|
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \
|
||||||
|
echo 'deb [arch=amd64] https://occlum.io/occlum-package-repos/debian jammy main' | tee /etc/apt/sources.list.d/occlum.list && \
|
||||||
|
wget -qO - https://occlum.io/occlum-package-repos/debian/public.key | apt-key add - && \
|
||||||
apt update && apt install -y --no-install-recommends \
|
apt update && apt install -y --no-install-recommends \
|
||||||
libsgx-launch=$PSW_VERSION-jammy1 \
|
libsgx-launch=$PSW_VERSION-jammy1 \
|
||||||
libsgx-epid=$PSW_VERSION-jammy1 \
|
libsgx-epid=$PSW_VERSION-jammy1 \
|
||||||
@ -37,14 +27,11 @@ RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-r
|
|||||||
libsgx-qe3-logic=$DCAP_VERSION-jammy1 \
|
libsgx-qe3-logic=$DCAP_VERSION-jammy1 \
|
||||||
libsgx-dcap-default-qpl=$DCAP_VERSION-jammy1 \
|
libsgx-dcap-default-qpl=$DCAP_VERSION-jammy1 \
|
||||||
libsgx-dcap-quote-verify=$DCAP_VERSION-jammy1 \
|
libsgx-dcap-quote-verify=$DCAP_VERSION-jammy1 \
|
||||||
|
occlum-runtime=$OCCLUM_VERSION-jammy-1 \
|
||||||
&& \
|
&& \
|
||||||
apt clean && \
|
apt clean && \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# Only runtime deb package is required for occlum run
|
|
||||||
COPY --from=base /tmp/deb_build/occlum-runtime_*.deb /tmp
|
|
||||||
RUN cd /tmp && dpkg -i *.deb && rm -rf *.deb
|
|
||||||
|
|
||||||
COPY docker-entrypoint.sh /usr/local/bin/
|
COPY docker-entrypoint.sh /usr/local/bin/
|
||||||
|
|
||||||
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
|
ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
|
||||||
|
@ -53,9 +53,9 @@ endif
|
|||||||
######## App Settings ########
|
######## App Settings ########
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
ifneq ($(SGX_MODE), HW)
|
||||||
# Tools are built in simulation mode by default and should be built with sgx_urts_sim_with_se_event
|
# Tools are built in simulation mode by default and should be built with sgx_urts_sim
|
||||||
# to resolve undefined symbols
|
# to resolve undefined symbols
|
||||||
URTS_LIBRARY_NAME := sgx_urts_sim_with_se_event
|
URTS_LIBRARY_NAME := sgx_urts_sim
|
||||||
else
|
else
|
||||||
URTS_LIBRARY_NAME := sgx_urts
|
URTS_LIBRARY_NAME := sgx_urts
|
||||||
endif
|
endif
|
||||||
|
@ -3,12 +3,13 @@ set -e
|
|||||||
|
|
||||||
script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
||||||
INSTALL_DIR=/opt/occlum/toolchains/aecs_client
|
INSTALL_DIR=/opt/occlum/toolchains/aecs_client
|
||||||
|
OCCLUM_INSTALL_DIR=/usr/local/occlum/x86_64-linux-gnu/lib
|
||||||
AECS_DIR=${script_dir}/enclave-configuration-service
|
AECS_DIR=${script_dir}/enclave-configuration-service
|
||||||
|
|
||||||
# Default TEE TYPE is SGX2, also support HYPERENCLAVE
|
# Default TEE TYPE is SGX2, also support HYPERENCLAVE
|
||||||
TEETYPE=${1:-SGX2}
|
TEETYPE=${1:-SGX2}
|
||||||
|
|
||||||
git clone -b v2.0.0 https://github.com/SOFAEnclave/enclave-configuration-service.git
|
git clone -b occlum-init-ra https://github.com/occlum/enclave-configuration-service.git
|
||||||
|
|
||||||
pushd ${AECS_DIR}
|
pushd ${AECS_DIR}
|
||||||
git submodule update --init --recursive
|
git submodule update --init --recursive
|
||||||
@ -22,7 +23,9 @@ echo "Move AECS client libraries to toolchain path"
|
|||||||
mkdir -p ${INSTALL_DIR}
|
mkdir -p ${INSTALL_DIR}
|
||||||
cp ./build/out/libaecs_client.so ${INSTALL_DIR}/
|
cp ./build/out/libaecs_client.so ${INSTALL_DIR}/
|
||||||
cp ./build/out/libual.so ${INSTALL_DIR}/
|
cp ./build/out/libual.so ${INSTALL_DIR}/
|
||||||
cp /usr/local/occlum/x86_64-linux-gnu/lib/libcurl_static.a ${INSTALL_DIR}/
|
cp $OCCLUM_INSTALL_DIR/libcurl_static.a ${INSTALL_DIR}/
|
||||||
|
[ -f $OCCLUM_INSTALL_DIR/libssl.so ] && cp $OCCLUM_INSTALL_DIR/libssl.so* ${INSTALL_DIR}/
|
||||||
|
[ -f $OCCLUM_INSTALL_DIR/libcrypto.so ] && cp $OCCLUM_INSTALL_DIR/libcrypto.so* ${INSTALL_DIR}/
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# Clean up
|
# Clean up
|
||||||
|
@ -8,31 +8,32 @@
|
|||||||
#include "sgx_qve_header.h"
|
#include "sgx_qve_header.h"
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C"
|
||||||
|
{
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void *dcap_quote_open(void);
|
void *dcap_quote_open(void);
|
||||||
|
|
||||||
uint32_t dcap_get_quote_size(void *handle);
|
uint32_t dcap_get_quote_size(void *handle);
|
||||||
|
|
||||||
int32_t dcap_generate_quote(void *handle, uint8_t *quote_buf, const sgx_report_data_t *report_data);
|
int32_t dcap_generate_quote(void *handle, uint8_t *quote_buf, const sgx_report_data_t *report_data);
|
||||||
|
|
||||||
uint32_t dcap_get_supplemental_data_size(void *handle);
|
uint32_t dcap_get_supplemental_data_size(void *handle);
|
||||||
|
|
||||||
int32_t dcap_verify_quote(void *handle,
|
int32_t dcap_verify_quote(void *handle,
|
||||||
const uint8_t *quote_buf,
|
const uint8_t *quote_buf,
|
||||||
uint32_t quote_size,
|
uint32_t quote_size,
|
||||||
uint32_t *collateral_expiration_status,
|
uint32_t *collateral_expiration_status,
|
||||||
sgx_ql_qv_result_t *quote_verification_result,
|
sgx_ql_qv_result_t *quote_verification_result,
|
||||||
uint32_t supplemental_data_size,
|
uint32_t supplemental_data_size,
|
||||||
uint8_t *supplemental_data);
|
uint8_t *supplemental_data);
|
||||||
|
|
||||||
|
// int32_t dcap_generate_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request);
|
||||||
|
|
||||||
void dcap_quote_close(void *handle);
|
void dcap_quote_close(void *handle);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -67,17 +67,39 @@ pub extern "C" fn dcap_verify_quote(
|
|||||||
let dcap = unsafe { &mut *(handle as *mut DcapQuote) };
|
let dcap = unsafe { &mut *(handle as *mut DcapQuote) };
|
||||||
|
|
||||||
let mut verify_arg = IoctlVerDCAPQuoteArg {
|
let mut verify_arg = IoctlVerDCAPQuoteArg {
|
||||||
quote_buf: quote_buf,
|
quote_buf,
|
||||||
quote_size: quote_size,
|
quote_size,
|
||||||
collateral_expiration_status: collateral_expiration_status,
|
collateral_expiration_status,
|
||||||
quote_verification_result: quote_verification_result,
|
quote_verification_result,
|
||||||
supplemental_data_size: supplemental_data_size,
|
supplemental_data_size,
|
||||||
supplemental_data: supplemental_data,
|
supplemental_data,
|
||||||
};
|
};
|
||||||
|
|
||||||
dcap.verify_quote(&mut verify_arg).unwrap_or(-1)
|
dcap.verify_quote(&mut verify_arg).unwrap_or(-1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
#[no_mangle]
|
||||||
|
pub extern "C" fn dcap_generate_key(
|
||||||
|
handle: *mut c_void,
|
||||||
|
key: *mut sgx_key_128bit_t,
|
||||||
|
key_request: *const sgx_key_request_t,
|
||||||
|
) -> i32 {
|
||||||
|
if handle.is_null() {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
let dcap = unsafe { &mut *(handle as *mut DcapQuote) };
|
||||||
|
|
||||||
|
let mut key_arg = IoctlGetKeyArg {
|
||||||
|
key_request,
|
||||||
|
key
|
||||||
|
};
|
||||||
|
|
||||||
|
dcap.generate_key(&mut key_arg).unwrap_or(-1)
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
#[no_mangle]
|
#[no_mangle]
|
||||||
pub extern "C" fn dcap_quote_close(handle: *mut c_void) {
|
pub extern "C" fn dcap_quote_close(handle: *mut c_void) {
|
||||||
if handle.is_null() {
|
if handle.is_null() {
|
||||||
|
@ -5,6 +5,7 @@ const SGXIOC_GET_DCAP_QUOTE_SIZE: u64 = 0x80047307;
|
|||||||
const SGXIOC_GEN_DCAP_QUOTE: u64 = 0xc0187308;
|
const SGXIOC_GEN_DCAP_QUOTE: u64 = 0xc0187308;
|
||||||
const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = 0x80047309;
|
const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = 0x80047309;
|
||||||
const SGXIOC_VER_DCAP_QUOTE: u64 = 0xc030730a;
|
const SGXIOC_VER_DCAP_QUOTE: u64 = 0xc030730a;
|
||||||
|
// const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b;
|
||||||
|
|
||||||
cfg_if::cfg_if! {
|
cfg_if::cfg_if! {
|
||||||
if #[cfg(target_env = "musl")] {
|
if #[cfg(target_env = "musl")] {
|
||||||
@ -12,11 +13,13 @@ cfg_if::cfg_if! {
|
|||||||
const IOCTL_GEN_DCAP_QUOTE: i32 = SGXIOC_GEN_DCAP_QUOTE as i32;
|
const IOCTL_GEN_DCAP_QUOTE: i32 = SGXIOC_GEN_DCAP_QUOTE as i32;
|
||||||
const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: i32 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE as i32;
|
const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: i32 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE as i32;
|
||||||
const IOCTL_VER_DCAP_QUOTE: i32 = SGXIOC_VER_DCAP_QUOTE as i32;
|
const IOCTL_VER_DCAP_QUOTE: i32 = SGXIOC_VER_DCAP_QUOTE as i32;
|
||||||
|
// const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32;
|
||||||
} else {
|
} else {
|
||||||
const IOCTL_GET_DCAP_QUOTE_SIZE: u64 = SGXIOC_GET_DCAP_QUOTE_SIZE;
|
const IOCTL_GET_DCAP_QUOTE_SIZE: u64 = SGXIOC_GET_DCAP_QUOTE_SIZE;
|
||||||
const IOCTL_GEN_DCAP_QUOTE: u64 = SGXIOC_GEN_DCAP_QUOTE;
|
const IOCTL_GEN_DCAP_QUOTE: u64 = SGXIOC_GEN_DCAP_QUOTE;
|
||||||
const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE;
|
const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE;
|
||||||
const IOCTL_VER_DCAP_QUOTE: u64 = SGXIOC_VER_DCAP_QUOTE;
|
const IOCTL_VER_DCAP_QUOTE: u64 = SGXIOC_VER_DCAP_QUOTE;
|
||||||
|
// const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -41,6 +44,16 @@ pub struct IoctlVerDCAPQuoteArg {
|
|||||||
pub supplemental_data: *mut u8, // Output (optional)
|
pub supplemental_data: *mut u8, // Output (optional)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
// Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs
|
||||||
|
//#[allow(dead_code)]
|
||||||
|
#[repr(C)]
|
||||||
|
pub struct IoctlGetKeyArg {
|
||||||
|
pub key_request: *const sgx_key_request_t, // Input
|
||||||
|
pub key: *mut sgx_key_128bit_t, // Output
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
pub struct DcapQuote {
|
pub struct DcapQuote {
|
||||||
fd: c_int,
|
fd: c_int,
|
||||||
quote_size: u32,
|
quote_size: u32,
|
||||||
@ -122,6 +135,19 @@ impl DcapQuote {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
pub fn generate_key(&mut self, key_arg: *mut IoctlGetKeyArg) -> Result<i32, Error> {
|
||||||
|
let ret = unsafe { libc::ioctl(self.fd, IOCTL_CMD_NUM_KEY, key_arg) };
|
||||||
|
if ret < 0 {
|
||||||
|
let os_err = Error::last_os_error();
|
||||||
|
println!("OS error: {os_err:?}");
|
||||||
|
Err(os_err)
|
||||||
|
} else {
|
||||||
|
Ok(0)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
pub fn close(&mut self) {
|
pub fn close(&mut self) {
|
||||||
unsafe { libc::close(self.fd) };
|
unsafe { libc::close(self.fd) };
|
||||||
}
|
}
|
||||||
|
@ -4,5 +4,9 @@ pub use std::io::Error;
|
|||||||
|
|
||||||
// Defined in "occlum/deps/rust-sgx-sdk/sgx_types"
|
// Defined in "occlum/deps/rust-sgx-sdk/sgx_types"
|
||||||
pub use sgx_types::{
|
pub use sgx_types::{
|
||||||
sgx_ql_qv_result_t, sgx_quote3_t, sgx_quote_header_t, sgx_report_body_t, sgx_report_data_t,
|
sgx_ql_qv_result_t,
|
||||||
|
sgx_quote3_t,
|
||||||
|
sgx_quote_header_t,
|
||||||
|
sgx_report_body_t,
|
||||||
|
sgx_report_data_t, // sgx_key_request_t, sgx_key_128bit_t,
|
||||||
};
|
};
|
||||||
|
22
tools/toolchains/utils_lib/Cargo.toml
Normal file
22
tools/toolchains/utils_lib/Cargo.toml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
[package]
|
||||||
|
name = "occlum_utils"
|
||||||
|
version = "0.1.0"
|
||||||
|
authors = ["Zheng, Qi <huaiqing.zq@antgroup.com>"]
|
||||||
|
edition = "2021"
|
||||||
|
|
||||||
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
sgx_types = { path = "../../../deps/rust-sgx-sdk/sgx_types" }
|
||||||
|
libc = "0.2"
|
||||||
|
cfg-if = "1.0.0"
|
||||||
|
|
||||||
|
[lib]
|
||||||
|
crate-type = ["cdylib", "rlib", "staticlib"]
|
||||||
|
|
||||||
|
|
||||||
|
[[example]]
|
||||||
|
name = "generate_key"
|
||||||
|
|
||||||
|
[dev-dependencies]
|
||||||
|
occlum_dcap = { path = "../dcap_lib" }
|
42
tools/toolchains/utils_lib/build.sh
Executable file
42
tools/toolchains/utils_lib/build.sh
Executable file
@ -0,0 +1,42 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
INSTALL_DIR=/opt/occlum/toolchains/utils_lib
|
||||||
|
SONAME=libocclum_utils.so.0.1.0
|
||||||
|
|
||||||
|
function build_lib() {
|
||||||
|
if [[ $1 == "musl" ]]; then
|
||||||
|
echo "*** Build and install musl-libc utils ***"
|
||||||
|
CARGO=occlum-cargo
|
||||||
|
TARGET_PATH=target/x86_64-unknown-linux-musl/release
|
||||||
|
LIB_PATH=${INSTALL_DIR}/musl/
|
||||||
|
else
|
||||||
|
echo "*** Build and install glibc utils ***"
|
||||||
|
CARGO=cargo
|
||||||
|
TARGET_PATH=target/release
|
||||||
|
LIB_PATH=${INSTALL_DIR}/glibc/
|
||||||
|
fi
|
||||||
|
|
||||||
|
# cargo build libs and rust example
|
||||||
|
$CARGO clean
|
||||||
|
$CARGO rustc --release -- -Clink-arg=-Wl,-soname,$SONAME
|
||||||
|
$CARGO build --release --examples
|
||||||
|
|
||||||
|
# Copy files
|
||||||
|
mkdir -p ${LIB_PATH}
|
||||||
|
cp ${TARGET_PATH}/libocclum_utils.a ${LIB_PATH}
|
||||||
|
# cp ${TARGET_PATH}/examples/generate_key ${LIB_PATH} # Not used as library
|
||||||
|
|
||||||
|
# Create SO links
|
||||||
|
pushd ${TARGET_PATH}
|
||||||
|
strip libocclum_utils.so
|
||||||
|
mv libocclum_utils.so $SONAME
|
||||||
|
ln -s $SONAME libocclum_utils.so
|
||||||
|
popd
|
||||||
|
cp -Pf ${TARGET_PATH}/libocclum_utils.so* ${LIB_PATH}
|
||||||
|
}
|
||||||
|
|
||||||
|
build_lib musl
|
||||||
|
build_lib glibc
|
||||||
|
|
||||||
|
cp -r inc ${INSTALL_DIR}/
|
64
tools/toolchains/utils_lib/examples/generate_key.rs
Normal file
64
tools/toolchains/utils_lib/examples/generate_key.rs
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
use occlum_utils::*;
|
||||||
|
use sgx_types::{
|
||||||
|
sgx_attributes_t, sgx_key_id_t, sgx_misc_select_t, SGX_KEYPOLICY_MRSIGNER, SGX_KEYSELECT_SEAL,
|
||||||
|
SGX_KEY_REQUEST_RESERVED2_BYTES, TSEAL_DEFAULT_FLAGSMASK, TSEAL_DEFAULT_MISCMASK,
|
||||||
|
};
|
||||||
|
|
||||||
|
use occlum_dcap::{sgx_quote_header_t, sgx_report_body_t, sgx_report_data_t, DcapQuote};
|
||||||
|
|
||||||
|
fn main() {
|
||||||
|
let handle = utils_ioctl_open();
|
||||||
|
|
||||||
|
let dcap_handle = unsafe { &mut *(handle as *mut DcapQuote) };
|
||||||
|
|
||||||
|
let quote_size = dcap_handle.get_quote_size().unwrap_or_default();
|
||||||
|
|
||||||
|
let mut quote_buf: Vec<u8> = vec![0; quote_size as usize];
|
||||||
|
let report_str = "utils demo sample";
|
||||||
|
|
||||||
|
let mut report_data = sgx_report_data_t::default();
|
||||||
|
report_data.d[..report_str.len()].copy_from_slice(report_str.as_bytes());
|
||||||
|
|
||||||
|
let report_data = report_data as sgx_report_data_t;
|
||||||
|
|
||||||
|
let _ = dcap_handle
|
||||||
|
.generate_quote(quote_buf.as_mut_ptr(), &report_data)
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
println!("===============================");
|
||||||
|
|
||||||
|
dbg!("e_buf);
|
||||||
|
|
||||||
|
let report_body_offset = std::mem::size_of::<sgx_quote_header_t>();
|
||||||
|
let report_body: *const sgx_report_body_t = (quote_buf[report_body_offset..]).as_ptr() as _;
|
||||||
|
let report_body: sgx_report_body_t = unsafe { *report_body };
|
||||||
|
|
||||||
|
let key_policy = SGX_KEYPOLICY_MRSIGNER;
|
||||||
|
|
||||||
|
let attribute_mask = sgx_attributes_t {
|
||||||
|
flags: TSEAL_DEFAULT_FLAGSMASK,
|
||||||
|
xfrm: 0,
|
||||||
|
};
|
||||||
|
|
||||||
|
let misc_mask: sgx_misc_select_t = TSEAL_DEFAULT_MISCMASK;
|
||||||
|
|
||||||
|
let key_id = sgx_key_id_t::default();
|
||||||
|
|
||||||
|
let mut key = sgx_key_128bit_t::default();
|
||||||
|
let key_request = sgx_key_request_t {
|
||||||
|
key_name: SGX_KEYSELECT_SEAL,
|
||||||
|
key_policy,
|
||||||
|
isv_svn: report_body.isv_svn,
|
||||||
|
reserved1: 0_u16,
|
||||||
|
cpu_svn: report_body.cpu_svn,
|
||||||
|
attribute_mask,
|
||||||
|
key_id,
|
||||||
|
misc_mask,
|
||||||
|
config_svn: report_body.config_svn,
|
||||||
|
reserved2: [0_u8; SGX_KEY_REQUEST_RESERVED2_BYTES],
|
||||||
|
};
|
||||||
|
|
||||||
|
utils_gen_key(handle, &mut key, &key_request);
|
||||||
|
|
||||||
|
dbg!(&key);
|
||||||
|
}
|
25
tools/toolchains/utils_lib/inc/occlum_utils.h
Normal file
25
tools/toolchains/utils_lib/inc/occlum_utils.h
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
#ifndef _OCCLUM_UTILS_H
|
||||||
|
#define _OCCLUM_UTILS_H
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
#include "sgx_report.h"
|
||||||
|
#include "sgx_qve_header.h"
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C"
|
||||||
|
{
|
||||||
|
#endif
|
||||||
|
|
||||||
|
void *utils_ioctl_open(void);
|
||||||
|
|
||||||
|
int32_t utils_gen_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request);
|
||||||
|
|
||||||
|
void utils_ioctl_close(void *handle);
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif
|
1
tools/toolchains/utils_lib/rust-toolchain
Normal file
1
tools/toolchains/utils_lib/rust-toolchain
Normal file
@ -0,0 +1 @@
|
|||||||
|
nightly-2022-10-22
|
42
tools/toolchains/utils_lib/src/lib.rs
Normal file
42
tools/toolchains/utils_lib/src/lib.rs
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
mod occlum_utils;
|
||||||
|
mod prelude;
|
||||||
|
|
||||||
|
pub use crate::occlum_utils::*;
|
||||||
|
pub use crate::prelude::*;
|
||||||
|
|
||||||
|
#[no_mangle]
|
||||||
|
pub extern "C" fn utils_ioctl_open() -> *mut c_void {
|
||||||
|
if let Ok(fd) = UtilsIoctl::new() {
|
||||||
|
Box::into_raw(Box::new(fd)) as *mut c_void
|
||||||
|
} else {
|
||||||
|
std::ptr::null_mut::<u8>() as *mut c_void
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[no_mangle]
|
||||||
|
pub extern "C" fn utils_gen_key(
|
||||||
|
handle: *mut c_void,
|
||||||
|
key: *mut sgx_key_128bit_t,
|
||||||
|
key_request: *const sgx_key_request_t,
|
||||||
|
) -> i32 {
|
||||||
|
if handle.is_null() {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
let ioctl_dev = unsafe { &mut *(handle as *mut UtilsIoctl) };
|
||||||
|
|
||||||
|
let mut key_arg = IoctlGetKeyArg { key_request, key };
|
||||||
|
|
||||||
|
ioctl_dev.generate_key(&mut key_arg).unwrap_or(-1)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[no_mangle]
|
||||||
|
pub extern "C" fn utils_ioctl_close(handle: *mut c_void) {
|
||||||
|
if handle.is_null() {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
let ioctl_dev = unsafe { &mut *(handle as *mut UtilsIoctl) };
|
||||||
|
|
||||||
|
ioctl_dev.close();
|
||||||
|
}
|
59
tools/toolchains/utils_lib/src/occlum_utils.rs
Normal file
59
tools/toolchains/utils_lib/src/occlum_utils.rs
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
use crate::prelude::*;
|
||||||
|
use std::ffi::CString;
|
||||||
|
|
||||||
|
const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b;
|
||||||
|
|
||||||
|
cfg_if::cfg_if! {
|
||||||
|
if #[cfg(target_env = "musl")] {
|
||||||
|
const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32;
|
||||||
|
} else {
|
||||||
|
const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs
|
||||||
|
#[repr(C)]
|
||||||
|
pub struct IoctlGetKeyArg {
|
||||||
|
pub key_request: *const sgx_key_request_t, // Input
|
||||||
|
pub key: *mut sgx_key_128bit_t, // Output
|
||||||
|
}
|
||||||
|
|
||||||
|
pub struct UtilsIoctl {
|
||||||
|
fd: c_int,
|
||||||
|
// for backward compatibility with DcapQuote
|
||||||
|
_quote_size: u32,
|
||||||
|
_supplemental_size: u32,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl UtilsIoctl {
|
||||||
|
pub fn new() -> Result<Self, Error> {
|
||||||
|
let path = CString::new("/dev/sgx").unwrap();
|
||||||
|
let fd = unsafe { libc::open(path.as_ptr(), O_RDONLY) };
|
||||||
|
if fd > 0 {
|
||||||
|
Ok(Self {
|
||||||
|
fd,
|
||||||
|
_quote_size: 0,
|
||||||
|
_supplemental_size: 0,
|
||||||
|
})
|
||||||
|
} else {
|
||||||
|
let os_err = Error::last_os_error();
|
||||||
|
println!("OS error: {os_err:?}");
|
||||||
|
Err(os_err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub(crate) fn generate_key(&mut self, key_arg: *mut IoctlGetKeyArg) -> Result<i32, Error> {
|
||||||
|
let ret = unsafe { libc::ioctl(self.fd, IOCTL_CMD_NUM_KEY, key_arg) };
|
||||||
|
if ret < 0 {
|
||||||
|
let os_err = Error::last_os_error();
|
||||||
|
println!("OS error: {os_err:?}");
|
||||||
|
Err(os_err)
|
||||||
|
} else {
|
||||||
|
Ok(0)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn close(&mut self) {
|
||||||
|
unsafe { libc::close(self.fd) };
|
||||||
|
}
|
||||||
|
}
|
6
tools/toolchains/utils_lib/src/prelude.rs
Normal file
6
tools/toolchains/utils_lib/src/prelude.rs
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
pub use libc::{c_int, c_void, close, ioctl, open, O_RDONLY};
|
||||||
|
pub use std::boxed::Box;
|
||||||
|
pub use std::io::Error;
|
||||||
|
|
||||||
|
// Defined in "occlum/deps/rust-sgx-sdk/sgx_types"
|
||||||
|
pub use sgx_types::{sgx_key_128bit_t, sgx_key_request_t};
|
Loading…
Reference in New Issue
Block a user