Fix some nitpicks and letfovers from other PRs #2075
Conversation
There was a problem hiding this comment.
Reviewed 6 of 6 files at r1, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: ITL) (waiting on @mkow)
pal/src/host/linux-sgx/host_framework.c line 19 at r1 (raw file):
/* DCAP and upstreamed version used different paths in the past. */ "/dev/sgx_enclave", "/dev/sgx/enclave",
This one probably shouldn't go, it's the one from original DCAP driver, but still compatible, and there's no reason to remove it. Unless we want to instruct people to add custom udev rule if they use old DCAP driver, that will SYMLINK+= it.
python/gramine-sgx-sigstruct-view line 52 at r1 (raw file):
json.dump(sig_readable, output_txt, indent=4) else: # plaintext format imitates the legacy output of `gramine-sgx-get-token` tool
We've discussed it and resolved that it should remain, because it's still correct that this imitates this (now non-existent) tool: https://reviewable.io/reviews/gramineproject/gramine/2061#-OC6W8vl-J2dK3hV7s4S
There was a problem hiding this comment.
Reviewed 5 of 6 files at r1, all commit messages.
Reviewable status: all files reviewed, 3 unresolved discussions, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: ITL) (waiting on @mkow and @woju)
pal/src/host/linux-sgx/host_framework.c line 19 at r1 (raw file):
Previously, woju (Wojtek Porczyk) wrote…
This one probably shouldn't go, it's the one from original DCAP driver, but still compatible, and there's no reason to remove it. Unless we want to instruct people to add custom udev rule if they use old DCAP driver, that will
SYMLINK+=it.
To me, it's okay to remove this logic if we instruct people to use the new DCAP driver. Potentially, we can add a warning if "/dev/sgx_enclave" does not exist in the system, but "/dev/sgx/enclave" does.
pal/src/host/linux-sgx/host_framework.c line 35 at r1 (raw file):
} log_error("Cannot open SGX driver device. Please make sure you're using an up-to-date kernel " "or the standalone Intel SGX kernel module is loaded.");
Why not keep this warning in case "/dev/sgx_enclave" does not exist? (i.e., ret = -ENOENT)? This warning is more informative and provide instructions to remedy the issue.
There was a problem hiding this comment.
Reviewable status: all files reviewed, 3 unresolved discussions, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: ITL) (waiting on @chiache and @woju)
pal/src/host/linux-sgx/host_framework.c line 19 at r1 (raw file):
Previously, chiache (Chia-Che Tsai) wrote…
To me, it's okay to remove this logic if we instruct people to use the new DCAP driver. Potentially, we can add a warning if "/dev/sgx_enclave" does not exist in the system, but "/dev/sgx/enclave" does.
But I think we don't support kernels without the SGX driver built-in, which is incompatible with the DCAP driver?
Also, dropping the support has one more advantage IMO - we won't accidentally get bug reports for Gramine running on the older driver :)
pal/src/host/linux-sgx/host_framework.c line 35 at r1 (raw file):
Previously, chiache (Chia-Che Tsai) wrote…
Why not keep this warning in case "/dev/sgx_enclave" does not exist? (i.e., ret = -ENOENT)? This warning is more informative and provide instructions to remedy the issue.
But the error above has all this info, excluding the deprecated part? There's no mention about updating the kernel, because all the supported distros already have it.
python/gramine-sgx-sigstruct-view line 52 at r1 (raw file):
Previously, woju (Wojtek Porczyk) wrote…
We've discussed it and resolved that it should remain, because it's still correct that this imitates this (now non-existent) tool: https://reviewable.io/reviews/gramineproject/gramine/2061#-OC6W8vl-J2dK3hV7s4S
Ah, I missed that discussion. But why would we keep this comment if this tool doesn't exist anymore? It doesn't give the reader any useful information?
There was a problem hiding this comment.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @woju)
pal/src/host/linux-sgx/host_framework.c line 19 at r1 (raw file):
Previously, mkow (Michał Kowalczyk) wrote…
But I think we don't support kernels without the SGX driver built-in, which is incompatible with the DCAP driver?
Also, dropping the support has one more advantage IMO - we won't accidentally get bug reports for Gramine running on the older driver :)
I understand we don't support kernels without the SGX driver, but for usability, I think it's useful to provide warning message or hints to users who are using a wrong or incompatible kernel.
pal/src/host/linux-sgx/host_framework.c line 35 at r1 (raw file):
Previously, mkow (Michał Kowalczyk) wrote…
But the error above has all this info, excluding the deprecated part? There's no mention about updating the kernel, because all the supported distros already have it.
I think for backward compatibility reasons, some users may be running on an older kernel that do not have this feature. In that case, they will at least know how to fix it, instead of contacting us in the channel.
Anyhow, I am not blocking this PR, but I think in general we can try to provide more warning or hint to users even if they are not exactly following our instructions.
There was a problem hiding this comment.
Reviewable status: 5 of 6 files reviewed, 2 unresolved discussions, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: ITL), "fixup! " found in commit messages' one-liners (waiting on @woju)
pal/src/host/linux-sgx/host_framework.c line 19 at r1 (raw file):
Previously, chiache (Chia-Che Tsai) wrote…
I understand we don't support kernels without the SGX driver, but for usability, I think it's useful to provide warning message or hints to users who are using a wrong or incompatible kernel.
Ok, makes sense, I added more information to this error, please check now :)
pal/src/host/linux-sgx/host_framework.c line 35 at r1 (raw file):
Previously, chiache (Chia-Che Tsai) wrote…
I think for backward compatibility reasons, some users may be running on an older kernel that do not have this feature. In that case, they will at least know how to fix it, instead of contacting us in the channel.
Anyhow, I am not blocking this PR, but I think in general we can try to provide more warning or hint to users even if they are not exactly following our instructions.
Added, see above.
There was a problem hiding this comment.
Reviewed 1 of 1 files at r2.
Reviewable status: all files reviewed, 2 unresolved discussions, "fixup! " found in commit messages' one-liners (waiting on @woju)
There was a problem hiding this comment.
Reviewed 5 of 6 files at r1, 1 of 1 files at r2, all commit messages.
Reviewable status: all files reviewed, 3 unresolved discussions, "fixup! " found in commit messages' one-liners (waiting on @mkow and @woju)
-- commits line 3 at r2:
-> deprecation? Can be fixed during rebase.
Code quote:
depreciation
There was a problem hiding this comment.
Reviewed 1 of 1 files at r2, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions, "fixup! " found in commit messages' one-liners (waiting on @mkow)
python/gramine-sgx-sigstruct-view line 52 at r1 (raw file):
Previously, mkow (Michał Kowalczyk) wrote…
Ah, I missed that discussion. But why would we keep this comment if this tool doesn't exist anymore? It doesn't give the reader any useful information?
It served as a poor man's style guide. When doing or redoing such tools we'll need a minimal guidance. Possibly this one, *-sigstruct-view, could from now be the reference style? Can we write this down somewhere in Documentation?
There was a problem hiding this comment.
Reviewable status: all files reviewed, 2 unresolved discussions, "fixup! " found in commit messages' one-liners (waiting on @woju)
python/gramine-sgx-sigstruct-view line 52 at r1 (raw file):
Possibly this one,
*-sigstruct-view, could from now be the reference style?
Sure, fine with me.
Can we write this down somewhere in
Documentation?
Hmm, but where? Style guide, in a new section, "output formats"? Or somewhere else?
There was a problem hiding this comment.
Reviewable status: all files reviewed, 2 unresolved discussions, "fixup! " found in commit messages' one-liners (waiting on @mkow and @woju)
python/gramine-sgx-sigstruct-view line 52 at r1 (raw file):
Possibly this one,
*-sigstruct-view, could from now be the reference style?
+1
Style guide, in a new section, "output formats"?
+1
There was a problem hiding this comment.
Reviewable status: all files reviewed, 2 unresolved discussions, "fixup! " found in commit messages' one-liners (waiting on @kailun-qin and @mkow)
python/gramine-sgx-sigstruct-view line 52 at r1 (raw file):
Previously, kailun-qin (Kailun Qin) wrote…
Possibly this one,
*-sigstruct-view, could from now be the reference style?+1
Style guide, in a new section, "output formats"?
+1
Certainly not a new document. Existing style guide is fine I think, or https://gramine.readthedocs.io/en/stable/devel/contributing.html, but the latter one seems too high-level to me.
mkow
force-pushed
the
mkow/random-leftovers
branch
from
ccb1ae8 to
7753ff1
Compare
Signed-off-by: Michał Kowalczyk <[email protected]>
Signed-off-by: Michał Kowalczyk <[email protected]>
mkow
force-pushed
the
mkow/random-leftovers
branch
from
7753ff1 to
ef48c72
Compare
There was a problem hiding this comment.
FYI: I had to rebase the PR so the docs can successfully build, but the fixup commits were trivial, so it shouldn't be too annoying for you.
Reviewable status: 6 of 7 files reviewed, 2 unresolved discussions, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: ITL) (waiting on @kailun-qin and @woju)
Previously, kailun-qin (Kailun Qin) wrote…
->
deprecation? Can be fixed during rebase.
Done.
python/gramine-sgx-sigstruct-view line 52 at r1 (raw file):
Previously, woju (Wojtek Porczyk) wrote…
Certainly not a new document. Existing style guide is fine I think, or https://gramine.readthedocs.io/en/stable/devel/contributing.html, but the latter one seems too high-level to me.
Done, check now.
There was a problem hiding this comment.
Reviewed 1 of 1 files at r3, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from different teams (1 more required, approved so far: ITL) (waiting on @kailun-qin)
python/gramine-sgx-sigstruct-view line 52 at r1 (raw file):
Previously, mkow (Michał Kowalczyk) wrote…
Done, check now.
Nice, LGTM.
There was a problem hiding this comment.
Reviewed 1 of 1 files at r3, all commit messages.
Reviewable status:complete! all files reviewed, all discussions resolved
Description of the changes
See the commits.
How to test this PR?
CI.
This change is