Skip to content

v1.7
Compare
Choose a tag to compare
@woju woju released this 24 Apr 15:29
· 137 commits to master since this release
v1.7
This tag was signed with the committer’s verified signature.
woju Wojtek Porczyk
GPG key ID: 044D9664E7A77E16
Learn about vigilant mode.
10e9353
This commit was signed with the committer’s verified signature.
woju Wojtek Porczyk
GPG key ID: 044D9664E7A77E16
Learn about vigilant mode.

Important changes

This change log covers the changes since the last release.

New features

  • Added secure implementation of eventfd.
    • All examples are updated to use this secure implementation by default, i.e. sys.insecure__allow_eventfd is not needed anymore.
    • The sys.insecure__allow_eventfd manifest option is still available, for rare cases where (insecure) multi-process support is required.
    • Certain workloads may experience slight performance degradation due to the new secure eventfd implementation, in comparison to the previous insecure eventfd implementation; the Gramine team is investigating whether this performance degradation can be alleviated.
  • Added unconditional removal of encrypted files.
    • Previously, it was impossible to remove an encrypted file which became corrupted or inaccessible (e.g. because the encryption key was changed).
    • This feature is useful in cases of e.g. sudden power outage which leaves the file in inconsistent state.
  • Added support for arbitrary truncation of encrypted files.
    • Previously, it was possible to truncate an encrypted file only to size 0.
  • Added gramine-manifest-check tool that checks manifest for conformance with schema, and a built-in check in gramine-manifest tool.
    • This will become breaking: the check is currently enabled in warning-only mode, but starting from v1.8, the check will be enabled in hard-error mode by default and might fail on previously-working manifests. Use --no-check to suppress.

Miscellaneous

Installation instructions

If you are updating from v1.6.x:

  • apt-get update && apt-get upgrade for Debian/Ubuntu
  • dnf update for AlmaLinux and compatible

If you are not updating, then to install Gramine v1.7, follow the distribution-specific commands in the respective section below. The same instructions can be found in our documentation.

If you prefer to build the sources yourself, please follow the building instructions from our documentation.

Debian 12:

sudo curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
| sudo tee /etc/apt/sources.list.d/gramine.list

sudo curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" \
| sudo tee /etc/apt/sources.list.d/intel-sgx.list

sudo apt-get update
sudo apt-get install gramine

Debian 11:

# if you don't already have backports repo enabled:
echo "deb http://deb.debian.org/debian $(lsb_release -sc)-backports main" \
| sudo tee /etc/apt/sources.list.d/backports.list

sudo curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
| sudo tee /etc/apt/sources.list.d/gramine.list

sudo curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" \
| sudo tee /etc/apt/sources.list.d/intel-sgx.list

sudo apt-get update
sudo apt-get install gramine

Ubuntu 22.04 LTS, 20.04 LTS:

sudo curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
| sudo tee /etc/apt/sources.list.d/gramine.list

sudo curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -sc) main" \
| sudo tee /etc/apt/sources.list.d/intel-sgx.list

sudo apt-get update
sudo apt-get install gramine

AlmaLinux and other compatible distros, versions 9 and 8:

  1. Install EPEL repository as described here: https://docs.fedoraproject.org/en-US/epel/
  2. Install Gramine:
# first time you need to confirm the key fingerprint, which should be F3FFBE5FC0477DB46E4851E737B04F03659B87AF
sudo curl -fsSLo /etc/yum.repos.d/gramine.repo https://packages.gramineproject.io/rpm/gramine.repo
sudo dnf install gramine

Alpine Linux

Packages and repositories for Alpine Linux are not published, but you can compile the packages using APKBUILD in packages/alpine subdirectory.

Assets 7
Loading