diff --git a/cczoo/common/docker/gramine/configs/root/start_aesm_service.sh b/cczoo/common/docker/gramine/configs/root/start_aesm_service.sh new file mode 100755 index 00000000..e9a60e7a --- /dev/null +++ b/cczoo/common/docker/gramine/configs/root/start_aesm_service.sh @@ -0,0 +1,24 @@ +# +# Copyright (c) 2022 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +unset http_proxy https_proxy + +# Start AESM service required by Intel SGX SDK if it is not running +if ! pgrep "aesm_service" > /dev/null ; then + mkdir -p /var/run/aesmd + LD_LIBRARY_PATH="/opt/intel/sgx-aesm-service/aesm:$LD_LIBRARY_PATH" /opt/intel/sgx-aesm-service/aesm/aesm_service +fi diff --git a/cczoo/grpc-ra-tls/README.md b/cczoo/grpc-ra-tls/README.md index 1f159dd7..3f901188 100644 --- a/cczoo/grpc-ra-tls/README.md +++ b/cczoo/grpc-ra-tls/README.md @@ -114,8 +114,7 @@ images for developing the gRPC RA-TLS application. ./build_docker_image.sh ${base_image} ${image_tag} ``` - `gramine-sgx-dev:v1.2-ubuntu20.04-latest` and `gramine-sgx-dev:v1.2-ubuntu-20.04-latest` - + `gramine-sgx-dev:v1.2-ubuntu20.04-latest` and `gramine-sgx-dev:v1.2-ubuntu-20.04-latest` could be selected as base_image. - On Occlum @@ -128,7 +127,8 @@ images for developing the gRPC RA-TLS application. ./build_docker_image.sh ${base_image} ${image_tag} ``` - `occlum-sgx-dev:0.26.3-ubuntu18.04` and `occlum-sgx-dev:0.26.3-ubuntu20.04` could be selected as base_image. + `occlum-sgx-dev:0.26.3-ubuntu18.04` and `occlum-sgx-dev:0.26.3-ubuntu20.04` + could be selected as base_image. ## Config the remote attestation diff --git a/cczoo/grpc-ra-tls/gramine/CI-Examples/grpc/python/ratls/python.manifest.template b/cczoo/grpc-ra-tls/gramine/CI-Examples/grpc/python/ratls/python.manifest.template index e49ba571..ed93c3d4 100644 --- a/cczoo/grpc-ra-tls/gramine/CI-Examples/grpc/python/ratls/python.manifest.template +++ b/cczoo/grpc-ra-tls/gramine/CI-Examples/grpc/python/ratls/python.manifest.template @@ -40,7 +40,8 @@ fs.mounts = [ { type = "tmpfs", path = "/var/tmp" }, { path = "{{ python.stdlib }}", uri = "file:{{ python.stdlib }}" }, { path = "{{ python.distlib }}", uri = "file:{{ python.distlib }}" }, - { path = "/usr/local/lib/python3.8/dist-packages/", uri = "file:/usr/local/lib/python3.8/dist-packages/" } + #{ path = "/usr/local/lib/python3.6/dist-packages/", uri = "file:/usr/local/lib/python3.6/dist-packages/" } # for ubuntu:18.04 + { path = "/usr/local/lib/python3.8/dist-packages/", uri = "file:/usr/local/lib/python3.8/dist-packages/" } # for ubuntu:20.04 ] sgx.debug = false @@ -62,8 +63,8 @@ sgx.trusted_files = [ "file:/usr/{{ arch_libdir }}/", "file:{{ python.stdlib }}/", "file:{{ python.distlib }}/", - #"file:/usr/local/lib/python3.6/dist-packages/", - "file:/usr/local/lib/python3.8/dist-packages/", + #"file:/usr/local/lib/python3.6/dist-packages/", # for ubuntu:18.04 + "file:/usr/local/lib/python3.8/dist-packages/", # for ubuntu:20.04 "file:/etc/ssl/certs/ca-certificates.crt", "file:server.py", "file:client.py", diff --git a/cczoo/grpc-ra-tls/grpc/common/build_cpp.sh b/cczoo/grpc-ra-tls/grpc/common/build_cpp.sh index ade6dbf5..f4c73cc8 100755 --- a/cczoo/grpc-ra-tls/grpc/common/build_cpp.sh +++ b/cczoo/grpc-ra-tls/grpc/common/build_cpp.sh @@ -22,12 +22,6 @@ if [ -z ${BUILD_TYPE} ]; then fi if [ -z ${SGX_RA_TLS_BACKEND} ]; then -<<<<<<< HEAD -======= -<<<<<<< HEAD:cczoo/attestation-secret-provision/grpc_overlay/common/build_cpp.sh - export SGX_RA_TLS_BACKEND=GRAMINE # GRAMINE,OCCLUM,TDX,DUMMY -======= ->>>>>>> branch0.1/grpc-ra-tls export SGX_RA_TLS_BACKEND=GRAMINE # GRAMINE,OCCLUM,DUMMY fi @@ -35,10 +29,6 @@ if [ -z ${SGX_RA_TLS_SDK} ]; then export SGX_RA_TLS_SDK=DEFAULT # DEFAULT,LIBRATS elif [ "${SGX_RA_TLS_SDK}" == "LIBRATS" ]; then ${GRPC_PATH}/build_librats_sdk.sh -<<<<<<< HEAD -======= ->>>>>>> branch0.1/grpc-ra-tls:cczoo/grpc-ra-tls/grpc/common/build_cpp.sh ->>>>>>> branch0.1/grpc-ra-tls fi # build and install abseil library @@ -68,14 +58,7 @@ cmake -DgRPC_INSTALL=ON \ -DgRPC_BUILD_GRPC_RUBY_PLUGIN=OFF \ -DCMAKE_BUILD_TYPE=${BUILD_TYPE} \ -DCMAKE_INSTALL_PREFIX=${INSTALL_PREFIX} \ -<<<<<<< HEAD -DSGX_RA_TLS_SDK=${SGX_RA_TLS_SDK} \ -======= -<<<<<<< HEAD:cczoo/attestation-secret-provision/grpc_overlay/common/build_cpp.sh -======= - -DSGX_RA_TLS_SDK=${SGX_RA_TLS_SDK} \ ->>>>>>> branch0.1/grpc-ra-tls:cczoo/grpc-ra-tls/grpc/common/build_cpp.sh ->>>>>>> branch0.1/grpc-ra-tls -DSGX_RA_TLS_BACKEND=${SGX_RA_TLS_BACKEND} \ .. make -j `nproc` diff --git a/cczoo/grpc-ra-tls/grpc/common/build_python.sh b/cczoo/grpc-ra-tls/grpc/common/build_python.sh index cc71e96b..932a5d68 100755 --- a/cczoo/grpc-ra-tls/grpc/common/build_python.sh +++ b/cczoo/grpc-ra-tls/grpc/common/build_python.sh @@ -39,7 +39,8 @@ cd - ldd ${GRPC_PATH}/python_build/lib.linux-x86_64-*/grpc/_cython/cygrpc.cpython-*-x86_64-linux-gnu.so -pip3 uninstall -y grpcio +# install grpc python wheel +pip3 uninstall -y grpcio protobuf pip3 install ${GRPC_PATH}/dist/*.whl pip3 install grpcio-tools==1.38.1 diff --git a/cczoo/grpc-ra-tls/occlum/demos/ra_tls/build_occlum_instance.sh b/cczoo/grpc-ra-tls/occlum/demos/ra_tls/build_occlum_instance.sh index 9f6485b1..d1271b52 100755 --- a/cczoo/grpc-ra-tls/occlum/demos/ra_tls/build_occlum_instance.sh +++ b/cczoo/grpc-ra-tls/occlum/demos/ra_tls/build_occlum_instance.sh @@ -42,12 +42,15 @@ build_instance() { mkdir -p image/usr/share/grpc cp -rf ${INSTALL_PREFIX}/share/grpc/* image/usr/share/grpc/ - cp ${OCCLUM_GLIBC}/libdl.so.2 image/${OCCLUM_GLIBC} - cp ${OCCLUM_GLIBC}/librt.so.1 image/${OCCLUM_GLIBC} - cp ${OCCLUM_GLIBC}/libm.so.6 image/${OCCLUM_GLIBC} - cp /lib/x86_64-linux-gnu/libtinfo.so.5 image/${OCCLUM_GLIBC} - cp /lib/x86_64-linux-gnu/libnss*.so.2 image/${OCCLUM_GLIBC} - cp /lib/x86_64-linux-gnu/libresolv.so.2 image/${OCCLUM_GLIBC} + cp ${OCCLUM_GLIBC}/libdl.so* image/${OCCLUM_GLIBC} + cp ${OCCLUM_GLIBC}/librt.so* image/${OCCLUM_GLIBC} + cp ${OCCLUM_GLIBC}/libm.so* image/${OCCLUM_GLIBC} + cp /usr/lib/x86_64-linux-gnu/libtinfo.so* image/${OCCLUM_GLIBC} + cp /usr/lib/x86_64-linux-gnu/libnss*.so* image/${OCCLUM_GLIBC} + cp /usr/lib/x86_64-linux-gnu/libresolv.so* image/${OCCLUM_GLIBC} + # cp /lib/x86_64-linux-gnu/libtinfo.so* image/${OCCLUM_GLIBC} + # cp /lib/x86_64-linux-gnu/libnss*.so* image/${OCCLUM_GLIBC} + # cp /lib/x86_64-linux-gnu/libresolv.so* image/${OCCLUM_GLIBC} cp -rf /etc/hostname image/etc/ cp -rf /etc/ssl image/etc/ cp -rf /etc/passwd image/etc/ diff --git a/documents/readthedoc/docs/source/Solutions/grpc-ra-tls/index.md b/documents/readthedoc/docs/source/Solutions/grpc-ra-tls/index.md index 1f159dd7..3f901188 100644 --- a/documents/readthedoc/docs/source/Solutions/grpc-ra-tls/index.md +++ b/documents/readthedoc/docs/source/Solutions/grpc-ra-tls/index.md @@ -114,8 +114,7 @@ images for developing the gRPC RA-TLS application. ./build_docker_image.sh ${base_image} ${image_tag} ``` - `gramine-sgx-dev:v1.2-ubuntu20.04-latest` and `gramine-sgx-dev:v1.2-ubuntu-20.04-latest` - + `gramine-sgx-dev:v1.2-ubuntu20.04-latest` and `gramine-sgx-dev:v1.2-ubuntu-20.04-latest` could be selected as base_image. - On Occlum @@ -128,7 +127,8 @@ images for developing the gRPC RA-TLS application. ./build_docker_image.sh ${base_image} ${image_tag} ``` - `occlum-sgx-dev:0.26.3-ubuntu18.04` and `occlum-sgx-dev:0.26.3-ubuntu20.04` could be selected as base_image. + `occlum-sgx-dev:0.26.3-ubuntu18.04` and `occlum-sgx-dev:0.26.3-ubuntu20.04` + could be selected as base_image. ## Config the remote attestation