Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rune/libenclave: preliminary design of libenclave API #391

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

rune/libenclave: preliminary design of libenclave API #391

wants to merge 2 commits into from

Conversation

uudiin
Copy link
Collaborator

@uudiin uudiin commented Dec 9, 2020

As a general Enclave container service, inclavare-containers needs to
support various Enclave forms implemented by software and hardware. It
is necessary to abstract a set of API interfaces that support various
Enclave forms as much as possible.

Fixes: #381

Signed-off-by: Tianjia Zhang [email protected]

hustliyilin
hustliyilin reviewed Dec 9, 2020
View reviewed changes
Copy link
Collaborator

@hustliyilin hustliyilin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rune/libenclave/internal/runtime/libenclave_v1.pb.go also needs to be added in this commit.

jiazhang0
jiazhang0 requested changes Dec 10, 2020
View reviewed changes
rune/libenclave/internal/runtime/libenclave_v1.proto Outdated
bool isRA = 2;
string spid = 3;
string subscriptionKey = 4;
string quoteType = 5;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need a ra type parameter instead of the details. Spid, subkey and quoteType all are specific to EPID remote attestation for SGX.

rune/libenclave/internal/runtime/libenclave_v1.proto Outdated Show resolved Hide resolved
@uudiin uudiin added documentation Improvements or additions to documentation enhancement New feature or request high The additional priority high for the specified entity labels Dec 10, 2020
@uudiin
Copy link
Collaborator Author

uudiin commented Dec 10, 2020

rune/libenclave/internal/runtime/libenclave_v1.pb.go also needs to be added in this commit.

I will add .pb.go file until the final version

jiazhang0
jiazhang0 requested changes Dec 10, 2020
View reviewed changes
rune/libenclave/internal/runtime/libenclave_v1.proto Outdated
string stdout = 4;
string stderr = 5;
/* Only for vm-based enclave, cpus, memory, kernel, vsock */
optional map<string, string> vmconfigs = 6;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This mapping is for various enclave type, so it is required to add a string enclaveType parameter to determine the exact format of map.

rune/libenclave/internal/runtime/libenclave_v1.proto Outdated

message AttestRequest {
string id = 1;
bool isRA = 2;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove this argument.

rune/libenclave/internal/runtime/libenclave_v1.proto Outdated
string id = 1;
bool isRA = 2;
oneof args {
message la {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rename to sgx_epid_ra

rune/libenclave/internal/runtime/libenclave_v1.proto Outdated
string subscriptionKey = 4;
string quoteType = 5;
}
message ra {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rename to Rename to sgx_la

@jiazhang0 jiazhang0 added this to In progress in backlog Dec 14, 2020
@haosanzi haosanzi added testing-before-checkin Integration test before pull request is merged and removed testing-before-checkin Integration test before pull request is merged labels Dec 15, 2020
@uudiin
rune: introduce libvirt-go vendor
a97f02c 
Signed-off-by: Tianjia Zhang <[email protected]>
@uudiin
rune/libenclave: enclave runtime use new libenclave API
6f8c8c2 
Design and implement the new libenclave API. Based on the libenclave
API to realize the vm-based enclave type, mainly through compatibility
with libvirt.

Fixes: inclavare-containers#381

Signed-off-by: Tianjia Zhang <[email protected]>
@hustliyilin hustliyilin added testing-before-checkin Integration test before pull request is merged and removed testing-before-checkin Integration test before pull request is merged labels Dec 18, 2020
hustliyilin
hustliyilin reviewed Dec 18, 2020
View reviewed changes
Copy link
Collaborator

@hustliyilin hustliyilin left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix compile check error first.

@jiazhang0 jiazhang0 added epic New feature to develop medium The additional priority medium for the specified entity and removed enhancement New feature or request high The additional priority high for the specified entity labels Dec 28, 2020
@jiazhang0 jiazhang0 removed this from In progress in backlog Dec 28, 2020
@jiazhang0 jiazhang0 added this to In progress in rune development Dec 28, 2020
@jiazhang0 jiazhang0 added this to the 0.7.0 milestone Dec 28, 2020
@jiazhang0 jiazhang0 removed the request for review from haosanzi December 28, 2020 13:59
@jiazhang0 jiazhang0 requested review from hustliyilin and removed request for jiazhang0 and hustliyilin December 28, 2020 13:59
hustliyilin
hustliyilin reviewed Dec 28, 2020
View reviewed changes
rune/libenclave/internal/runtime/enclave_runtime.go
}

func (rt *EnclaveRuntimeWrapper) LaunchAttestation(isRA bool, spid string, subscriptionKey string, quoteType uint32) ([]byte, error) {
logrus.Debugf("attesting enclave runtime")

return rt.runtime.Attest(isRA, spid, subscriptionKey, quoteType)
return nil, rt.runtime.Attest(rt.enclaveId /*, isRA, spid, subscriptionKey, quoteType*/)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change to return nil, rt.runtime.Attest(rt.enclaveId, isRA, spid, subscriptionKey, quoteType)

@jiazhang0 jiazhang0 added the rfc Request for comments label Dec 31, 2020
@jiazhang0 jiazhang0 added this to To do in vSGX development via automation Jan 7, 2021
@jiazhang0 jiazhang0 removed this from In progress in rune development Jan 7, 2021
@jiazhang0 jiazhang0 added this to In progress in rune development via automation Jan 13, 2021
@jiazhang0 jiazhang0 removed this from To do in vSGX development Jan 13, 2021
@jiazhang0 jiazhang0 modified the milestones: 0.6.1, 0.7.0 Feb 6, 2021
@jiazhang0 jiazhang0 modified the milestones: 0.6.1, 0.7.0 Mar 5, 2021
@jiazhang0 jiazhang0 force-pushed the master branch 3 times, most recently from f8ef511 to 6fe93a2 Compare March 10, 2021 14:59
@jiazhang0 jiazhang0 removed this from the 0.6.2 milestone May 21, 2021
@jiazhang0 jiazhang0 force-pushed the master branch 4 times, most recently from dc7eb97 to 1cd8c12 Compare May 26, 2021 08:21
@jiazhang0 jiazhang0 moved this from In progress to To do in rune development Jun 18, 2021
@jiazhang0 jiazhang0 removed medium The additional priority medium for the specified entity epic New feature to develop labels Nov 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hustliyilin hustliyilin hustliyilin left review comments

@jiazhang0 jiazhang0 jiazhang0 requested changes

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation rfc Request for comments
Projects
rune development
To do
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Design and implement libenclave API
4 participants
@uudiin @hustliyilin @jiazhang0 @haosanzi