-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rune/libenclave: preliminary design of libenclave API #391
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rune/libenclave/internal/runtime/libenclave_v1.pb.go
also needs to be added in this commit.
bool isRA = 2; | ||
string spid = 3; | ||
string subscriptionKey = 4; | ||
string quoteType = 5; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need a ra type parameter instead of the details. Spid, subkey and quoteType all are specific to EPID remote attestation for SGX.
d5fb364
to
d11e6f9
Compare
I will add .pb.go file until the final version |
string stdout = 4; | ||
string stderr = 5; | ||
/* Only for vm-based enclave, cpus, memory, kernel, vsock */ | ||
optional map<string, string> vmconfigs = 6; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This mapping is for various enclave type, so it is required to add a string enclaveType parameter to determine the exact format of map.
|
||
message AttestRequest { | ||
string id = 1; | ||
bool isRA = 2; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove this argument.
string id = 1; | ||
bool isRA = 2; | ||
oneof args { | ||
message la { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rename to sgx_epid_ra
string subscriptionKey = 4; | ||
string quoteType = 5; | ||
} | ||
message ra { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rename to Rename to sgx_la
Signed-off-by: Tianjia Zhang <[email protected]>
Design and implement the new libenclave API. Based on the libenclave API to realize the vm-based enclave type, mainly through compatibility with libvirt. Fixes: inclavare-containers#381 Signed-off-by: Tianjia Zhang <[email protected]>
d11e6f9
to
6f8c8c2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix compile check
error first.
} | ||
|
||
func (rt *EnclaveRuntimeWrapper) LaunchAttestation(isRA bool, spid string, subscriptionKey string, quoteType uint32) ([]byte, error) { | ||
logrus.Debugf("attesting enclave runtime") | ||
|
||
return rt.runtime.Attest(isRA, spid, subscriptionKey, quoteType) | ||
return nil, rt.runtime.Attest(rt.enclaveId /*, isRA, spid, subscriptionKey, quoteType*/) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
change to return nil, rt.runtime.Attest(rt.enclaveId, isRA, spid, subscriptionKey, quoteType)
f8ef511
to
6fe93a2
Compare
dc7eb97
to
1cd8c12
Compare
As a general Enclave container service, inclavare-containers needs to
support various Enclave forms implemented by software and hardware. It
is necessary to abstract a set of API interfaces that support various
Enclave forms as much as possible.
Fixes: #381
Signed-off-by: Tianjia Zhang [email protected]