-
Notifications
You must be signed in to change notification settings - Fork 93
Gramine Integartion with Avalon #775
base: main
Are you sure you want to change the base?
Conversation
324b2c5
to
b445a2e
Compare
echo $LIST_MANIFEST_FILES | ||
|
||
MANIFEST_FILE="${TCF_HOME}tc/graphene/python_worker/graphene_sgx/manifest/avalon.manifest" | ||
echo $MANIFEST_FILE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to print manifest filename? You could remove if added for debugging.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added for debugging purpose, removed now
|
||
# Build image | ||
echo "Build unsigned GSC image" | ||
./gsc build --insecure-args $IMAGE_NAME $LIST_MANIFEST_FILES | ||
sudo ./gsc build --insecure-args $IMAGE_NAME $MANIFEST_FILE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why sudo needed here? gsc binary should run with user permission itself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, sudo is not required. gsc runs with user permission, tested with gramine production release.
Removed sudo, in all the gsc build scripts
sudo ./gsc sign-image $IMAGE_NAME $SIGN_KEY_FILE | ||
|
||
# Retrieve SGX-related information from graphenized image using gsc info-image | ||
# sudo ./gsc info-image $IMAGE_NAME |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove commented lines.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed
@@ -0,0 +1,34 @@ | |||
#!/usr/bin/env python | |||
|
|||
# Copyright 2020 Intel Corporation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
change copyright to 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated the copyright to 2021
enclave_manager/Dockerfile-graphene
Outdated
@@ -167,7 +167,7 @@ COPY ./enclave_manager/Makefile-graphene /project/avalon/enclave_manager/ | |||
COPY ./enclave_manager/avalon_enclave_manager/*.py /project/avalon/enclave_manager/avalon_enclave_manager/ | |||
COPY ./enclave_manager/avalon_enclave_manager/${ENCLAVE_TYPE} /project/avalon/enclave_manager/avalon_enclave_manager/${ENCLAVE_TYPE} | |||
COPY ./enclave_manager/avalon_enclave_manager/wpe_common /project/avalon/enclave_manager/avalon_enclave_manager/wpe_common | |||
COPY ./wpe_mr_enclave.txt /project/avalon/ | |||
# COPY ./wpe_mr_enclave.txt /project/avalon/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove the line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed
done | ||
echo $LIST_MANIFEST_FILES | ||
|
||
MANIFEST_FILE="./avalon.manifest" #"${TCF_HOME}tc/graphene/python_worker/graphene_sgx/manifest/python.manifest" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
its better to address file with absolute path than relative path, it leads to bugs if run from different paths
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed the file with absolute path.
|
||
# Build image | ||
echo "Build unsigned GSC image" | ||
./gsc build --insecure-args $IMAGE_NAME $LIST_MANIFEST_FILES | ||
sudo ./gsc build --insecure-args $IMAGE_NAME $MANIFEST_FILE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove sudo here and everywhere
@manju956, Have addressed all the review comments and appended the changes to the same commit itself. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good
DCO check failed. Include sign-off while creating commit and push |
This PR has the changes required to integrate @Gramine with Avalon.
Changes includes: