From 76a5e0065b33120bd515b3a03832c2887549683a Mon Sep 17 00:00:00 2001
From: Juliette Pretot <julsh@google.com>
Date: Tue, 13 Feb 2024 14:50:14 +0000
Subject: [PATCH] Update restricted kernel oak functions to load via
 orchestrator

---
 justfile                                        |  6 ------
 .../benches/integration_benches.rs              |  6 ++++--
 .../tests/integration_test.rs                   | 12 ++++++++++--
 oak_launcher_utils/src/launcher.rs              | 17 ++++++++++-------
 oak_restricted_kernel/Cargo.toml                |  2 +-
 oak_restricted_kernel_bin/Cargo.toml            |  2 +-
 oak_restricted_kernel_launcher/README.md        |  2 +-
 7 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/justfile b/justfile
index bcea94cf6e1..4aff031a356 100644
--- a/justfile
+++ b/justfile
@@ -36,12 +36,6 @@ oak_restricted_kernel_simple_io_bin:
 oak_restricted_kernel_simple_io_wrapper: oak_restricted_kernel_simple_io_bin
     just _wrap_kernel oak_restricted_kernel_simple_io
 
-oak_restricted_kernel_initrd_bin:
-    env --chdir=oak_restricted_kernel_bin cargo build --release --features=initrd --bin=oak_restricted_kernel_initrd_bin
-
-oak_restricted_kernel_initrd_bin_wrapper: oak_restricted_kernel_initrd_bin
-    just _wrap_kernel oak_restricted_kernel_initrd
-
 stage0_bin:
     env --chdir=stage0_bin cargo objcopy --release -- --output-target=binary target/x86_64-unknown-none/release/stage0_bin
 
diff --git a/oak_functions_launcher/benches/integration_benches.rs b/oak_functions_launcher/benches/integration_benches.rs
index ed10e784ebc..f3ec955c92e 100644
--- a/oak_functions_launcher/benches/integration_benches.rs
+++ b/oak_functions_launcher/benches/integration_benches.rs
@@ -57,7 +57,9 @@ fn run_bench(b: &mut Bencher, config: &OakFunctionsTestConfig) {
             .to_str()
             .unwrap(),
     )));
-
+    let oak_restricted_kernel_orchestrator_app_path =
+        oak_functions_test_utils::build_rust_crate_enclave("oak_orchestrator")
+            .expect("Failed to build oak_orchestrator");
     let oak_functions_enclave_app_path =
         oak_functions_test_utils::build_rust_crate_enclave("oak_functions_enclave_app")
             .expect("Failed to build oak_functions_enclave_app");
@@ -81,7 +83,7 @@ fn run_bench(b: &mut Bencher, config: &OakFunctionsTestConfig) {
             "oak_stage0.bin",
         ]),
         gdb: None,
-        initrd: None,
+        initrd: oak_restricted_kernel_orchestrator_app_path.into(),
         memory_size: Some("256M".to_string()),
     };
     log::debug!("launcher params: {:?}", params);
diff --git a/oak_functions_launcher/tests/integration_test.rs b/oak_functions_launcher/tests/integration_test.rs
index 128f555a6d5..4ff79df88e2 100644
--- a/oak_functions_launcher/tests/integration_test.rs
+++ b/oak_functions_launcher/tests/integration_test.rs
@@ -137,6 +137,10 @@ async fn test_load_large_lookup_data() {
     ))
     .await;
 
+    let oak_restricted_kernel_orchestrator_app_path =
+        oak_functions_test_utils::build_rust_crate_enclave("oak_orchestrator")
+            .expect("Failed to build oak_orchestrator");
+
     let oak_functions_enclave_app_path =
         oak_functions_test_utils::build_rust_crate_enclave("oak_functions_enclave_app")
             .expect("Failed to build oak_functions_enclave_app");
@@ -160,7 +164,7 @@ async fn test_load_large_lookup_data() {
             "oak_stage0.bin",
         ]),
         gdb: None,
-        initrd: None,
+        initrd: oak_restricted_kernel_orchestrator_app_path.into(),
         memory_size: Some("256M".to_string()),
     };
     log::debug!("launcher params: {:?}", params);
@@ -234,6 +238,10 @@ async fn test_load_two_gib_lookup_data() {
     ))
     .await;
 
+    let oak_restricted_kernel_orchestrator_app_path =
+        oak_functions_test_utils::build_rust_crate_enclave("oak_orchestrator")
+            .expect("Failed to build oak_orchestrator");
+
     let oak_functions_enclave_app_path =
         oak_functions_test_utils::build_rust_crate_enclave("oak_functions_enclave_app")
             .expect("Failed to build oak_functions_enclave_app");
@@ -257,7 +265,7 @@ async fn test_load_two_gib_lookup_data() {
             "oak_stage0.bin",
         ]),
         gdb: None,
-        initrd: None,
+        initrd: oak_restricted_kernel_orchestrator_app_path.into(),
         memory_size: Some("256M".to_string()),
     };
     log::debug!("launcher params: {:?}", params);
diff --git a/oak_launcher_utils/src/launcher.rs b/oak_launcher_utils/src/launcher.rs
index 6411390ff20..ec0137503ea 100644
--- a/oak_launcher_utils/src/launcher.rs
+++ b/oak_launcher_utils/src/launcher.rs
@@ -71,7 +71,7 @@ pub struct Params {
 
     /// Path to the initrd image to use.
     #[arg(long, value_parser = path_exists, requires_all = &["kernel"])]
-    pub initrd: Option<PathBuf>,
+    pub initrd: PathBuf,
 }
 
 /// Checks if file with a given path exists.
@@ -186,12 +186,15 @@ impl Instance {
             cmd.arg("-S");
         }
 
-        if let Some(initrd) = params.initrd {
-            cmd.args([
-                "-initrd",
-                initrd.into_os_string().into_string().unwrap().as_str(),
-            ]);
-        }
+        cmd.args([
+            "-initrd",
+            params
+                .initrd
+                .into_os_string()
+                .into_string()
+                .unwrap()
+                .as_str(),
+        ]);
 
         info!("executing: {:?}", cmd);
 
diff --git a/oak_restricted_kernel/Cargo.toml b/oak_restricted_kernel/Cargo.toml
index c0e9788e076..2b26e6bd120 100644
--- a/oak_restricted_kernel/Cargo.toml
+++ b/oak_restricted_kernel/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2021"
 license = "Apache-2.0"
 
 [features]
-default = ["vsock_channel"]
+default = ["vsock_channel", "initrd"]
 # Ability to load an application from initrd, the measurement of which was already taken by stage0.
 # In this case, instead of creating a dice layer, the kernel will expose stage0 dice data to the application.
 initrd = []
diff --git a/oak_restricted_kernel_bin/Cargo.toml b/oak_restricted_kernel_bin/Cargo.toml
index def827fc8ce..4998c1e4a4f 100644
--- a/oak_restricted_kernel_bin/Cargo.toml
+++ b/oak_restricted_kernel_bin/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2021"
 license = "Apache-2.0"
 
 [features]
-default = ["virtio_console_channel"]
+default = ["virtio_console_channel", "initrd"]
 virtio_console_channel = ["oak_restricted_kernel/virtio_console_channel"]
 vsock_channel = ["oak_restricted_kernel/vsock_channel"]
 simple_io_channel = ["oak_restricted_kernel/simple_io_channel"]
diff --git a/oak_restricted_kernel_launcher/README.md b/oak_restricted_kernel_launcher/README.md
index 00f016e410a..62f3ba25574 100644
--- a/oak_restricted_kernel_launcher/README.md
+++ b/oak_restricted_kernel_launcher/README.md
@@ -18,7 +18,7 @@ must be built.
 
 ```shell
 # Stage0, the restricted kernel, and an enclave app may be built like so:
-just stage0_bin oak_restricted_kernel_initrd_bin_wrapper oak_orchestrator && \
+just stage0_bin oak_restricted_kernel_wrapper oak_orchestrator && \
 
 # After building dependencies, an enclave app may be run like so:
 RUST_LOG=DEBUG \