Update restricted kernel oak functions to load via orchestrator

project-oak · Feb 13, 2024 · 996b8fa · 996b8fa
1 parent 3cecc5d
commit 996b8fa
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 20 deletions.
diff --git a/justfile b/justfile
@@ -36,12 +36,6 @@ oak_restricted_kernel_simple_io_bin:
 oak_restricted_kernel_simple_io_wrapper: oak_restricted_kernel_simple_io_bin
     just _wrap_kernel oak_restricted_kernel_simple_io
 
-oak_restricted_kernel_initrd_bin:
-    env --chdir=oak_restricted_kernel_bin cargo build --release --features=initrd --bin=oak_restricted_kernel_initrd_bin
-
-oak_restricted_kernel_initrd_bin_wrapper: oak_restricted_kernel_initrd_bin
-    just _wrap_kernel oak_restricted_kernel_initrd
-
 stage0_bin:
     env --chdir=stage0_bin cargo objcopy --release -- --output-target=binary target/x86_64-unknown-none/release/stage0_bin
 

diff --git a/oak_functions_launcher/benches/integration_benches.rs b/oak_functions_launcher/benches/integration_benches.rs
@@ -57,7 +57,9 @@ fn run_bench(b: &mut Bencher, config: &OakFunctionsTestConfig) {
             .to_str()
             .unwrap(),
     )));
-
+    let oak_restricted_kernel_orchestrator_app_path =
+        oak_functions_test_utils::build_rust_crate_enclave("oak_orchestrator")
+            .expect("Failed to build oak_orchestrator");
     let oak_functions_enclave_app_path =
         oak_functions_test_utils::build_rust_crate_enclave("oak_functions_enclave_app")
             .expect("Failed to build oak_functions_enclave_app");
@@ -81,7 +83,7 @@ fn run_bench(b: &mut Bencher, config: &OakFunctionsTestConfig) {
             "oak_stage0.bin",
         ]),
         gdb: None,
-        initrd: None,
+        initrd: oak_restricted_kernel_orchestrator_app_path.into(),
         memory_size: Some("256M".to_string()),
     };
     log::debug!("launcher params: {:?}", params);

diff --git a/oak_functions_launcher/tests/integration_test.rs b/oak_functions_launcher/tests/integration_test.rs
@@ -137,6 +137,10 @@ async fn test_load_large_lookup_data() {
     ))
     .await;
 
+    let oak_restricted_kernel_orchestrator_app_path =
+        oak_functions_test_utils::build_rust_crate_enclave("oak_orchestrator")
+            .expect("Failed to build oak_orchestrator");
+
     let oak_functions_enclave_app_path =
         oak_functions_test_utils::build_rust_crate_enclave("oak_functions_enclave_app")
             .expect("Failed to build oak_functions_enclave_app");
@@ -160,7 +164,7 @@ async fn test_load_large_lookup_data() {
             "oak_stage0.bin",
         ]),
         gdb: None,
-        initrd: None,
+        initrd: oak_restricted_kernel_orchestrator_app_path.into(),
         memory_size: Some("256M".to_string()),
     };
     log::debug!("launcher params: {:?}", params);
@@ -234,6 +238,10 @@ async fn test_load_two_gib_lookup_data() {
     ))
     .await;
 
+    let oak_restricted_kernel_orchestrator_app_path =
+        oak_functions_test_utils::build_rust_crate_enclave("oak_orchestrator")
+            .expect("Failed to build oak_orchestrator");
+
     let oak_functions_enclave_app_path =
         oak_functions_test_utils::build_rust_crate_enclave("oak_functions_enclave_app")
             .expect("Failed to build oak_functions_enclave_app");
@@ -257,7 +265,7 @@ async fn test_load_two_gib_lookup_data() {
             "oak_stage0.bin",
         ]),
         gdb: None,
-        initrd: None,
+        initrd: oak_restricted_kernel_orchestrator_app_path.into(),
         memory_size: Some("256M".to_string()),
     };
     log::debug!("launcher params: {:?}", params);

diff --git a/oak_launcher_utils/src/launcher.rs b/oak_launcher_utils/src/launcher.rs
@@ -71,7 +71,7 @@ pub struct Params {
 
     /// Path to the initrd image to use.
     #[arg(long, value_parser = path_exists, requires_all = &["kernel"])]
-    pub initrd: Option<PathBuf>,
+    pub initrd: PathBuf,
 }
 
 /// Checks if file with a given path exists.
@@ -186,12 +186,15 @@ impl Instance {
             cmd.arg("-S");
         }
 
-        if let Some(initrd) = params.initrd {
-            cmd.args([
-                "-initrd",
-                initrd.into_os_string().into_string().unwrap().as_str(),
-            ]);
-        }
+        cmd.args([
+            "-initrd",
+            params
+                .initrd
+                .into_os_string()
+                .into_string()
+                .unwrap()
+                .as_str(),
+        ]);
 
         info!("executing: {:?}", cmd);
 

diff --git a/oak_restricted_kernel/Cargo.toml b/oak_restricted_kernel/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2021"
 license = "Apache-2.0"
 
 [features]
-default = ["vsock_channel"]
+default = ["vsock_channel", "initrd"]
 # Ability to load an application from initrd, the measurement of which was already taken by stage0.
 # In this case, instead of creating a dice layer, the kernel will expose stage0 dice data to the application.
 initrd = []

diff --git a/oak_restricted_kernel_bin/Cargo.toml b/oak_restricted_kernel_bin/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2021"
 license = "Apache-2.0"
 
 [features]
-default = ["virtio_console_channel"]
+default = ["virtio_console_channel", "initrd"]
 virtio_console_channel = ["oak_restricted_kernel/virtio_console_channel"]
 vsock_channel = ["oak_restricted_kernel/vsock_channel"]
 simple_io_channel = ["oak_restricted_kernel/simple_io_channel"]

diff --git a/oak_restricted_kernel_launcher/README.md b/oak_restricted_kernel_launcher/README.md
@@ -18,7 +18,7 @@ must be built.
 
 ```shell
 # Stage0, the restricted kernel, and an enclave app may be built like so:
-just stage0_bin oak_restricted_kernel_initrd_bin_wrapper oak_orchestrator && \
+just stage0_bin oak_restricted_kernel_wrapper oak_orchestrator && \
 
 # After building dependencies, an enclave app may be run like so:
 RUST_LOG=DEBUG \