Giter Site home page Giter Site logo

librats's Introduction

inclavare-containers

Nightly Ubuntu SGX1 Nightly Alibaba Cloud Linux2 SGX2

Inclavare, pronounced as [ˈinklɑveə], is the Latin etymology of the word enclave, which means to isolate the user's sensitive workload from the untrusted and uncontrollable infrastructure in order to meet the protection requirement for the data in use.

Inclavare Containers is an innovation of container runtime with the novel approach for launching protected containers in hardware-assisted Trusted Execution Environment (TEE) technology, aka Enclave, which can prevent the untrusted entity, such as Cloud Service Provider (CSP), from accessing the sensitive and confidential assets in use.

Inclavare Containers has the following salient features:

  • Confidential computing oriented. Inclavare Containers provides a general design for the protection of tenant’s workload.
    • Create the hardware-enforced isolation between tenant’s workload and privileged software controlled by CSP.
    • Remove CSP from the Trusted Computing Base (TCB) of tenant in untrusted cloud.
    • Construct the general attestation infrastructure to convince users to trust the workloads running inside TEE based on hardware assisted enclave technology.
  • OCI-compliant. The component rune is fully compliant with OCI Runtime specification.
  • Cloud platform agnostic. It can be deployed in any public cloud Kubernetes platform.

Please refer to Terminology for more technical expressions used in Inclavare Containers.

cncf

Inclavare Containers is a sandbox project of the Cloud Native Computing Foundation (CNCF). If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF.

Audience

Inclavare Containers is helping to keep tenants' confidential data secure so they feel confident that their data is not being exposed to CSP or their own insiders, and they can easily move their trusted applications to the cloud.

Architecture

Inclavare Containers follows the classic container runtime design. It takes the adaption to containerd as first class, and uses dedicated shim-rune to interface with OCI Runtime rune. In the downstrem, init-runelet employs a novel approach of launching enclave runtime and trusted application in hardware-enforced enclave.

architecture

The major components of Inclavare Containers are:

  • rune
    rune is a CLI tool for spawning and running enclaves in containers according to the OCI specification. rune is already written into OCI Runtime implementation list.

  • shim-rune
    shim-rune resides in between containerd and rune, conducting enclave signing and management beyond the normal shim basis. In particular shim-rune and rune can compose a basic enclave containerization stack for confidential computing, providing low barrier to the use of confidential computing and the same experience as ordinary container. Please refer to this doc for the details.

  • enclave runtime
    The backend of rune is a component called enclave runtime, which is responsible for loading and running trusted and protected applications inside enclaves. The interface between rune and enclave runtime is Enclave Runtime PAL API, which allows invoking enclave runtime through well-defined functions. The softwares for confidential computing may benefit from this interface to interact with cloud-native ecosystem.

    One typical class of enclave runtime implementations is based on Library OSes. Currently, the recommended enclave runtime interacting with rune is Occlum, a memory-safe, multi-process Library OS for Intel SGX. And another typical class of enclave runtime is WebAssembly Micro Runtime (WAMR) with Intel SGX, a standalone WebAssembly (WASM) runtime with a small footprint, including a VM core, an application framework and a dynamic management for WASM applications.

    In addition, you can write your own enclave runtime with any programming language and SDK (e.g, Intel SGX SDK) you prefer as long as it implements Enclave Runtime PAL API.

Attestation

Inclavare Containers implements Enclave Attestation Architecture (EAA), a universal and cross-platform remote attestation infrastructure. EAA can prove that sensitive workloads are running on a genuine and trusted hardware TEE based on confidential computing technology. The formal design of EAA will be published for RFC.

architecture

The major components of EAA are:

  • Rats-TLS Rats-TLS enhances the standard TLS to support the trusted communications between heterogeneous hardware TEEs based on confidential computing technology, which is evolved from the ra-tls (deprecated). Even a non-hardware TEE platforms using Rats-TLS can communicate with a hardware TEE, e.g, SGX Enclave, through the attested and secured channel to transmit the sensitive information. In other words, the boundary of TCB is extended from execution environment to network transmission with Rats-TLS. In addition, Rats-TLS has an extensible model to support various hardware TEE. Refer to this design doc for more details.

  • Confidential Container
    Confidential container in the form of the enclave runtime Occlum responds to the request from Inclavared, and then sends back the attestation evidence of confidential container to Inclavared. Confidential container plays the role of the attester.

  • Inclavared
    Inclavared is responsible for forwarding the traffic between the confidential container and Shelter. The communication process is protected by the attested Enclave-TLS channel.

  • Shelter
    Shelter, as the role of the verifier deployed in the off-cloud, records the launch measurements of enclave runtime, and afterward establishes the attested Enclave-TLS channel to communicate with Inclavared. Eventually, it retrieves the evidence about enclave runtimes for verification.

Non-core components

  • sgx-tools
    sgx-tools is a CLI tool, used to interact Intel SGX AESM service to retrieve various materials such as launch token, quoting enclave's target information, enclave quote and remote attestation report from IAS. Refer to this tutorial for the details about its usage.

  • epm
    epm is a service that is used to manage the cache pools to optimize the startup time of enclave. Refer to this tutorial for the details about its usage.

Roadmap

Please refer to Inclavare Containers Roadmap for the details. This document outlines the development roadmap for the Inclavare Containers project.

Building

It's recommended to use Inclavare Containers development docker image to build Inclavare Containers from scratch.

Note that the environment of launching Inclavare Containers development docker image must be capable of hardware TEE and install the corresponding software stack, e.g, Intel SGX and Intel SGX SDK & PSW for Linux.

The exact command to run the docker image requires to be specified explicitly according to the type of SGX device driver.

  • For legacy out-of-tree driver:
docker run -it -v /var/run/aesmd:/var/run/aesmd \
  -device /dev/isgx \
  inclavarecontainers/dev:$version-$os
  • For DCAP and in-tree driver:
docker run -it -v /var/run/aesmd:/var/run/aesmd \
  -v /dev/sgx_enclave:/dev/sgx/enclave -v /dev/sgx_provision:/dev/sgx/provision \
  inclavarecontainers/dev:$version-$os

where:

  • $version denotes the version of Inclavare Containers in use.
  • $os denotes the OS type of development docker image, which may be ubuntu18.04 or alinux2.

Please be aware of running the commands listed below in the development container launched by Inclavare Containers development docker image.

  1. Download the latest source code of Inclavare Containers
mkdir -p "$WORKSPACE"
cd "$WORKSPACE"
git clone https://github.com/alibaba/inclavare-containers
  1. Build Inclavare Containers
cd inclavare-containers
# build rune, shim-rune, epm, sgx-tools, enclave-tls, shelter and inclavared
make

Installing

After build Inclavare Containers on your system, you can use the following command to install Inclavare Containers on your system.

sudo make install

{rune,shim-rune,epm,sgx-tools,shelter,inclavared} will be installed to /usr/local/bin/{rune,containerd-shim-rune-v2,epm,sgx-tools,shelter,inclavared} on your system. Enclave-TLS SDK will be installed to /opt/enclave-tls. {enclave-tls-server,enclave-tls-client} will be installed to /usr/share/enclave-tls/samples.

If you don't want to build and install Inclavare Containers from latest source code. We also provide RPM/DEB repository to help you install Inclavare Containers quickly. Please see the steps about how to configure repository firstly. Then you can run the following command to install Inclavare Containers on your system.

  • On Ubuntu 18.04 server
sudo apt-get install rune shim-rune epm sgx-tools enclave-tls shelter inclavared

Integrating

Inclavare Containers can be integrated with dockerd, containerd, and pouchd.

The former targets using docker to deploy Inclavare Containers. Specifically, you need to install the preferred enclave runtime when building container images, and then launch the enclave runtime through rune and enclave runtime specific PAL.

The latter targets using K8s to deploy Inclavare Containers. In this scenario, shim-rune and rune can compose an enclave containerization stack, so enclave runtime is not required and installed when building container images, providing with the same experience as ordinary containers.

dockerd

Add the assocated configurations for rune in dockerd config file, e.g, /etc/docker/daemon.json, on your system.

{
        "runtimes": {
                "rune": {
                        "path": "/usr/local/bin/rune",
                        "runtimeArgs": []
                }
        }
}

then restart dockerd on your system.

You can check whether rune is correctly enabled or not with:

docker info | grep rune

Note that the systemd is not installed by default, so please manually start up dockerd:

dockerd -b docker0 --storage-driver=vfs &

containerd

Inclavare Containers is added to the adopters list of containerd. Besides, shim-rune supports containerd shim v2 API. So you can add the assocated configurations for shim-rune in the containerd config file, e.g, /etc/containerd/config.toml, on your system.

        [plugins.cri.containerd]
          ...
          [plugins.cri.containerd.runtimes.rune]
            runtime_type = "io.containerd.rune.v2"

then restart containerd on your system.

pouchd

Add the assocated configurations in pouchd config file, e.g, /etc/pouch/config.json, on your system.

	"add-runtime": {
		"rune": {
            		"path": "/usr/local/bin/rune",
            		"runtimeArgs": null,
            		"type": "io.containerd.rune.v2"
        	},
		...
	}

where:

  • @path: specify the path of OCI Runtime, such as the pach of rune.
  • @runtimeArgs: specify the arguments of the pouchd runtime, such as --platform, --network.
  • @type: specify the shim template from the following candidates:
    • io.containerd.rune.v2: correspond to shim-rune
    • io.containerd.runtime.v1.linux: correspond to containerd-shim
    • io.containerd.runc.v1: correspond to containerd-shim-runc-v1

then restart pouchd on your system.

You can check whether rune is correctly enabled or not with:

pouch info | grep rune

Deployment

Inclavare Containers can be deployed with Occlum LibOS and WebAssembly Micro Runtime (WAMR).

Occlum LibOS

Please refer to this guide to run Occlum with rune and docker.

Please refer to this guide to deploy an enclave container in a Kubernetes cluster. Currently, Hello-world application image and web application images based on OpenJDK 11, Dragonwell, and Golang are provided. These images don't contain enclave runtime. They are only used for the deployment with containerd.

Please refer to this guide to run inclavare-containers with pouchd.

WebAssembly Micro Runtime (WAMR)

Please refer to this guide to run WAMR with rune.

WebAssembly Micro Runtime (WAMR) application image is provided. WAMR image contains enclave runtime, because it doesn't adapt to shim-rune and use off-cloud signing. It is only used for the deployment with dockerd.

License

FOSSA Status

librats's People

Contributors

abillest avatar cheatguy avatar haosanzi avatar houhuiting avatar imlk0 avatar jamesmenetrey avatar jiazhang0 avatar wojiaohanliyang avatar yangliang3 avatar zeuson0 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

yangliang3 haosanzi zeuson0 zhiwei-intel-h wojiaohanliyang abillest imlk0 houhuiting killvxk jamesmenetrey wydxyreh cheatguy

librats's Issues

Porting Interoperable RA-TLS support from rats-tls to librats

Here is a list of the PRs that need to be ported from rats-tls to librats. The numbers of these PRs are in the range of 122 to 147. PR numbers outside of this range are not considered in this issue.

Implementation of interoperable ra-tls:

Changes that implementation of interoperable ra-tls depends on:

Bugfix for rats-tls which also applicable to librats:

lacking of libsgx_tcrypto

It's dependency library of libsgx_tservice.

/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(ec_dh.o): in function `dh_generate_message3(_sgx_dh_msg2_t const*, _sgx_ec256_public_t const*, unsigned char const (*) [16], _sgx_dh_msg3_t*, unsigned int)':
ec_dh.cpp:(.text.unlikely._ZL20dh_generate_message3PK14_sgx_dh_msg2_tPK19_sgx_ec256_public_tPA16_KhP14_sgx_dh_msg3_tj+0xb6): undefined reference to `sgx_sha256_msg'
/usr/local/bin/ld: ec_dh.cpp:(.text.unlikely._ZL20dh_generate_message3PK14_sgx_dh_msg2_tPK19_sgx_ec256_public_tPA16_KhP14_sgx_dh_msg3_tj+0x14b): undefined reference to `sgx_rijndael128_cmac_msg'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(ec_dh.o): in function `LAv2_generate_message3(_sgx_dh_msg2_t const*, _sgx_ec256_public_t const*, unsigned char const (*) [16], _sgx_dh_msg3_t*)':
ec_dh.cpp:(.text.unlikely._ZL22LAv2_generate_message3PK14_sgx_dh_msg2_tPK19_sgx_ec256_public_tPA16_KhP14_sgx_dh_msg3_t+0x98): undefined reference to `sgx_sha256_msg'
/usr/local/bin/ld: ec_dh.cpp:(.text.unlikely._ZL22LAv2_generate_message3PK14_sgx_dh_msg2_tPK19_sgx_ec256_public_tPA16_KhP14_sgx_dh_msg3_t+0xc2): undefined reference to `sgx_cmac128_init'
/usr/local/bin/ld: ec_dh.cpp:(.text.unlikely._ZL22LAv2_generate_message3PK14_sgx_dh_msg2_tPK19_sgx_ec256_public_tPA16_KhP14_sgx_dh_msg3_t+0xe2): undefined reference to `sgx_cmac128_update'
/usr/local/bin/ld: ec_dh.cpp:(.text.unlikely._ZL22LAv2_generate_message3PK14_sgx_dh_msg2_tPK19_sgx_ec256_public_tPA16_KhP14_sgx_dh_msg3_t+0xf4): undefined reference to `sgx_cmac128_update'
/usr/local/bin/ld: ec_dh.cpp:(.text.unlikely._ZL22LAv2_generate_message3PK14_sgx_dh_msg2_tPK19_sgx_ec256_public_tPA16_KhP14_sgx_dh_msg3_t+0x101): undefined reference to `sgx_cmac128_final'
/usr/local/bin/ld: ec_dh.cpp:(.text.unlikely._ZL22LAv2_generate_message3PK14_sgx_dh_msg2_tPK19_sgx_ec256_public_tPA16_KhP14_sgx_dh_msg3_t+0x10b): undefined reference to `sgx_cmac128_close'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(ec_dh.o): in function `verify_cmac128(unsigned char const*, unsigned char const*, unsigned int, unsigned char const*) [clone .part.3]':
ec_dh.cpp:(.text._ZL14verify_cmac128PKhS0_jS0_.part.3+0x22): undefined reference to `sgx_rijndael128_cmac_msg'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(ec_dh.o): in function `dh_verify_message3(_sgx_dh_msg3_t const*, _sgx_ec256_public_t const*, _sgx_ec256_public_t const*, unsigned char const (*) [16])':
ec_dh.cpp:(.text._ZL18dh_verify_message3PK14_sgx_dh_msg3_tPK19_sgx_ec256_public_tS4_PA16_Kh+0x107): undefined reference to `sgx_sha256_msg'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(ec_dh.o): in function `LAv2_verify_message3(_sgx_dh_msg3_t const*, _sgx_ec256_public_t const*, _sgx_ec256_public_t const*, unsigned char const (*) [16]) [clone .isra.4]':
ec_dh.cpp:(.text._ZL20LAv2_verify_message3PK14_sgx_dh_msg3_tPK19_sgx_ec256_public_tS4_PA16_Kh.isra.4+0xde): undefined reference to `sgx_sha256_msg'
/usr/local/bin/ld: ec_dh.cpp:(.text._ZL20LAv2_verify_message3PK14_sgx_dh_msg3_tPK19_sgx_ec256_public_tS4_PA16_Kh.isra.4+0x145): undefined reference to `sgx_cmac128_init'
/usr/local/bin/ld: ec_dh.cpp:(.text._ZL20LAv2_verify_message3PK14_sgx_dh_msg3_tPK19_sgx_ec256_public_tS4_PA16_Kh.isra.4+0x167): undefined reference to `sgx_cmac128_update'
/usr/local/bin/ld: ec_dh.cpp:(.text._ZL20LAv2_verify_message3PK14_sgx_dh_msg3_tPK19_sgx_ec256_public_tS4_PA16_Kh.isra.4+0x181): undefined reference to `sgx_cmac128_update'
/usr/local/bin/ld: ec_dh.cpp:(.text._ZL20LAv2_verify_message3PK14_sgx_dh_msg3_tPK19_sgx_ec256_public_tS4_PA16_Kh.isra.4+0x18e): undefined reference to `sgx_cmac128_final'
/usr/local/bin/ld: ec_dh.cpp:(.text._ZL20LAv2_verify_message3PK14_sgx_dh_msg3_tPK19_sgx_ec256_public_tS4_PA16_Kh.isra.4+0x198): undefined reference to `sgx_cmac128_close'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(ec_dh.o): in function `dh_generate_message1(_sgx_dh_msg1_t*, _sgx_internal_dh_session_t*)':
ec_dh.cpp:(.text._ZL20dh_generate_message1P14_sgx_dh_msg1_tP26_sgx_internal_dh_session_t+0x156): undefined reference to `sgx_ecc256_open_context'
/usr/local/bin/ld: ec_dh.cpp:(.text._ZL20dh_generate_message1P14_sgx_dh_msg1_tP26_sgx_internal_dh_session_t+0x175): undefined reference to `sgx_ecc256_create_key_pair'
/usr/local/bin/ld: ec_dh.cpp:(.text._ZL20dh_generate_message1P14_sgx_dh_msg1_tP26_sgx_internal_dh_session_t+0x195): undefined reference to `sgx_ecc256_close_context'
/usr/local/bin/ld: ec_dh.cpp:(.text._ZL20dh_generate_message1P14_sgx_dh_msg1_tP26_sgx_internal_dh_session_t+0x1a6): undefined reference to `sgx_ecc256_close_context'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(ec_dh.o): in function `sgx_LAv1_initiator_proc_msg1':
ec_dh.cpp:(.text.sgx_LAv1_initiator_proc_msg1+0xaa): undefined reference to `sgx_ecc256_open_context'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv1_initiator_proc_msg1+0xcc): undefined reference to `sgx_ecc256_close_context'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv1_initiator_proc_msg1+0x1bf): undefined reference to `sgx_ecc256_create_key_pair'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv1_initiator_proc_msg1+0x1e6): undefined reference to `sgx_ecc256_compute_shared_dhkey'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv1_initiator_proc_msg1+0x2b4): undefined reference to `sgx_sha256_msg'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv1_initiator_proc_msg1+0x34b): undefined reference to `sgx_rijndael128_cmac_msg'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv1_initiator_proc_msg1+0x3d0): undefined reference to `sgx_ecc256_close_context'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(ec_dh.o): in function `sgx_dh_responder_proc_msg2':
ec_dh.cpp:(.text.sgx_dh_responder_proc_msg2+0x155): undefined reference to `sgx_ecc256_open_context'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_dh_responder_proc_msg2+0x181): undefined reference to `sgx_ecc256_close_context'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_dh_responder_proc_msg2+0x297): undefined reference to `sgx_ecc256_compute_shared_dhkey'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_dh_responder_proc_msg2+0x3fb): undefined reference to `sgx_sha256_msg'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_dh_responder_proc_msg2+0x597): undefined reference to `sgx_ecc256_close_context'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_dh_responder_proc_msg2+0x636): undefined reference to `sgx_sha256_msg'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(ec_dh.o): in function `sgx_LAv2_initiator_proc_msg1':
ec_dh.cpp:(.text.sgx_LAv2_initiator_proc_msg1+0xaa): undefined reference to `sgx_ecc256_open_context'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv2_initiator_proc_msg1+0xcc): undefined reference to `sgx_ecc256_close_context'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv2_initiator_proc_msg1+0x1bf): undefined reference to `sgx_ecc256_create_key_pair'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv2_initiator_proc_msg1+0x1e6): undefined reference to `sgx_ecc256_compute_shared_dhkey'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv2_initiator_proc_msg1+0x28c): undefined reference to `sgx_sha256_msg'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv2_initiator_proc_msg1+0x342): undefined reference to `sgx_rijndael128_cmac_msg'
/usr/local/bin/ld: ec_dh.cpp:(.text.sgx_LAv2_initiator_proc_msg1+0x3c7): undefined reference to `sgx_ecc256_close_context'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_dcap_tvl.a(sgx_dcap_tvl.o): in function `sgx_tvl_verify_qve_report_and_identity':
sgx_dcap_tvl.cpp:(.text.sgx_tvl_verify_qve_report_and_identity+0x111): undefined reference to `sgx_sha256_close'
/usr/local/bin/ld: sgx_dcap_tvl.cpp:(.text.sgx_tvl_verify_qve_report_and_identity+0x176): undefined reference to `sgx_sha256_init'
/usr/local/bin/ld: sgx_dcap_tvl.cpp:(.text.sgx_tvl_verify_qve_report_and_identity+0x196): undefined reference to `sgx_sha256_update'
/usr/local/bin/ld: sgx_dcap_tvl.cpp:(.text.sgx_tvl_verify_qve_report_and_identity+0x1aa): undefined reference to `sgx_sha256_update'
/usr/local/bin/ld: sgx_dcap_tvl.cpp:(.text.sgx_tvl_verify_qve_report_and_identity+0x1c2): undefined reference to `sgx_sha256_update'
/usr/local/bin/ld: sgx_dcap_tvl.cpp:(.text.sgx_tvl_verify_qve_report_and_identity+0x1da): undefined reference to `sgx_sha256_update'
/usr/local/bin/ld: sgx_dcap_tvl.cpp:(.text.sgx_tvl_verify_qve_report_and_identity+0x1f2): undefined reference to `sgx_sha256_update'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_dcap_tvl.a(sgx_dcap_tvl.o):sgx_dcap_tvl.cpp:(.text.sgx_tvl_verify_qve_report_and_identity+0x20f): more undefined references to `sgx_sha256_update' follow
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_dcap_tvl.a(sgx_dcap_tvl.o): in function `sgx_tvl_verify_qve_report_and_identity':
sgx_dcap_tvl.cpp:(.text.sgx_tvl_verify_qve_report_and_identity+0x22f): undefined reference to `sgx_sha256_get_hash'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(sgx_verify_report.o): in function `sgx_verify_report':
sgx_verify_report.cpp:(.text.sgx_verify_report+0x13f): undefined reference to `sgx_rijndael128_cmac_msg'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_trts_sim.a(init_optimized_lib.o): in function `init_optimized_libs':
init_optimized_lib.cpp:(.text.init_optimized_libs+0xdf): undefined reference to `sgx_init_crypto_lib'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_trts_sim.a(deriv.o): in function `derive_key':
deriv.cpp:(.text.derive_key+0x47): undefined reference to `sgx_rijndael128_cmac_msg'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_trts_sim.a(deriv.o): in function `cmac':
deriv.cpp:(.text.cmac+0x2a): undefined reference to `sgx_rijndael128_cmac_msg'
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_tservice.a(ecp.o): in function `derive_key(_sgx_ec256_dh_shared_t const*, char const*, unsigned int, unsigned char (*) [16])':
ecp.cpp:(.text._Z10derive_keyPK22_sgx_ec256_dh_shared_tPKcjPA16_h+0x9e): undefined reference to `sgx_rijndael128_cmac_msg'
/usr/local/bin/ld: ecp.cpp:(.text._Z10derive_keyPK22_sgx_ec256_dh_shared_tPKcjPA16_h+0x105): undefined reference to `sgx_rijndael128_cmac_msg'
collect2: error: ld returned 1 exit status

Handling SGX verification non-terminal results

During SGX verfication on some older hardware it may respond with SGX_QL_QV_RESULT_OUT_OF_DATE error, which is actually a non-terminal result, meaning that whether or not to trust is left to the user. We need to provide the user with this interface in librats to confirm that the error is exempted.

librats/verifiers/sgx-ecdsa/verify_evidence.c

Lines 276 to 284 in 5ac0f98

case SGX_QL_QV_RESULT_CONFIG_NEEDED:
case SGX_QL_QV_RESULT_OUT_OF_DATE:
case SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED:
case SGX_QL_QV_RESULT_SW_HARDENING_NEEDED:
case SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED:
RATS_WARN("verification completed with Non-terminal result: %x\n",
quote_verification_result);
err = SGX_ECDSA_VERIFIER_ERR_CODE((int)quote_verification_result);
break;

Perhaps we need to clarify the design of *_err_t types

Currently, we define the error types in include/librats/err.h, but there are still some problems.

  1. We have many similar error status, such as RATS_ERR_NONE, RATS_ATTESTER_ERR_NONE, RATS_VERIFIER_ERR_NONE. Currently we must be careful to avoid returning RATS_ATTESTER_ERR_NONE in functions of type rats_err_t. because caller usually just compares it with RATS_ERR_NONE. Same problem also exists when calling the rats_err_t function from a function of type rats_attester_err_t.
  2. There seems to be confusion as to when to return a negative value for an error code. Although previous work has attempted to remove -, a few codes(1, 2)still use it.
  3. The ERR_CODE_SUBCLASS is not clearly defined, and it seems to be a wrapper for some underlying error type. But it seems that subclass bits is erased in the definition of this macro.

I suggest a redesign of the error types, at least

  1. We should clearly define the relationship between rats_err_t and the following rats_attester_err_t, rats_verifier_err_t. E.g., is rats_err_t is a superclass of the latter two?
  2. We need to clarify when we should use rats_err_t, rats_attester_err_t, rats_verifier_err_t. For example, should some generic utility functions use rats_err_t, even though they may be called by functions of type rats_attester_err_t?
  3. Need a better way to call each other between different types of functions.

Add support for static linking to SGX QVL

Add support for static linking to QVL to remove dependency on installed SGX libraries in the system.

This is intended to bring more portability to librats, e.g. running in a browser or a Trusted Application (i.e. TrustZone).

build warning in sgx mode

/home/yangliang/librats/verifiers/sgx-la/main.c:23:10: warning: initialized field overwritten [-Woverride-init]
23 | .name = "sgx_la",
| ^~~~~~~~
/home/yangliang/librats/verifiers/sgx-la/main.c:23:10: note: (near initialization for ‘sgx_la_verifier_opts.name’)
/home/yangliang/librats/verifiers/sgx-la/main.c:27:21: warning: initialization of ‘rats_verifier_err_t (*)(rats_verifier_ctx_t *, attestation_evidence_t *, const uint8_t *, uint32_t, claim_t **, size_t )’ {aka ‘enum ()(struct rats_verifier_ctx *, struct attestation_evidence *, const unsigned char *, unsigned int, struct claim **, long unsigned int )’} from incompatible pointer type ‘rats_verifier_err_t ()(rats_verifier_ctx_t *, attestation_evidence_t *, uint8_t *, unsigned int, claim_t **, size_t )’ {aka ‘enum ()(struct rats_verifier_ctx *, struct attestation_evidence *, unsigned char *, unsigned int, struct claim **, long unsigned int *)’} [-Wincompatible-pointer-types]
27 | .verify_evidence = sgx_la_verify_evidence,
| ^~~~~~~~~~~~~~~~~~~~~~
/home/yangliang/librats/verifiers/sgx-la/main.c:27:21: note: (near initialization for ‘sgx_la_verifier_opts.verify_evidence’)

failed to collect or verify evidence in SGX mode

Two bugs to be fixed:

  1. The macro definition of RATS_ATTESTER_NUM and RATS_VERIFIER_NUM are wrong, it may cause rats_attest_init failed.
  2. My machine is sgx2 supported, but function is_sgx2_supported returns false, it may cause attester sgx_ecdsa register failed.

failed to complie occlum build mode 

cmake -DRATS_BUILD_MODE="occlum"  -H. -Bbuild
make -C build install

[ 76%] Building C object verifiers/sgx-ecdsa/CMakeFiles/verifier_sgx_ecdsa.dir/verify_evidence.c.o
/root/yanrong/haosanzi/librats/verifiers/sgx-ecdsa/verify_evidence.c:25:10: fatal error: dcap_quote.h: No such file or directory
 #include "dcap_quote.h"
          ^~~~~~~~~~~~~~
compilation terminated.
verifiers/sgx-ecdsa/CMakeFiles/verifier_sgx_ecdsa.dir/build.make:158: recipe for target 'verifiers/sgx-ecdsa/CMakeFiles/verifier_sgx_ecdsa.dir/verify_evidence.c.o' failed

librats compiling modularity

attester and verifier compiling need to be split. It needs to provide compile attesters and verifiers independently.

The same registration conditions of SEV and CSV attesters

It may cause registering both SEV and CSV as attesters and selecting SEV finally because the priority of SEV is higher.

Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attest_init()@L34: called
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attest_init()@L50: conf 0x7f26d6c1c160
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_load_all()@L34: called
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_load_single()@L64: loading the rats attester instance 'libattester_nullattester.so' ...
Fri Sep  9 11:22:30 CST 2022: [DEBUG] libattester_null_init()@L37: called
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_register()@L20: registering the rats attester 'nullattester' ...
[INFO] the rats attester 'nullattester' registered with type 'nullattester'
Fri Sep  9 11:22:30 CST 2022: [DEBUG] nullattester_pre_init()@L12: called
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_load_single()@L93: the rats attester 'nullattester' loaded
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_load_single()@L64: loading the rats attester instance 'libattester_sev.so' ...
Fri Sep  9 11:22:30 CST 2022: [DEBUG] libattester_sev_init()@L33: called
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_register()@L20: registering the rats attester 'sev' ...
[INFO] the rats attester 'sev' registered with type 'sev'
Fri Sep  9 11:22:30 CST 2022: [DEBUG] sev_attester_pre_init()@L12: called
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_load_single()@L93: the rats attester 'sev' loaded
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_load_single()@L64: loading the rats attester instance 'libattester_csv.so' ...
Fri Sep  9 11:22:30 CST 2022: [DEBUG] libattester_csv_init()@L33: called
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_register()@L20: registering the rats attester 'csv' ...
[INFO] the rats attester 'csv' registered with type 'csv'
Fri Sep  9 11:22:30 CST 2022: [DEBUG] csv_attester_pre_init()@L12: called
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_load_single()@L93: the rats attester 'csv' loaded
Fri Sep  9 11:22:30 CST 2022: [DEBUG] rats_attester_select()@L31: selecting the rats attester 'sev'...
Fri Sep  9 11:22:30 CST 2022: [DEBUG] init_rats_attester()@L17: called rats core ctx: 0x7f26d6c1c1c0 rats attester ctx: 0x7f26d060ec80
Fri Sep  9 11:22:30 CST 2022: [DEBUG] sev_attester_init()@L14: ctx 0x7f26d060ec80
[INFO] the rats attester 'sev' selected
Fri Sep  9 11:22:30 CST 2022: [DEBUG] sev_collect_evidence()@L32: ctx 0x7f26d060ec80, evidence 0x7f26d6c1c2b0, hash 0x7f26d05ffb90
Fri Sep  9 11:22:30 CST 2022: [DEBUG] sev_collect_evidence()@L40: guest firmware handle is -1
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: ()', src/lib.rs:80:10

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.