Enable remote attestation by librats in SGX mode #1445
Conversation
| @@ -0,0 +1,59 @@ | |||
| /* Copyright (c) 2022 Intel Corporation | |||
There was a problem hiding this comment.
Had better add an extra line like other files:
/*
* Copyright (c) 2022 Intel Corporation
* Copyright (c) 2020-2021 Alibaba Cloud
| /* Copyright (c) 2022 Intel Corporation | ||
| * Copyright (c) 2020-2021 Alibaba Cloud | ||
| * | ||
| * SPDX-License-Identifier: Apache-2.0 |
There was a problem hiding this comment.
Should be SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
|
||
| char * | ||
| strcpy(char *dest, const char *src); | ||
| #define strcpy(dst, src) strncpy(dst, src, strlen(src)) |
There was a problem hiding this comment.
Not sure whether it needs to change code here? There are compilation warnings:
core/shared/platform/linux-sgx/sgx_file.c: In function ‘realpath’:
core/shared/platform/linux-sgx/platform_internal.h:59:26: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
59 | #define strcpy(dst, src) strncpy(dst, src, strlen(src))There was a problem hiding this comment.
It's because librats and wamr have the same function named strcpy on SGX, now I have recover it in wamr and modify the Implementation of it in librats.
|
|
||
| if (WAMR_BUILD_LIB_RATS EQUAL 1) | ||
| execute_process( | ||
| COMMAND bash -c "sed -i -E 's/^\\/\\/ #define LIB_RATS/#define LIB_RATS/g' ${CMAKE_CURRENT_SOURCE_DIR}/enclave-sample/Enclave/Enclave.edl" |
There was a problem hiding this comment.
Searching \n// #define LIB_RATS might cause error if the code is changed, how about:
#define LIB_RATS 0
And replace between \n#define LIB_RATS 0 and \n#define LIB_RATS 1?
samples/sgx-ra/CMakeLists.txt
Outdated
| @@ -0,0 +1,80 @@ | |||
| # Copyright (C) 2019 Intel Corporation. All rights reserved. | |||
There was a problem hiding this comment.
Could you please write a README.md under this folder to introduce the sample?
Another issue is that do I need to install other packages? I got compilation error while building this sample:
samples/sgx-ra/build/_deps/librats-src/tee/sgx/untrust/sgx_ecdsa_ocall.c:14:10: fatal error: sgx_dcap_quoteverify.h: No such file or directory
14 | #include <sgx_dcap_quoteverify.h>
README.md
Outdated
| - **[wasm-c-api](./samples/wasm-c-api/README.md)**: Demonstrating how to run some samples from [wasm-c-api proposal](https://github.com/WebAssembly/wasm-c-api) and showing the supported API's. | ||
| - **[socket-api](./samples/socket-api/README.md)**: Demonstrating how to run wasm tcp server and tcp client applications, and how they communicate with each other. | ||
| - **[workload](./samples/workload/README.md)**: Demonstrating how to build and run some complex workloads, e.g. tensorflow-lite, XNNPACK, wasm-av1, meshoptimizer and bwa. | ||
| - **[sgx-ra](./samples/sgx-ra/README.md)**: Demonstrates how to excute Remote Attestation on SGX with [librats](https://github.com/inclavare-containers/librats), which enables mutual attestation with other runtimes or other entities that support librats to ensure that each is running within the TEE. |
There was a problem hiding this comment.
Should be execute but not excute.
And not sure whether Demonstrating or Demonstrates is better, but the other samples use Demonstrating, could this sample also aligns with that?
samples/sgx-ra/README.md
Outdated
| "sgx-ra" sample introduction | ||
| ============== | ||
|
|
||
| This sample demonstrates how to excute Remote Attestation on SGX with [librats](https://github.com/inclavare-containers/librats) and run it with iwasm. It can only build on [SGX supported processors](https://www.intel.com/content/www/us/en/support/articles/000028173/processors.html), please check it. |
| /* clang-format off */ | ||
| #define REG_NATIVE_FUNC(func_name, signature) \ | ||
| { #func_name, func_name##_wrapper, signature, NULL } | ||
| /* clang-format off */ |
There was a problem hiding this comment.
| /* clang-format off */ | |
| /* clang-format on */ |
Add library librats, update SGX build scripts, add sample and update document.
No description provided.