Skip to content

linux-sgx: Implement SGX IPFS as POSIX backend for files interaction #1489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wenyongh merged 12 commits into from
Sep 28, 2022
Merged

linux-sgx: Implement SGX IPFS as POSIX backend for files interaction #1489

wenyongh merged 12 commits into from
Sep 28, 2022

Conversation

@JamesMenetrey
Copy link
Contributor

@JamesMenetrey JamesMenetrey commented Sep 15, 2022

Dear WAMR developers,

Here is a PR that contributes to integrating an Intel SGX feature called Intel Protection File System Library (IPFS) in the runtime to create, operate and delete files inside the enclave, while guaranteeing the confidentiality and integrity of the data persisted.

This feature has been implemented so that when the runtime is compiled with a newly-introduced flag (WAMR_SGX_IPFS), the files interaction API of WASI will leverage IPFS, instead of the regular POSIX OCALLs. The implementation has been written with light changes to the POSIX sandbox for WASI, so all the security aspects WAMR relies on are conserved.

In addition to this integration, the following changes have been made:

  • The CI workflow has been adapted to test the compilation of the runtime with the flag WAMR_SGX_IPFS set to true,
  • Introduction of a new sample that demonstrates the interaction of the files (called file),
  • Documentation of this new feature (preview here)

A proof of concept regarding WAMR and IPFS was already published by my university and me a year ago with many benchmarks to evaluate the overheads of IPFS file interaction. You can see our results in this paper. With the help of the company Credora, we thought it would be a great asset to WAMR to push this research into the upstream WAMR.

Feel free to discuss the changes here, as I would be glad to perform any changes that are not compliant with the best practices of this project.

Cheers

@JamesMenetrey JamesMenetrey mentioned this pull request Sep 16, 2022
Open
wenyongh
wenyongh reviewed Sep 18, 2022
View reviewed changes
wenyongh
wenyongh reviewed Sep 20, 2022
View reviewed changes
@JamesMenetrey
Copy link
Contributor Author

JamesMenetrey commented Sep 22, 2022

Hey @wenyongh, many thanks for this great feedback. I have improved the aspects you mentioned in your previous comments/reviews. Notably, I restored the initial state of the posix.c file and implemented hooked the SGX functions for file interactions to introduce IPFS. As such, this leads to better encapsulation.

Let me know if you see other points to fix/refactor.

Cheers!

wenyongh
wenyongh reviewed Sep 23, 2022
View reviewed changes
@wenyongh
Copy link
Collaborator

wenyongh commented Sep 23, 2022

Hey @wenyongh, many thanks for this great feedback. I have improved the aspects you mentioned in your previous comments/reviews. Notably, I restored the initial state of the posix.c file and implemented hooked the SGX functions for file interactions to introduce IPFS. As such, this leads to better encapsulation.

Let me know if you see other points to fix/refactor.

Cheers!

@JamesMenetrey Thanks a lot for implementing this feature, it is very helpful to SGX users! The PR seems good and there are only several comments from me, could you help check them?

@JamesMenetrey
Copy link
Contributor Author

JamesMenetrey commented Sep 27, 2022
edited
Loading

Hey @wenyongh,

Thanks for this second pass of review. I have completed the different points you mentioned.

Don't hesitate to check it out and give me feedback on it!

Cheers

@wenyongh
Copy link
Collaborator

wenyongh commented Sep 28, 2022

LGTM

xujuntwt95329
xujuntwt95329 reviewed Sep 28, 2022
View reviewed changes
Copy link
Collaborator

@xujuntwt95329 xujuntwt95329 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@wenyongh wenyongh merged commit dfd16f8 into bytecodealliance:main Sep 28, 2022
@JamesMenetrey
Copy link
Contributor Author

JamesMenetrey commented Sep 28, 2022

Great, thanks! 🎉🚀

wenyongh added a commit to wenyongh/wasm-micro-runtime that referenced this pull request Sep 28, 2022
@wenyongh
Merge pull request #630 from bytecodealliance/main
442f7dd 
linux-sgx: Implement SGX IPFS as POSIX backend for file interaction (bytecodealliance#1489)
vickiegpt pushed a commit to vickiegpt/wamr-aot-gc-checkpoint-restore that referenced this pull request May 27, 2024
@JamesMenetrey
linux-sgx: Implement SGX IPFS as POSIX backend for file interaction (b…
0feb326 
…ytecodealliance#1489)

This PR integrates an Intel SGX feature called Intel Protection File System Library (IPFS)
into the runtime to create, operate and delete files inside the enclave, while guaranteeing
the confidentiality and integrity of the data persisted. IPFS can be referred to here:
https://www.intel.com/content/www/us/en/developer/articles/technical/overview-of-intel-protected-file-system-library-using-software-guard-extensions.html

Introduce a cmake variable `WAMR_BUILD_SGX_IPFS`, when enabled, the files interaction
API of WASI will leverage IPFS, instead of the regular POSIX OCALLs. The implementation
has been written with light changes to sgx platform layer, so all the security aspects
WAMR relies on are conserved.

In addition to this integration, the following changes have been made:
 - The CI workflow has been adapted to test the compilation of the runtime and sample
    with the flag `WAMR_BUILD_SGX_IPFS` set to true
 - Introduction of a new sample that demonstrates the interaction of the files (called `file`),
 - Documentation of this new feature
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@xujuntwt95329 xujuntwt95329 xujuntwt95329 left review comments

@wenyongh wenyongh wenyongh approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JamesMenetrey @wenyongh @xujuntwt95329