Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update GSC with Gramine's new SGX driver requirements #228

Merged
merged 1 commit into from
Dec 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 0 additions & 10 deletions Documentation/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -359,16 +359,6 @@ in :file:`config.yaml.template`.
provided for popular cloud-provider environments. `Gramine.Repository` and
`Gramine.Branch` are ignored in case `Gramine.Image` is specified.

.. describe:: SGXDriver.Repository

Source repository of the Intel SGX driver. Default value: ""
(in-kernel driver).

.. describe:: SGXDriver.Branch

Use this branch of the repository. Default value: ""
(in-kernel driver).

Run graminized Docker images
=============================

Expand Down
19 changes: 0 additions & 19 deletions config.yaml.template
Original file line number Diff line number Diff line change
Expand Up @@ -32,22 +32,3 @@ Registry: ""
Gramine:
Repository: "https://github.com/gramineproject/gramine.git"
Branch: "master"

# Specify the Intel SGX driver installed on your machine (more specifically, on the machine where
# the graminized Docker container will run); there are several variants of the SGX driver:
#
# - upstream (in-kernel) driver: use empty values like below
# Repository: ""
# Branch: ""
#
# - DCAP out-of-tree driver: same as above, use empty values
# Repository: ""
# Branch: ""
#
# - legacy out-of-tree driver: use something like the below values, but adjust the branch name
# Repository: "https://github.com/01org/linux-sgx-driver.git"
# Branch: "sgx_driver_1.9"
#
SGXDriver:
Repository: ""
Branch: ""
18 changes: 0 additions & 18 deletions templates/Dockerfile.common.compile.template
Original file line number Diff line number Diff line change
Expand Up @@ -13,28 +13,10 @@ RUN cd /gramine \
&& git fetch origin {{Gramine.Branch}} \
&& git checkout {{Gramine.Branch}}

{% if "linux-sgx-driver" in SGXDriver.Repository %}
RUN cd /gramine \
&& git clone {{SGXDriver.Repository}} driver \
&& cd driver \
&& git checkout {{SGXDriver.Branch}}
{% else %}
RUN mkdir -p /gramine/driver/asm \
&& cd /gramine/driver/asm \
&& wget --timeout=10 -O sgx.h \
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/arch/x86/include/uapi/asm/sgx.h?h=v5.11 \
adarshan-intel marked this conversation as resolved.
Show resolved Hide resolved
&& sha256sum sgx.h | grep -q a34a997ade42b61376b1c5d3d50f839fd28f2253fa047cb9c0e68a1b00477956
{% endif %}

RUN cd /gramine \
&& meson setup build/ --prefix="/gramine/meson_build_output" \
--buildtype={{buildtype}} \
-Ddirect=enabled -Dsgx=enabled \
{% if template_path(Distro).startswith('ubuntu:') %}-Ddcap=enabled{% endif %} \
{% if "linux-sgx-driver" in SGXDriver.Repository %} \
-Dsgx_driver=oot -Dsgx_driver_include_path=/gramine/driver \
{% else %} \
-Dsgx_driver=upstream -Dsgx_driver_include_path=/gramine/driver \
{% endif %} \
&& ninja -C build \
&& ninja -C build install
2 changes: 1 addition & 1 deletion templates/centos/Dockerfile.compile.template
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ RUN dnf update -y \
gcc-c++ \
git \
httpd \
kernel-headers \
libevent-devel \
make \
nasm \
Expand All @@ -36,7 +37,6 @@ RUN dnf update -y \
python3-pip \
python3-protobuf \
rpm-build \
wget \
&& /usr/bin/python3 -B -m pip install 'tomli>=1.1.0' 'tomli-w>=0.4.0' 'meson>=0.56,!=1.2.*'

{% endblock %}
2 changes: 1 addition & 1 deletion templates/centos/stream/Dockerfile.compile.template
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ RUN dnf distro-sync -y \
gcc-c++ \
git \
httpd \
kernel-headers \
libcurl-devel \
make \
nasm \
Expand All @@ -36,7 +37,6 @@ RUN dnf distro-sync -y \
python3-pip \
python3-protobuf \
rpm-build \
wget \
yum-utils \
&& /usr/bin/python3 -B -m pip install 'tomli>=1.1.0' 'tomli-w>=0.4.0' 'meson>=0.56,!=1.2.*'

Expand Down
11 changes: 9 additions & 2 deletions templates/debian/Dockerfile.compile.template
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,14 @@
# NOTE: meson v1.2.* has a bug that leads to Gramine build failure because of not found `libcurl.a`
{% block install %}
{% set distro = Distro.split(':') %}

{%- if distro[0] == "debian" and distro[1] | int == 11 %}
# linux-libc-dev providing sgx.h is available in the debian bullseye-backports repo for debian 11
RUN echo 'deb http://deb.debian.org/debian bullseye-backports main' > /etc/apt/sources.list.d/backports.list \
&& env DEBIAN_FRONTEND=noninteractive apt-get update \
&& env DEBIAN_FRONTEND=noninteractive apt-get install -y -t bullseye-backports linux-libc-dev
{%- endif %}

RUN env DEBIAN_FRONTEND=noninteractive apt-get update \
&& env DEBIAN_FRONTEND=noninteractive apt-get install -y \
autoconf \
Expand All @@ -14,7 +22,7 @@ RUN env DEBIAN_FRONTEND=noninteractive apt-get update \
gawk \
git \
libprotobuf-c-dev \
linux-headers-generic \
linux-libc-dev \
nasm \
ninja-build \
pkg-config \
Expand All @@ -23,7 +31,6 @@ RUN env DEBIAN_FRONTEND=noninteractive apt-get update \
python3 \
python3-cryptography \
python3-protobuf \
wget \
# please see the comment in Dockerfile.build.template for explanation why this condition is needed
{%- if (distro[0] == "debian" and distro[1] | int >= 12) or
(distro[0] == "ubuntu" and distro[1] | int >= 23) %}
Expand Down
1 change: 0 additions & 1 deletion templates/redhat/ubi-minimal/Dockerfile.build.template
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ RUN rm -rf /etc/rhsm-host \
python3-protobuf \
python3-pyelftools \
python3-voluptuous \
wget \
which \
&& /usr/bin/python3 -B -m pip install click jinja2 \
'tomli>=1.1.0' 'tomli-w>=0.4.0' \
Expand Down
2 changes: 1 addition & 1 deletion templates/redhat/ubi-minimal/Dockerfile.compile.template
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ RUN rm -rf /etc/rhsm-host \
gcc-c++ \
git \
httpd \
kernel-headers \
libevent-devel \
make \
nasm \
Expand All @@ -43,7 +44,6 @@ RUN rm -rf /etc/rhsm-host \
python3-protobuf \
python3-voluptuous \
rpm-build \
wget \
&& /usr/bin/python3 -B -m pip install 'tomli>=1.1.0' 'tomli-w>=0.4.0' 'meson>=0.56,!=1.2.*'

{% endblock %}
1 change: 0 additions & 1 deletion templates/redhat/ubi/Dockerfile.build.template
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ RUN rm -rf /etc/rhsm-host \
python3-protobuf \
python3-pyelftools \
python3-voluptuous \
wget \
&& /usr/bin/python3 -B -m pip install click jinja2 \
'tomli>=1.1.0' 'tomli-w>=0.4.0' \
&& dnf repolist \
Expand Down
2 changes: 1 addition & 1 deletion templates/redhat/ubi/Dockerfile.compile.template
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ RUN rm -rf /etc/rhsm-host \
gcc-c++ \
git \
httpd \
kernel-headers \
libevent-devel \
make \
nasm \
Expand All @@ -43,7 +44,6 @@ RUN rm -rf /etc/rhsm-host \
python3-protobuf \
python3-voluptuous \
rpm-build \
wget \
&& /usr/bin/python3 -B -m pip install 'tomli>=1.1.0' 'tomli-w>=0.4.0' 'meson>=0.56,!=1.2.*'

{% endblock %}
2 changes: 1 addition & 1 deletion templates/suse/Dockerfile.compile.template
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ RUN SUSEConnect -p PackageHub/{{ver}}/x86_64 \
gcc11 \
gcc11-c++ \
git \
linux-glibc-devel \
libevent-devel \
libprotobuf-c-devel \
libprotobuf-c1 \
Expand All @@ -43,7 +44,6 @@ RUN SUSEConnect -p PackageHub/{{ver}}/x86_64 \
python3-protobuf \
python3-tomli \
rpm-build \
wget \
which \
&& /usr/bin/python3 -B -m pip install 'tomli-w>=0.4.0' \
&& update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 10 \
Expand Down