From 8a478a168327a65092e10ed13558b9d845fe753c Mon Sep 17 00:00:00 2001
From: Heyang Sun <60865256+Uxito-Ada@users.noreply.github.com>
Date: Thu, 8 Sep 2022 14:45:26 +0800
Subject: [PATCH] [PPML] Fix EHSM 0.3.0 create enclave failure (#5683)

Co-authored-by: glorysdj <glorysdj@gmail.com>
---
 .../pccs-ehsm/kubernetes/templates/bigdl-pccs-ehsm-kms.yaml   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ppml/services/pccs-ehsm/kubernetes/templates/bigdl-pccs-ehsm-kms.yaml b/ppml/services/pccs-ehsm/kubernetes/templates/bigdl-pccs-ehsm-kms.yaml
index b7750cfed38..3bd9d20cf5e 100644
--- a/ppml/services/pccs-ehsm/kubernetes/templates/bigdl-pccs-ehsm-kms.yaml
+++ b/ppml/services/pccs-ehsm/kubernetes/templates/bigdl-pccs-ehsm-kms.yaml
@@ -130,8 +130,10 @@ spec:
       containers:
       - name: dkeyserver
         image: {{ .Values.dkeyserverImageName }}
+        securityContext:
+          privileged: true
         imagePullPolicy: IfNotPresent
-        command: ['sh' , '-c','if [ -c "/dev/sgx/enclave" ]; then echo "/dev/sgx/enclave is ready";elif [ -c "/dev/sgx_enclave" ]; then echo "/dev/sgx/enclave not ready, try to link to /dev/sgx_enclave"; mkdir -p /dev/sgx; ln -s /dev/sgx_enclave /dev/sgx/enclave; else echo "both /dev/sgx/enclave /dev/sgx_enclave are not ready, please check the kernel and driver";fi; if [ -c "/dev/sgx/provision" ]; then echo "/dev/sgx/provision is ready";elif [ -c "/dev/sgx_provision" ]; then echo "/dev/sgx/provision not ready, try to link to /dev/sgx_provision";mkdir -p /dev/sgx;ln -s /dev/sgx_provision /dev/sgx/provision;else echo "both /dev/sgx/provision /dev/sgx_provision are not ready, please check the kernel and driver";fi;sleep 30; curl -v -k -G -w "%{http_code}" "http://{{ .Values.pccsIP }}:18081/sgx/certification/v3/rootcacrl";  bash /home/start_dkeyserver.sh']
+        command: ['sh' , '-c','if [ -c "/dev/sgx/enclave" ]; then echo "/dev/sgx/enclave is ready";elif [ -c "/dev/sgx_enclave" ]; then echo "/dev/sgx/enclave not ready, try to link to /dev/sgx_enclave"; mkdir -p /dev/sgx; ln -s /dev/sgx_enclave /dev/sgx/enclave; else echo "both /dev/sgx/enclave /dev/sgx_enclave are not ready, please check the kernel and driver";fi; if [ -c "/dev/sgx/provision" ]; then echo "/dev/sgx/provision is ready";elif [ -c "/dev/sgx_provision" ]; then echo "/dev/sgx/provision not ready, try to link to /dev/sgx_provision";mkdir -p /dev/sgx;ln -s /dev/sgx_provision /dev/sgx/provision;else echo "both /dev/sgx/provision /dev/sgx_provision are not ready, please check the kernel and driver";fi;sleep 30; curl -v -k -G -w "%{http_code}" "https://{{ .Values.pccsIP }}:18081/sgx/certification/v3/rootcacrl";  bash /home/start_dkeyserver.sh']
         volumeMounts:
         - mountPath: /dev/sgx/enclave
           name: dev-enclave