Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat cckbc #146

Merged
merged 4 commits into from
May 11, 2023
Merged

Feat cckbc #146

merged 4 commits into from
May 11, 2023

Conversation

Xynnn007
Copy link
Member

@Xynnn007 Xynnn007 commented May 4, 2023

Related to #120

This PR:

  • Added Add build features for both attestation-agent/eaa-kbc and attestation-agent/cc-kbc for agent-enclave
  • Update CI to cover cc-kbc & occlum

@Xynnn007 Xynnn007 force-pushed the feat-cckbc branch 18 times, most recently from 819d2f7 to c6a6495 Compare May 6, 2023 06:49
Xynnn007 added 2 commits May 9, 2023 14:18
@Xynnn007
enclave-agent: add cc-kbc features
1c3b1be 
Added four new features to replace old `default` feature:

- eaa-kbc-rustls-tls: use eaa-kbc to inject confidential resources. All
stacks are based on rustls (purely rust without openssl)

- eaa-kbc-native-tls: use eaa-kbc to inject confidential resources. All
stacks are based on openssl

- cc-kbc-rustls-tls: use cc-kbc to inject confidential resources. All
stacks are based on rustls (purely rust without openssl)

- cc-kbc-native-tls: use cc-kbc to inject confidential resources. All
stacks are based on openssl

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
@Xynnn007
ci: update CI for cc-kbc
62568b5 
Added CI tests for cc-kbc & occlum. The test will only cover HW mode.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
@Xynnn007 Xynnn007 marked this pull request as ready for review May 9, 2023 07:33
@Xynnn007 Xynnn007 requested a review from a team as a code owner May 9, 2023 07:33
mythi
mythi reviewed May 9, 2023
View reviewed changes
Copy link
Contributor

@mythi mythi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is nice work. I only have one comment about what we publish as default for HW and SIM

tools/packaging/build/agent-enclave-bundle/Dockerfile Show resolved Hide resolved
@Xynnn007
packaging: conditional rats-tls build for agent-enclave
82d0a6e 
Now rats-tls will only be built and installed inside the agent-enclave
bundle when the docker build arg `KBC` is set to `eaa-kbc`

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
@Xynnn007
ci: payload build
0a49b68 
We now have three enclave-cc payload builds:
- sample-kbc in SIM sgx modee
- eaa-kbc in HW sgx mode
- cc-kbc (occlum) in HW sgx mode

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
mythi
mythi reviewed May 11, 2023
View reviewed changes
src/enclave-agent/Cargo.toml Show resolved Hide resolved
src/enclave-agent/Makefile Show resolved Hide resolved
@mythi mythi merged commit ce9c171 into confidential-containers:main May 11, 2023
@Xynnn007 Xynnn007 deleted the feat-cckbc branch May 12, 2023 06:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mythi mythi mythi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Xynnn007 @mythi