Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ported Veracruz to Linux #116

Merged
merged 1 commit into from
Nov 3, 2021
Merged

Ported Veracruz to Linux #116

merged 1 commit into from
Nov 3, 2021

Conversation

dominic-mulligan-arm
Copy link
Member

@dominic-mulligan-arm dominic-mulligan-arm commented Mar 29, 2021
edited
Loading

  • Linux Root Enclave implemented for co-ordinating spawning of application enclaves.
    Note most attestation-related material is actually handled by the Linux Root Enclave, rather
    than the application (runtime) enclave, as attestation for Linux is "fake"/insecure, and
    the Root enclave seems a more convenient place to put it.
  • Proxy attestation is using Derek's new CA-based attestation system.
  • New build targets of note: linux linux-veracruz-server-test linux-veracruz-client-test
    linux-veracruz-test linux-cli.
  • Added Linux buildspec to the CI configuration.
  • Minor rearrangement of material in veracruz-utils to accommodate Linux-related
    material. Note that Derek's recent changes, removing the Nitro root enclaves, has led
    to some duplication being reintroduced into veracruz-utils (owing to slight differences
    between the messages being sent to various enclaves in Linux/Nitro. When the Linux root
    enclave is removed (TODO) these duplications will be eliminated, streamlining this material.
  • Slight change in the naming of features in e.g. proxy-attestation-server to mark the
    fact that the TrustZone backend is now not the only backend using PSA attestation (even
    if it is "fake").

@dominic-mulligan-arm dominic-mulligan-arm added enhancement New feature or request trusted-veracruz-runtime Something related to the trusted Veracruz runtime attestation Something related to the Veracruz attestation process/service build-process Something related to the Veracruz build process labels Mar 29, 2021
@dominic-mulligan-arm dominic-mulligan-arm added this to the Veracruz as a Linux process milestone Mar 29, 2021
@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: 7ecab21
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: d516dd1
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: 3663685
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: fb6b398
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: f9901e3
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: ecfd9b7
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: 5534347
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: 957b754
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: 10a5b81
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: 6c12266
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: f63e358
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: 1b2afaa
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: e4cbb43
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: 00cdf86
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: e9bb223
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: f5f78df
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: 0547d71
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: 533584b
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: f35ecaf
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@dominic-mulligan-arm dominic-mulligan-arm changed the title WIP: added linux feature for runtime-manager module Ported Veracruz to Linux Aug 24, 2021
@veracruz-project-owner
Copy link
Contributor

AWS CodeBuild CI Report

  • CodeBuild project: Veracruz
  • Commit ID: b5c3fbf
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

ShaleXIONG
ShaleXIONG previously approved these changes Aug 25, 2021
View reviewed changes
linux-root-enclave/src/main.rs Outdated Show resolved Hide resolved
dreemkiller
dreemkiller requested changes Aug 30, 2021
View reviewed changes
linux-root-enclave/src/main.rs Outdated Show resolved Hide resolved
linux-root-enclave/src/main.rs Outdated Show resolved Hide resolved
linux-root-enclave/src/main.rs Outdated Show resolved Hide resolved
linux-root-enclave/src/main.rs Show resolved Hide resolved
linux-root-enclave/src/main.rs Show resolved Hide resolved
veracruz-server/Makefile Outdated Show resolved Hide resolved
veracruz-server/Makefile Outdated Show resolved Hide resolved
veracruz-server/src/lib.rs Show resolved Hide resolved
veracruz-server/src/veracruz_server_linux.rs Show resolved Hide resolved
veracruz-utils/src/platform/nitro/nitro.rs Show resolved Hide resolved
@dominic-mulligan-arm dominic-mulligan-arm force-pushed the runtime-manager-linux branch 7 times, most recently from c86ab91 to 7fc258b Compare September 3, 2021 08:39
@dominic-mulligan-arm dominic-mulligan-arm force-pushed the runtime-manager-linux branch 2 times, most recently from e4036b1 to 902bc28 Compare October 15, 2021 13:03
@dominic-mulligan-arm dominic-mulligan-arm force-pushed the runtime-manager-linux branch 2 times, most recently from 3cda5f7 to 2c7621a Compare October 22, 2021 10:50
@dominic-mulligan-arm dominic-mulligan-arm force-pushed the runtime-manager-linux branch 2 times, most recently from ce5d08d to b5e71e6 Compare November 1, 2021 15:09
@dominic-mulligan-arm
runtime-manager-linux: implemented Linux port of Veracruz using CA at…
72a4fb0 
…testation

- Linux Root Enclave implemented for co-ordinating spawning of application enclaves.
  Note most attestation-related material is actually handled by the Linux Root Enclave, rather
  than the application (runtime) enclave, as attestation for Linux is "fake"/insecure, and
  the Root enclave seems a more convenient place to put it.
- Proxy attestation is using Derek's new CA-based attestation system.
- New build targets of note: linux linux-veracruz-server-test linux-veracruz-client-test
  linux-veracruz-test linux-cli.
- Added Linux buildspec to the CI configuration.
- Minor rearrangement of material in veracruz-utils to accommodate Linux-related
  material.  Note that Derek's recent changes, removing the Nitro root enclaves, has led
  to some duplication being reintroduced into veracruz-utils (owing to slight differences
  between the messages being sent to various enclaves in Linux/Nitro.  When the Linux root
  enclave is removed (TODO) these duplications will be eliminated, streamlining this material.
- Slight change in the naming of features in e.g. proxy-attestation-server to mark the
  fact that the TrustZone backend is now not the only backend using PSA attestation (even
  if it is "fake").
@dominic-mulligan-arm
Copy link
Member Author

+1+1 = +1 reached, merging.

@dominic-mulligan-arm dominic-mulligan-arm merged commit d6210f4 into veracruz-project:main Nov 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geky geky geky left review comments

@mathias-arm mathias-arm mathias-arm approved these changes

@dreemkiller dreemkiller dreemkiller approved these changes

@ShaleXIONG ShaleXIONG ShaleXIONG left review comments

Assignees
No one assigned
Labels
attestation Something related to the Veracruz attestation process/service build-process Something related to the Veracruz build process enhancement New feature or request trusted-veracruz-runtime Something related to the trusted Veracruz runtime
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dominic-mulligan-arm @veracruz-project-owner @geky @dreemkiller @ShaleXIONG @mathias-arm