Skip to content
This repository was archived by the owner on Feb 18, 2026. It is now read-only.

Kernel filesystem change #663

Open
ShaleXIONG wants to merge 36 commits into
base: main
Choose a base branch
from
Open

Kernel filesystem change #663

Changes from 1 commit
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
ede4113
Update the rust toolchain to 1.70.
ShaleXIONG Jul 25, 2023
b7eba4c
Update the lolrpop version.
ShaleXIONG Jul 25, 2023
e7de1ee
Update the wasmtime and wasmi version.
ShaleXIONG Jul 25, 2023
e4709b4
Use the kernal file system in wasmtime, and wire into freestanding ex…
ShaleXIONG Aug 22, 2023
49ecc60
Remove the vfs but use the kernel filesystem.
ShaleXIONG Sep 5, 2023
688e02d
update the example to use relative path.
ShaleXIONG Sep 28, 2023
e5b23f8
Rework on the engine and related, use the kernel file system.
ShaleXIONG Oct 2, 2023
e133c37
Update the makefiles for the new engine.
ShaleXIONG Oct 2, 2023
ffdb9a6
Remove appending the root `/` in veracruz client when calling write f…
ShaleXIONG Oct 3, 2023
f1fcfe6
Update the test suite on the engine rework.
ShaleXIONG Oct 3, 2023
fa0e80d
Fix a big in wrong import in freestanding.
ShaleXIONG Oct 3, 2023
02aa1d6
Temporarily comment out the test case for native module.
ShaleXIONG Oct 3, 2023
ec25967
Update all the cargo.toml file.
ShaleXIONG Oct 4, 2023
ade56f7
Rework on the permission check for (remote) clients.
ShaleXIONG Oct 6, 2023
b304a68
Remove dead code and unifies Cargo.toml.
ShaleXIONG Oct 6, 2023
a7aea77
Rework on the native module interface using the linux named pipeline.
ShaleXIONG Nov 1, 2023
b943904
Check the execution permission in the execution engine before running.
ShaleXIONG Nov 1, 2023
04fd9c2
Rework and simplify on the Sandbox for native binary.
ShaleXIONG Nov 24, 2023
67bd9ce
Fix a bug caused by type check of policy.
ShaleXIONG Nov 24, 2023
5a57695
Rework on the generate policy, use derive from clap.
ShaleXIONG Nov 24, 2023
f817133
Add the missing program hash when generating policy.
ShaleXIONG Nov 24, 2023
0e3054e
Update the generate policy script
ShaleXIONG Nov 24, 2023
445ce36
Fix a bug due to whitespace in policy generation.
ShaleXIONG Nov 24, 2023
8e3b2eb
Remove the application code for fd_create, which is no longer used.
ShaleXIONG Nov 27, 2023
786af80
Update the machnism to load internal native module by matching name.
ShaleXIONG Nov 28, 2023
0e12d5a
Generate the spec of the native service in the policy.
ShaleXIONG Nov 28, 2023
93913c3
Add the missing `Execution` Trait definition.
ShaleXIONG Nov 28, 2023
3f14c48
Remove an unused mod in execution-engine.
ShaleXIONG Nov 30, 2023
01caffe
Fix the quickstart test in the CI.
ShaleXIONG Dec 4, 2023
31f96a5
Update the shamir example.
ShaleXIONG Dec 4, 2023
8e1ee26
Update Cargo.lock.
ShaleXIONG Dec 8, 2023
7f66daf
TEST minor
ShaleXIONG Dec 7, 2023
258dc1f
Fix the directory mapping in Sandbox.
ShaleXIONG Jan 29, 2024
854c975
fix a merge mistake
ShaleXIONG Apr 2, 2024
dbea580
update cargo.lock
ShaleXIONG Apr 3, 2024
f825222
update the CI script.
ShaleXIONG Apr 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update the generate policy script
  • Loading branch information
@ShaleXIONG
ShaleXIONG committed Apr 5, 2024
commit 0e3054e44efff3f8e57093118f93f4b3cb3bdc98
43 changes: 18 additions & 25 deletions workspaces/shared.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@ WASM_PROG_LIST = random-source.wasm \
random-u32-list.wasm \
shamir-secret-sharing.wasm \
sort-numbers.wasm \
fd-create.wasm \
aesctr-native.wasm

WASM_PROG_FILES = $(patsubst %.wasm, $(OUT_DIR)/%.wasm, $(WASM_PROG_LIST))
Expand Down Expand Up @@ -118,7 +117,6 @@ endif

POLICY_FILES ?= \
single_client.json \
single_client_no_debug.json \
dual_policy.json \
dual_parallel_policy.json \
triple_policy_1.json \
Expand All @@ -141,9 +139,10 @@ CREDENTIALS = $(CA_CRT) $(CLIENT_CRT) $(PROGRAM_CRT) $(DATA_CRT) $(RESULT_CRT) $

PGEN_COMMON_PARAMS =

CLIENT_WRITE_PROG_CAPABILITY = "./input/ : $(WRITE_RIGHT), ./output/ : $(READ_RIGHT), $(PROGRAM_DIR) : $(WRITE_EXECUTE_RIGHT), /tmp/ : $(READ_WRITE_RIGHT)"
CLIENT_READ_PROG_CAPABILITY = "./input/ : $(WRITE_RIGHT), ./output/ : $(READ_RIGHT), $(PROGRAM_DIR) : $(OPEN_EXECUTE_RIGHT), /tmp/ : $(READ_WRITE_RIGHT)"
DEFAULT_PROGRAM_LIST = $(foreach prog_name,$(WASM_PROG_FILES),--program-binary $(PROGRAM_DIR)$(notdir $(prog_name))=$(prog_name) --capability "./input/ : $(READ_RIGHT), ./output/ : $(READ_WRITE_RIGHT), /tmp/ : $(READ_WRITE_RIGHT)")
CLIENT_WRITE_PROG_CAPABILITY = "./input/:$(WRITE_RIGHT),./output/:$(READ_RIGHT),$(PROGRAM_DIR):$(WRITE_EXECUTE_RIGHT),/tmp/:$(READ_WRITE_RIGHT)"
CLIENT_READ_PROG_CAPABILITY = "./input/:$(WRITE_RIGHT),./output/:$(READ_RIGHT),$(PROGRAM_DIR):$(OPEN_EXECUTE_RIGHT),/tmp/:$(READ_WRITE_RIGHT)"
DEFAULT_PROGRAM_LIST = $(foreach prog_name,$(WASM_PROG_FILES),--program-binary "$(PROGRAM_DIR)$(notdir $(prog_name))=$(prog_name) => ./input/:$(READ_RIGHT),./output/:$(READ_WRITE_RIGHT),/tmp/:$(READ_WRITE_RIGHT)")
DEFAULT_NATIVE_MODULE_LIST = --service "Postcard Service => /services/postcard_string.dat" --service "Postcard Service => /services/postcard_string.dat"

MAX_MEMORY_MIB = 256
DEFAULT_FLAGS = --proxy-attestation-server-ip 127.0.0.1:3010 \
Expand All @@ -153,33 +152,27 @@ DEFAULT_FLAGS = --proxy-attestation-server-ip 127.0.0.1:3010 \
--max-memory-mib $(MAX_MEMORY_MIB)

$(OUT_DIR)/single_client.json: $(PGEN) $(CREDENTIALS) $(WASM_PROG_FILES) $(RUNTIME_ENCLAVE_BINARY_PATH)
cd $(OUT_DIR) ; $(PGEN) --certificate $(CLIENT_CRT) --capability $(CLIENT_WRITE_PROG_CAPABILITY) \
cd $(OUT_DIR) ; $(PGEN) --certificate "$(CLIENT_CRT) => $(CLIENT_WRITE_PROG_CAPABILITY)" \
$(DEFAULT_PROGRAM_LIST) \
--pipeline "$(PROGRAM_DIR)random-u32-list.wasm ; if ./output/unsorted_numbers.txt { $(PROGRAM_DIR)sort-numbers.wasm ; }" --capability "./input/ : $(READ_RIGHT), ./output/ : $(READ_WRITE_RIGHT), ./services/ : $(READ_WRITE_RIGHT)" \
--pipeline "$(PROGRAM_DIR)random-u32-list.wasm ; if ./output/unsorted_numbers.txt { $(PROGRAM_DIR)sort-numbers.wasm ; } => ./input/:$(READ_RIGHT),./output/:$(READ_WRITE_RIGHT),./services/:$(READ_WRITE_RIGHT)" \
$(DEFAULT_NATIVE_MODULE_LIST) \
--veracruz-server-ip 127.0.0.1:3011 \
$(DEFAULT_FLAGS) \
--output-policy-file $@

$(OUT_DIR)/single_client_no_debug.json: $(PGEN) $(CREDENTIALS) $(WASM_PROG_FILES) $(RUNTIME_ENCLAVE_BINARY_PATH)
cd $(OUT_DIR) ; $(PGEN) --certificate $(CLIENT_CRT) --capability $(CLIENT_WRITE_PROG_CAPABILITY) \
${DEFAULT_PROGRAM_LIST} \
--veracruz-server-ip 127.0.0.1:3011 \
$(DEFAULT_FLAGS) \
--output-policy-file $@

$(OUT_DIR)/dual_policy.json: $(PGEN) $(CREDENTIALS) $(WASM_PROG_FILES) $(RUNTIME_ENCLAVE_BINARY_PATH)
cd $(OUT_DIR) ; $(PGEN) \
--certificate $(PROGRAM_CRT) --capability "$(PROGRAM_DIR) : $(WRITE_EXECUTE_RIGHT)" \
--certificate $(DATA_CRT) --capability "./input/ : $(WRITE_RIGHT), ./output/ : $(READ_RIGHT)" \
--certificate "$(PROGRAM_CRT) => $(PROGRAM_DIR) : $(WRITE_EXECUTE_RIGHT)" \
--certificate "$(DATA_CRT) => ./input/ : $(WRITE_RIGHT), ./output/ : $(READ_RIGHT)" \
$(DEFAULT_PROGRAM_LIST) \
--veracruz-server-ip 127.0.0.1:3012 \
$(DEFAULT_FLAGS) \
--output-policy-file $@

$(OUT_DIR)/dual_parallel_policy.json: $(PGEN) $(CREDENTIALS) $(WASM_PROG_FILES) $(RUNTIME_ENCLAVE_BINARY_PATH)
cd $(OUT_DIR) ; $(PGEN) \
--certificate $(PROGRAM_CRT) --capability "$(PROGRAM_DIR) : $(WRITE_EXECUTE_RIGHT)" \
--certificate $(DATA_CRT) --capability $(CLIENT_READ_PROG_CAPABILITY) \
--certificate "$(PROGRAM_CRT) => $(PROGRAM_DIR) : $(WRITE_EXECUTE_RIGHT)" \
--certificate "$(DATA_CRT) => $(CLIENT_READ_PROG_CAPABILITY)" \
$(DEFAULT_PROGRAM_LIST) \
--veracruz-server-ip 127.0.0.1:3013 \
$(DEFAULT_FLAGS) \
Expand All @@ -188,20 +181,20 @@ $(OUT_DIR)/dual_parallel_policy.json: $(PGEN) $(CREDENTIALS) $(WASM_PROG_FILES)
# Generate all the triple policy but on different port.
$(OUT_DIR)/triple_policy_%.json: $(PGEN) $(CREDENTIALS) $(WASM_PROG_FILES) $(RUNTIME_ENCLAVE_BINARY_PATH)
cd $(OUT_DIR) ; $(PGEN) \
--certificate $(PROGRAM_CRT) --capability "$(PROGRAM_DIR) : $(WRITE_EXECUTE_RIGHT)" \
--certificate $(DATA_CRT) --capability $(CLIENT_READ_PROG_CAPABILITY) \
--certificate $(RESULT_CRT) --capability $(CLIENT_READ_PROG_CAPABILITY) \
--certificate "$(PROGRAM_CRT) => $(PROGRAM_DIR) : $(WRITE_EXECUTE_RIGHT)" \
--certificate "$(DATA_CRT) => $(CLIENT_READ_PROG_CAPABILITY)" \
--certificate "$(RESULT_CRT) => $(CLIENT_READ_PROG_CAPABILITY)" \
$(DEFAULT_PROGRAM_LIST) \
--veracruz-server-ip 127.0.0.1:$(shell echo "3020 + $*" | bc) \
$(DEFAULT_FLAGS) \
--output-policy-file $@

$(OUT_DIR)/quadruple_policy.json: $(PGEN) $(CREDENTIALS) $(WASM_PROG_FILES) $(RUNTIME_ENCLAVE_BINARY_PATH)
cd $(OUT_DIR) ; $(PGEN) \
--certificate $(PROGRAM_CRT) --capability "$(PROGRAM_DIR) : $(WRITE_EXECUTE_RIGHT)" \
--certificate $(DATA_CRT) --capability $(CLIENT_READ_PROG_CAPABILITY) \
--certificate $(NEVER_CRT) --capability $(CLIENT_READ_PROG_CAPABILITY) \
--certificate $(RESULT_CRT) --capability $(CLIENT_READ_PROG_CAPABILITY) \
--certificate "$(PROGRAM_CRT) => $(PROGRAM_DIR) : $(WRITE_EXECUTE_RIGHT)" \
--certificate "$(DATA_CRT) => $(CLIENT_READ_PROG_CAPABILITY)" \
--certificate "$(NEVER_CRT) => $(CLIENT_READ_PROG_CAPABILITY)" \
--certificate "$(RESULT_CRT) => $(CLIENT_READ_PROG_CAPABILITY)" \
$(DEFAULT_PROGRAM_LIST) \
--veracruz-server-ip 127.0.0.1:3030 \
$(DEFAULT_FLAGS) \
Expand Down