Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: create unified libOS+enclave bundle #270

Merged
merged 2 commits into from
Dec 18, 2023
Merged

build: create unified libOS+enclave bundle #270

merged 2 commits into from
Dec 18, 2023

Conversation

mythi
Copy link
Contributor

@mythi mythi commented Nov 1, 2023
edited
Loading

Fixes: #212
Fixes: #128

@mythi mythi mentioned this pull request Nov 1, 2023
Closed
@mythi mythi marked this pull request as ready for review November 9, 2023 10:04
@mythi mythi requested a review from a team as a code owner November 9, 2023 10:04
@mythi
Copy link
Contributor Author

mythi commented Nov 9, 2023

I believe we could get this bigger restructuring/build optimization merged.

@mythi mythi force-pushed the single-bundle branch 3 times, most recently from cc585a2 to c32bc34 Compare November 15, 2023 10:25
@mythi mythi changed the title build: create unified libOS bundle build: create unified libOS+enclave bundle Nov 15, 2023
@mythi
Copy link
Contributor Author

mythi commented Nov 15, 2023

@dcmiddle @piotrpalcz this PR implements significant (IMO) simplifications to the enclave-cc stack. It now unifies the two "bundles" into one. In addition, my POC to unify the agent-enclave and app-enclave functionality into a single enclave also seems to work. This would allow us to experiment with sealing policies based on MRenclave.

@dcmiddle
Copy link
Member

Non blocking question... in tools/packaging/build/unified-bundle/ I can't tell what the original intent was of enclave-agent-cc-kbc.yaml nor enclave-agent-sample-kbc.yaml
They are identical files and I can't find references to them elsewhere in coco.

@mythi
Copy link
Contributor Author

mythi commented Nov 21, 2023

I can't tell what the original intent was of enclave-agent-cc-kbc.yaml nor enclave-agent-sample-kbc.yaml

we used to have a third copy for eaa-kbc that was different. that was removed but the KBC build arg was kept.

@piotrpalcz
Copy link
Contributor

LGTM, tested and working

@mythi mythi merged commit ca3d88f into confidential-containers:main Dec 18, 2023
8 checks passed
mythi added a commit to mythi/enclave-cc that referenced this pull request Aug 22, 2024
@mythi
init: fix syscall parameters
006423a 
PR confidential-containers#270 combined the boot-instance and agent-instance in one
but the modifications to "init" missed some syscall() parameters
to Occlum.

SYS_MOUNT_FS takes two parameters so add the missing one.

Signed-off-by: Mikko Ylinen <[email protected]>
@mythi mythi mentioned this pull request Aug 22, 2024
Closed
mythi added a commit to mythi/enclave-cc that referenced this pull request Aug 26, 2024
@mythi
init: fix syscall parameters
05df2a0 
PR confidential-containers#270 combined the boot-instance and agent-instance in one
but the modifications to "init" missed some syscall() parameters
to Occlum.

SYS_MOUNT_FS takes two parameters so add the missing one.

Signed-off-by: Mikko Ylinen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dcmiddle dcmiddle dcmiddle approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@mythi @dcmiddle @piotrpalcz