These 8 commits are when the Protocol Buffers files have changed:
| Commit: | 5789620 | |
|---|---|---|
| Author: | Wojtek Porczyk | |
| Committer: | Wojtek Porczyk | |
Remove support for OOT (out-of-tree) SGX driver Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
The documentation is generated from this commit.
| Commit: | 6b90c1c | |
|---|---|---|
| Author: | Jakub Kądziołka | |
| Committer: | Dmitrii Kuvaiskii | |
[python] Compile aesm_pb2.py during build Keeping the compiled protobuf output in the repository is a dirty hack, which has finally started to break because of some breaking changes made by protobuf's upstream. Do this properly instead. Signed-off-by: Jakub Kądziołka <niedzejkob@invisiblethingslab.com>
| Commit: | c1e2ffd | |
|---|---|---|
| Author: | Paweł Marczewski | |
| Committer: | Paweł Marczewski | |
[Pal/Linux-SGX] Switch fully to Meson This removes remaining parts of `Pal/Linux-SGX` handled by Make: AESM protobuf code, and SGX GDB integration. As a result, we can get rid of Makefiles for building PAL. Signed-off-by: Paweł Marczewski <pawel@invisiblethingslab.com>
| Commit: | f7e2a77 | |
|---|---|---|
| Author: | Dmitrii Kuvaiskii | |
| Committer: | Dmitrii Kuvaiskii | |
Rename Graphene to Gramine The name "Graphene" was deemed too common, could be impossible to trademark, and collided with several other software projects. Thus, a new name "Gramine" was chosen. Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
| Commit: | 358d63e | |
|---|---|---|
| Author: | Chia-Che Tsai | |
| Committer: | Michał Kowalczyk | |
First commit Contains a squash of commits 791facb646cc9434afac8e2fa8bf19ae37cf84fc..7262d6000e85258666a9547bcc0474a80bdd7616 (inclusive) from the original repository (https://github.com/oscarlab/graphene). The reason for the squash is reducing the total size of our repository. In the original repository, until June 2019, we had binary blobs and whole sources for example applications committed to it, which bloated the total repository size to ~390 MiB. With this squash, the total repository size is 20 MiB. Unfortunately, this erases the early commit history of the project. But it shouldn't matter too much, because before 2019 the commits rarely contained any useful descriptions. Anyways, in case one wants to check it, the old repo will still be available unchanged. The squashed commits span the timeframe from March 2014 till June 2019 and originate from 25 authors: (sorted by the number of commits) 175 Chia-Che Tsai <chitsai@cs.stonybrook.edu>/<chiache@tamu.edu>/<chia-che.tsai@intel.com>/<chiache@cs.berkeley.edu> 168 Don Porter <porter@cs.unc.edu> 127 Isaku Yamahata <isaku.yamahata@gmail.com> 58 Simon Gaiser <simon@invisiblethingslab.com> 40 Michał Kowalczyk <mkow@invisiblethingslab.com> 26 Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com> 19 Gary <gang1.wang@intel.com> 14 Rafał Wojdyła <omeg@invisiblethingslab.com> 10 Li Lei <li.lei@intel.com>/<llei.fft@gmail.com> 7 Adrian Dombeck <adrian.dombeck@rub.de> 7 Zhang Chen <chen.zhang@intel.com> 4 smherwig <smherwig@cs.umd.edu> 3 woachk <mmediouni@gmx.fr> 3 woonhak <woonhak.kang@gmail.com> 2 Jaehyun Han <jaehyun@cs.unc.edu> 2 Neil Davis <neilbd10@gmail.com> 2 Thomas Knauth <thomas.knauth@intel.com> 2 Wang, Gang <qichfan@gmail.com> 1 Amogh Akshintala <aakshintala@cs.stonybrook.edu> 1 Biao Lu <biao.lu@intel.com> 1 Igor <i.zavalishin@gmail.com> 1 Jat <jat@sinosky.org> 1 Jo Van Bulck <jo.vanbulck@cs.kuleuven.be> 1 SCrusader <theunrealtinman@gmail.com> 1 Victor <lacabra@users.noreply.github.com> To recreate/verify this exact commit, do the following: (in Bash) # prepare squashed branch in the old repo LAST_MIGRATED_COMMIT=33a68bc4302891e8c591570942bc39394acefd23 LAST_SQUASHED_COMMIT=7262d6000e85258666a9547bcc0474a80bdd7616 git checkout $LAST_SQUASHED_COMMIT git checkout --orphan new_master_pre GIT_COMMITTER_NAME='Michał Kowalczyk' \ GIT_COMMITTER_EMAIL='mkow@invisiblethingslab.com' \ GIT_COMMITTER_DATE='Mon Sep 6 14:12:29 2021 +0200' \ git commit --date='Mon Jun 10 15:22:26 2019 -0400' --author='Chia-Che Tsai <chitsai@cs.stonybrook.edu>' # migrate newer commits to it git checkout -b new_master $LAST_MIGRATED_COMMIT # contrary to cherry-pick, filter-branch preserves the original committer information git filter-branch --parent-filter "sed \"s/-p $LAST_SQUASHED_COMMIT/-p $(git log -n1 --pretty=format:%H new_master_pre)/\"" $LAST_SQUASHED_COMMIT..HEAD git push --set-upstream oscarlab new_master # in the new repo git init . git remote add old_repo https://github.com/oscarlab/graphene.git git fetch old_repo new_master git merge old_repo/new_master After these you should hopefully arrive at exactly the same commit hash as this one. If not, you can try using git 2.20.1 or 2.33.0 (these versions were tested by us). The squash was done/supervised by Dmitrii Kuvaiskii, Michał Kowalczyk, Borys Popławski and Paweł Marczewski. Co-authored-by: Don Porter <porter@cs.unc.edu> Co-authored-by: Isaku Yamahata <isaku.yamahata@gmail.com>
| Commit: | d5ad428 | |
|---|---|---|
| Author: | Wojtek Porczyk | |
| Committer: | Wojtek Porczyk | |
[meson] Install graphene-sgx-get-token (former pal-sgx-get-token)
| Commit: | 3279065 | |
|---|---|---|
| Author: | Dmitrii Kuvaiskii | |
| Committer: | Dmitrii Kuvaiskii | |
[LibOS,Pal/Linux-SGX] Allow DkAttestationQuote() to get SGX DCAP quote Previously, DkAttestationQuote() was able to retrieve only EPID based SGX quotes (with explicit messages to talk to AESM via Google Protobuf). This commit allows DkAttestationQuote() to retrieve ECDSA/DCAP based SGX quotes (so-called version 3). This is implemented via new Protobuf messages to talk to AESM (with "_ex" suffix). Since DCAP based attestation doesn't require SPID and linkable, we introduce a new manifest syntax `sgx.remote_attestation`. To enable DCAP attestation, it is enough to set `sgx.remote_attestation = 1`. The `attestation` LibOS test works both with EPID and DCAP based attestations and retrieves quotes v2 (EPID) and v3 (ECDSA/DCAP).
| Commit: | acbf727 | |
|---|---|---|
| Author: | Chia-Che Tsai | |
| Committer: | Dmitrii Kuvaiskii | |
[Pal/Linux-SGX] Simple remote attestation framework This is the minimalistic implementation of the remote attestation framework. The framework conducts the following steps during start-up to verify the authenticity of the SGX platform: 1. Connect to aesmd service to retrieve platform info (targetinfo) of the Quoting Enclave (QE) before enclave creation. 2. Prepare the SGX report inside enclave (during initialization): - Read SPID (service provider ID) from sgx.ra_client_spid in manifest. - Get an SGX report for local attestation to QE. - Generate a random 16-byte nonce for freshness. - Perform an OCALL for retrieving the quote. 3. Gather attestation data (QE report, QE quote, IAS report, signature, certificate chain) outside of enclave: - Connect to aesmd to retrieve the QE quote; aesmd also returns QE report. - Connect to Intel Attestation Service using curl. A client subscription key (specified via sgx.ra_client_key in manifest) is required to authenticate the HTTPS connection. - Get the IAS report, signature, and certificate chain from IAS. Print out the attestation result. - Return all this attestation data back to the enclave.