-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #13 from AliyunContainerService/samples
Add samples: hello_world
- Loading branch information
Showing
14 changed files
with
646 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
FROM alibabatee/centos_sgx:7 | ||
|
||
COPY src/hello_world src/enclave.signed.so /app/ | ||
|
||
WORKDIR /app | ||
|
||
ENTRYPOINT ["/app/hello_world"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
TARGET_IMAGE ?= hello_world | ||
|
||
.PHONY: clean | ||
clean: | ||
@echo "PHASE: Cleaning ..." | ||
cd src/ && make clean | ||
|
||
.PHONY: build | ||
build: | ||
@echo "PHASE: Building hello_world ..." | ||
cd src/ && make clean && make | ||
|
||
.PHONY: image | ||
image: build | ||
@echo "PHASE: Building image $(TARGET_IMAGE) ..." | ||
docker build -t $(TARGET_IMAGE) . | ||
|
||
.PHONY: | ||
lint: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
# hello_world | ||
|
||
`hello_world` is a sample application which demonstrates how to develop and run a SGX application inside docker or | ||
kubernetes(ACK-TEE), printing messages periodically. | ||
|
||
## Build image | ||
This step will build application and then pack it into an image. | ||
```bash | ||
cd sgx-device-plugin/samples/hello_world | ||
TARGET_IMAGE=sgx_hello_world make image | ||
``` | ||
|
||
## Run it in docker | ||
|
||
```bash | ||
docker run -d --name=my_sgx_hello_world --dievice=/dev/isgx -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket sgx_hello_world | ||
docker logs -f my_sgx_hello_world | ||
``` | ||
|
||
|
||
## Run it in Kubernetes(ACK-TEE) | ||
|
||
```bash | ||
cat <<EOF | kubectl --kubeconfig kubeconfig create -f - | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: helloworld | ||
namespace: default | ||
spec: | ||
replicas: 2 | ||
selector: | ||
matchLabels: | ||
app: helloworld | ||
template: | ||
metadata: | ||
labels: | ||
app: helloworld | ||
spec: | ||
containers: | ||
- command: | ||
- /app/hello_world | ||
image: {{TARGET_IMAGE}} | ||
imagePullPolicy: Always | ||
name: helloworld | ||
resources: | ||
limits: | ||
cpu: 250m | ||
memory: 512Mi | ||
alibabacloud.com/sgx_epc_MiB: 2 | ||
volumeMounts: | ||
- mountPath: /var/run/aesmd/aesm.socket | ||
name: aesmsocket | ||
volumes: | ||
- hostPath: | ||
path: /var/run/aesmd/aesm.socket | ||
type: Socket | ||
name: aesmsocket | ||
EOF | ||
``` | ||
|
||
## Clean | ||
|
||
```bash | ||
cd sgx-device-plugin/samples/hello_world | ||
make clean | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
#include <stdio.h> | ||
#include <string.h> | ||
#include <assert.h> | ||
|
||
#include <time.h> | ||
#include <ctime> | ||
|
||
# include <unistd.h> | ||
# include <pwd.h> | ||
# define MAX_PATH FILENAME_MAX | ||
|
||
#include "sgx_urts.h" | ||
#include "App.h" | ||
#include "Enclave_u.h" | ||
|
||
/* Global EID shared by multiple threads */ | ||
sgx_enclave_id_t global_eid = 0; | ||
|
||
int initialize_enclave(void) | ||
{ | ||
sgx_status_t ret = SGX_ERROR_UNEXPECTED; | ||
|
||
char enclavefile[256]; | ||
getcwd(enclavefile, sizeof(enclavefile)); | ||
strcat(enclavefile, "/enclave.signed.so"); | ||
|
||
/* Call sgx_create_enclave to initialize an enclave instance */ | ||
/* Debug Support: set 2nd parameter to 1 */ | ||
ret = sgx_create_enclave(enclavefile, SGX_DEBUG_FLAG, NULL, NULL, &global_eid, NULL); | ||
if (ret != SGX_SUCCESS) { | ||
printf("Failed to create enclave, ret code: %d, enclave file: %s\n", ret, enclavefile); | ||
return -1; | ||
} | ||
|
||
return 0; | ||
} | ||
|
||
tm* get_time() { | ||
time_t rawtime; | ||
struct tm * timeinfo; | ||
time ( &rawtime ); | ||
timeinfo = localtime ( &rawtime ); | ||
return timeinfo; | ||
} | ||
|
||
/* Application entry */ | ||
int SGX_CDECL main(int argc, char *argv[]) | ||
{ | ||
(void)(argc); | ||
(void)(argv); | ||
|
||
const size_t max_buf_len = 100; | ||
char buffer[max_buf_len] = {0}; | ||
|
||
|
||
/* Initialize the enclave */ | ||
if(initialize_enclave() < 0){ | ||
printf("Enter a character before exit ...\n"); | ||
getchar(); | ||
return -1; | ||
} | ||
|
||
/* Enclave calls */ | ||
while(1) { | ||
ecall_hello_from_enclave(global_eid, buffer, max_buf_len); | ||
|
||
printf("%s%s\n", asctime(get_time()), buffer); | ||
fflush(stdout); | ||
|
||
sleep(1); | ||
} | ||
|
||
/* Destroy the enclave */ | ||
sgx_destroy_enclave(global_eid); | ||
|
||
printf("Info: SampleEnclave successfully returned.\n"); | ||
|
||
printf("Enter a character before exit ...\n"); | ||
getchar(); | ||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
#ifndef _APP_H_ | ||
#define _APP_H_ | ||
|
||
#include <assert.h> | ||
#include <stdio.h> | ||
#include <stdlib.h> | ||
#include <stdarg.h> | ||
|
||
#include "sgx_error.h" /* sgx_status_t */ | ||
#include "sgx_eid.h" /* sgx_enclave_id_t */ | ||
|
||
#ifndef TRUE | ||
# define TRUE 1 | ||
#endif | ||
|
||
#ifndef FALSE | ||
# define FALSE 0 | ||
#endif | ||
|
||
# define TOKEN_FILENAME "enclave.token" | ||
# define ENCLAVE_FILENAME "/app/enclave.signed.so" | ||
|
||
extern sgx_enclave_id_t global_eid; /* global enclave id */ | ||
|
||
#if defined(__cplusplus) | ||
extern "C" { | ||
#endif | ||
|
||
|
||
#if defined(__cplusplus) | ||
} | ||
#endif | ||
|
||
#endif /* !_APP_H_ */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
<EnclaveConfiguration> | ||
<ProdID>0</ProdID> | ||
<ISVSVN>0</ISVSVN> | ||
<StackMaxSize>0x40000</StackMaxSize> | ||
<HeapMaxSize>0x100000</HeapMaxSize> | ||
<TCSNum>10</TCSNum> | ||
<TCSPolicy>1</TCSPolicy> | ||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release --> | ||
<DisableDebug>0</DisableDebug> | ||
<MiscSelect>0</MiscSelect> | ||
<MiscMask>0xFFFFFFFF</MiscMask> | ||
</EnclaveConfiguration> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
#include "Enclave.h" | ||
#include "Enclave_t.h" /* print_string */ | ||
#include <string.h> | ||
|
||
void ecall_hello_from_enclave(char *buf, size_t len) | ||
{ | ||
const char *hello = "Hello world From SGX Enclave!"; | ||
|
||
size_t size = len; | ||
if(strlen(hello) < len) | ||
{ | ||
size = strlen(hello) + 1; | ||
} | ||
|
||
memcpy(buf, hello, size - 1); | ||
buf[size-1] = '\0'; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
enclave { | ||
|
||
trusted { | ||
public void ecall_hello_from_enclave([out, size=len] char* buf, size_t len); | ||
}; | ||
|
||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#ifndef _ENCLAVE_H_ | ||
#define _ENCLAVE_H_ | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
enclave.so | ||
{ | ||
global: | ||
g_global_data_sim; | ||
g_global_data; | ||
enclave_entry; | ||
g_peak_heap_used; | ||
local: | ||
*; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ | ||
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ | ||
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr | ||
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b | ||
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H | ||
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD | ||
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW | ||
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC | ||
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe | ||
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z | ||
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q | ||
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 | ||
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 | ||
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 | ||
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 | ||
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm | ||
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i | ||
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 | ||
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd | ||
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD | ||
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a | ||
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC | ||
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ | ||
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo | ||
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t | ||
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz | ||
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 | ||
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 | ||
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom | ||
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G | ||
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv | ||
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN | ||
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 | ||
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp | ||
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg | ||
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH | ||
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= | ||
-----END RSA PRIVATE KEY----- |
Oops, something went wrong.