Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[rte-252] ppid_retrieval runtime container #675

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

[rte-252] ppid_retrieval runtime container #675

wants to merge 5 commits into from

Conversation

raoulstrackx
Copy link
Contributor

There already was a Docker container to build the ppid_retrieval tool, but not a minimal container to run it. This PR adds just that. It also does the following (each as a separate, independent commit):

  • More structured comments in the Dockerfile
  • Specify a ppid_retrieval image
  • Verification of the intel-sgx key used to sign debian packages
  • Less verbose output of the ppid_retrieval tool to facilitate scripting
  • Separate build script for the ppid_retrieval tool and version tag

@raoulstrackx raoulstrackx requested a review from nshyrei December 18, 2024 12:32
Taowyoo
Taowyoo reviewed Dec 18, 2024
View reviewed changes
intel-sgx/ppid-retrieval-tool/Docker/Dockerfile
RUN echo 92f96f84281031d889deb81060c44325f0481aee621ae47a15ae1df4431b4a23 intel-sgx-deb.key | sha256sum -c
RUN cat intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null
RUN apt-get update
RUN apt-get install -y libsgx-urts
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another approach is using the pre-built dynamic libraries in https://download.01.org/intel-sgx/latest/dcap-latest/linux/distro/ubuntu24.04-server/PCKIDRetrievalTool_v1.22.100.3.tar.gz

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

~/Downloads/PCKIDRetrievalTool_v1.22.100.3 
> ls
libmpa_uefi.so.1	       libsgx_pce.signed.so.1  network_setting.conf
libsgx_enclave_common.so.1     libsgx_urts.so	       PCKIDRetrievalTool
libsgx_id_enclave.signed.so.1  License.txt	       README.txt

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For build stage , current approach is fine.
But for run stage below, I suggest to use this

intel-sgx/ppid-retrieval-tool/Docker/Dockerfile
RUN apt-get install -y libsgx-urts

# Install ppid_retrieval tool
COPY --from=ppid_retrieval_dev /opt/intel/ppid-tool/ppid_retrieval /ppid_retrieval
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it intentional to use root path in line 62-67?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Taowyoo Taowyoo Taowyoo left review comments

@nshyrei nshyrei Awaiting requested review from nshyrei

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@raoulstrackx @Taowyoo