未验证 提交 0de060ed 编写于 作者: H hustliyilin 提交者: GitHub

rune: Add remote attestation configurations

1. Add optional remote attestation annotation fields in config.json.
2. Pass remote attestation configs to runelet.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
上级 1a7da62a
...@@ -10,4 +10,8 @@ type Enclave struct { ...@@ -10,4 +10,8 @@ type Enclave struct {
Type string `json:"type"` Type string `json:"type"`
Path string `json:"path"` Path string `json:"path"`
Args string `json:"args,omitempty"` Args string `json:"args,omitempty"`
RaType string `json:"ra_type,omitempty"`
RaEpidSpid string `json:"ra_epid_spid,omitempty"`
RaEpidSubscriptionKey string `json:"ra_epid_subscription_key,omitempty"`
RaEpidQuoteType string `json:"ra_epid_quote_type,omitempty"`
} }
...@@ -144,6 +144,10 @@ func (p *setnsProcess) start() (err error) { ...@@ -144,6 +144,10 @@ func (p *setnsProcess) start() (err error) {
Type: p.config.Config.Enclave.Type, Type: p.config.Config.Enclave.Type,
Path: p.config.Config.Enclave.Path, Path: p.config.Config.Enclave.Path,
Args: p.config.Config.Enclave.Args, Args: p.config.Config.Enclave.Args,
RaType: p.config.Config.Enclave.RaType,
RaEpidSpid: p.config.Config.Enclave.RaEpidSpid,
RaEpidSubscriptionKey: p.config.Config.Enclave.RaEpidSubscriptionKey,
RaEpidQuoteType: p.config.Config.Enclave.RaEpidQuoteType,
} }
err := utils.WriteJSON(p.messageSockPair.parent, config) err := utils.WriteJSON(p.messageSockPair.parent, config)
if err != nil { if err != nil {
...@@ -474,6 +478,10 @@ func (p *initProcess) start() (retErr error) { ...@@ -474,6 +478,10 @@ func (p *initProcess) start() (retErr error) {
Type: p.config.Config.Enclave.Type, Type: p.config.Config.Enclave.Type,
Path: p.config.Config.Enclave.Path, Path: p.config.Config.Enclave.Path,
Args: p.config.Config.Enclave.Args, Args: p.config.Config.Enclave.Args,
RaType: p.config.Config.Enclave.RaType,
RaEpidSpid: p.config.Config.Enclave.RaEpidSpid,
RaEpidSubscriptionKey: p.config.Config.Enclave.RaEpidSubscriptionKey,
RaEpidQuoteType: p.config.Config.Enclave.RaEpidQuoteType,
} }
err := utils.WriteJSON(p.messageSockPair.parent, config) err := utils.WriteJSON(p.messageSockPair.parent, config)
if err != nil { if err != nil {
......
...@@ -332,11 +332,35 @@ func createEnclaveConfig(spec *specs.Spec, config *configs.Config) { ...@@ -332,11 +332,35 @@ func createEnclaveConfig(spec *specs.Spec, config *configs.Config) {
args = strings.Join(a, " ") args = strings.Join(a, " ")
} }
ra_type := filterOut(env, "ENCLAVE_RA_TYPE")
if ra_type == "" {
ra_type = libcontainerUtils.SearchLabels(config.Labels, "ra_type")
}
ra_epid_spid := filterOut(env, "ENCLAVE_RA_EPID_SPID")
if ra_epid_spid == "" {
ra_epid_spid = libcontainerUtils.SearchLabels(config.Labels, "ra_epid_spid")
}
ra_epid_subscription_key := filterOut(env, "ENCLAVE_RA_EPID_SUB_KEY")
if ra_epid_subscription_key == "" {
ra_epid_subscription_key = libcontainerUtils.SearchLabels(config.Labels, "ra_epid_subscription_key")
}
ra_epid_quote_type := filterOut(env, "ENCLAVE_RA_EPID_SIGNATURE_TYPE")
if ra_epid_quote_type == "" {
ra_epid_quote_type = libcontainerUtils.SearchLabels(config.Labels, "ra_epid_quote_type")
}
if etype != "" { if etype != "" {
config.Enclave = &configs.Enclave{ config.Enclave = &configs.Enclave{
Type: etype, Type: etype,
Path: path, Path: path,
Args: args, Args: args,
RaType: ra_type,
RaEpidSpid: ra_epid_spid,
RaEpidSubscriptionKey: ra_epid_subscription_key,
RaEpidQuoteType: ra_epid_quote_type,
} }
} }
} }
......
...@@ -4,4 +4,8 @@ type InitEnclaveConfig struct { ...@@ -4,4 +4,8 @@ type InitEnclaveConfig struct {
Type string `json:"type"` Type string `json:"type"`
Path string `json:"path"` Path string `json:"path"`
Args string `json:"args"` Args string `json:"args"`
RaType string `json:"ra_type"`
RaEpidSpid string `json:"ra_epid_spid"`
RaEpidSubscriptionKey string `json:"ra_epid_subscription_key"`
RaEpidQuoteType string `json:"ra_epid_quote_type"`
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册