- 12 8月, 2020 2 次提交
-
-
由 haosanzi 提交于
Reformat spec_v1.md and spec_v2.md Signed-off-by: NShirong Hao <shirong@linux.alibaba.com>
-
由 haosanzi 提交于
Signed-off-by: NShirong Hao <shirong@linux.alibaba.com>
-
- 10 8月, 2020 1 次提交
-
-
由 haosanzi 提交于
Leave v1 implementation in a separate file. Signed-off-by: NShirong Hao <shirong@linux.alibaba.com>
-
- 03 8月, 2020 1 次提交
-
-
由 jia zhang 提交于
This argument is used to test whether enclave share mapping between parent and child process is usable. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 31 7月, 2020 2 次提交
-
-
由 YangLiang 提交于
In the GNU C Library, "major" is defined by <sys/sysmacros.h> starting from glibc-2.25, the macros major and minor are only available in <sys/sysmacros.h>. This fix is for historical compatibility. Signed-off-by: NLiang Yang <liang3.yang@intel.com>
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 29 7月, 2020 5 次提交
-
-
由 jia zhang 提交于
There are still lots of SGX1 machines without FLC support deployed in filed. These machines eventually needs to be migrated to be supported by SGX in-tree driver which is product-ready and well-maintained. This patch targets to address the gap between SGX1 machine and SGX in-tree driver. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 jia zhang 提交于
SGX in-tree driver has a different way to go agains SGX out-of-tree driver. The enclave range is mapped to EPC memory after executing EINIT, so the anonymous mapping occupying enclave range must be done early instead of creating it based on the fd of /dev/isgx. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 jia zhang 提交于
Use st_rdev to retrieve the major number of device. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 28 7月, 2020 3 次提交
-
-
由 YiLin.Li 提交于
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-
由 YiLin.Li 提交于
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 27 7月, 2020 2 次提交
-
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 shirong 提交于
Signed-off-by: Nshirong <shirong@linux.alibaba.com> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 25 7月, 2020 1 次提交
-
-
由 haosanzi 提交于
Signed-off-by: Nshirong <shirong@linux.alibaba.com>
-
- 22 7月, 2020 1 次提交
-
-
由 YiLin.Li 提交于
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-
- 20 7月, 2020 1 次提交
-
-
由 Tianjia Zhang 提交于
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
-
- 06 7月, 2020 1 次提交
-
-
由 YiLin.Li 提交于
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-
- 01 7月, 2020 1 次提交
-
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 30 6月, 2020 3 次提交
-
-
由 hustliyilin 提交于
- Add docs/running_rune_with_occlum_bundle.md - Remove docs/running_rune_with_docker.md - Update skeleton README.md to add way to run rune with skeleton bundle - Update README.md of inclavare-containers - Add docs/running_rune_with_occlum.md Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-
由 wangxiaozhe 提交于
Signed-off-by: Njack.wxz <wangxiaozhe@linux.alibaba.com>
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 29 6月, 2020 1 次提交
-
-
由 YiLin.Li 提交于
1. Add way to build and install rune. 2. Add way to configure rune to Docker runtimes. Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-
- 24 6月, 2020 2 次提交
-
-
由 Tianjia Zhang 提交于
This API is not defined in v1 at all. Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
-
由 Tianjia Zhang 提交于
Signed-off-by: Njack.wxz <wangxiaozhe@linux.alibaba.com> Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
-
- 23 6月, 2020 1 次提交
-
-
由 jia zhang 提交于
In order to implement more ecall functions, it is necessary to implement a general sgx entry point with ecall number to corresponding ecall handler. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 21 6月, 2020 1 次提交
-
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 19 6月, 2020 2 次提交
-
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 18 6月, 2020 3 次提交
-
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 jia zhang 提交于
Currently, PAL API only implements v1. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 jack.wxz 提交于
Use unified API symbols starting with 'pal_'. Signed-off-by: Njack.wxz <wangxiaozhe@linux.alibaba.com> Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
-
- 16 6月, 2020 2 次提交
-
-
由 tianjia 提交于
Instead loading enclave runtime in container, rune should always load it at bootstrap, in order to avoid dlopen issue. Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
-
由 wangxiaozhe 提交于
This new implementation inspires the design of https://github.com/jsakkine-intel/linux-sgx/tree/next/tools/testing/selftests/x86/sgx, which is a real enclave runtime. Signed-off-by: Njack.wxz <wangxiaozhe@linux.alibaba.com>
-
- 26 5月, 2020 1 次提交
-
-
由 hustliyilin 提交于
Instead using the hard code "off". Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-
- 22 5月, 2020 1 次提交
-
-
由 tianjia 提交于
The prototype declaration of pal_init() is wrong, this is a copy-paste error, this patch fixes it. Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
-
- 12 5月, 2020 1 次提交
-
-
由 jia zhang 提交于
inclavare-containers is a set of tools for running trusted applications in containers with the hardware-assisted enclave technology. Enclave, referred to as a protected execution environment, prevents the untrusted entity from accessing the sensitive and confidential assets in use. Currently, inclavare-containers consists of two core components: rune and enclave runtime. rune is a CLI tool for spawning and running enclaves in containers according to the OCI specification. The codebase of rune is a fork of runc, so rune can be used as runc if enclave is not configured or available. Enclave runtime is the backend of rune, which is responsible for loading and running applications inside enclaves. The interface between rune and enclave runtime is Enclave Runtime PAL API, which allows invoking enclave runtime through well-defined functions. The software for confidential computing may benefit from this interface to interact with OCI runtime. Additionally, this commit includes additional information about the use of inclavare-containers. - Run sample enclave runtime skeleton with rune - Run enclave runtime Occlum with rune See README.md for more details. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com> Signed-off-by: NXiaozhe Wang <wangxiaozhe@linux.alibaba.com> Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-