Support to automatically mount the /dev/gsgx to enclave container.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

add rpm target in Makefile

1. using `oneof` to distinguish default value and missing value in pb3.
2. dropping invalid fields in Quote to avoid invalid Attestation Evidence
Payload error(ErrorCode: 400).
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

If not distinguish default value and missing value in pb3, pb3 will drop default value
in protobuf requests.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

Both Support IAS API V3 and V4.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

fix the issue that /dev is mounted abnormally in the scratch image

Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

1. add global Makefile for all components.
2. add make uninstall for rune/Makefile.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

Due to the design of runelet, the Enclave Runtime PAL is loaded
in host but launched in container. The fact that certain libraries
from Intel SGX PSW would use dlopen() to further load libsgx_launch.so,
which means the container has to have it. In  order to ensure all
libraries dependent by Enclave Runtime PAL are completely loaded in
host, preload them prior to switch into container.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

The final error message will be sent back to the parent so there is
no need to log it.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Otherwise the host running `rune spec` must be capable of SGX, which
doesn't make sense.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

This path doesn't always exist in a container.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

/run is usally a symbol link to /var/run but it is not always true.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Current cpuid is implemented in assembly, which disallows using cgo.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

The minor device number should not be hard-coded with 58 for
SGX enclave devices.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

- Add docs/running_rune_with_occlum_bundle.md
- Remove docs/running_rune_with_docker.md
- Update skeleton README.md to add way to run rune with skeleton bundle
- Update README.md of inclavare-containers
- Add docs/running_rune_with_occlum.md
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

Signed-off-by: Njack.wxz <wangxiaozhe@linux.alibaba.com>

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

`make static` should depend on *.pb.go files.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

Introduce --gen-qe-target-info and --gen-quote options for this purpose.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

make the shim-rune adapt for occlum version 0.13

provide the enviorment variables for occlum configuration files and generate enclave configuration files from Occlum.json

With the help of attestation package of rune/libenclave, you can connect IAS service
to check and verify your sgx quote.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

1. Add way to build and install rune.
2. Add way to configure rune to Docker runtimes.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

This is a regular setting.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

So that the dynamic libraries are loaded in the host. The fix refers
to https://github.com/moby/moby/pull/39612/commits/a316b10dab79d9298b02c7930958ed52e0ccf4e4Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Instead of inheriting LD_LIBRARY_PATH by bootstrap, make it available
only for boostrap's child process.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

It is found that LD_LIBRARY_PATH must be set before the process starts to take its effect.
Therefore, set the LD_LIBRARY_PATH environment before bootstrap process starts.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>

This API is not defined in v1 at all.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>

Current path for LD_LIBRARY_PATH is used for centos. This patches adds the support
for more Linux distributions .
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>

Signed-off-by: Njack.wxz <wangxiaozhe@linux.alibaba.com>
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>

In order to implement more ecall functions, it is necessary to
implement a general sgx entry point with ecall number to
corresponding ecall handler.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

Signed-off-by: Njack.wxz <wangxiaozhe@linux.alibaba.com>
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>