This is an automated email from the ASF dual-hosted git repository. shaojunwang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-java-tee-sdk.git
commit fcdc249a317ce8216b012c57b3adf291b45fadee Author: jeffery.wsj <[email protected]> AuthorDate: Fri Oct 14 11:31:02 2022 +0800 [misc] Update Proposal.md file Summary: Update Proposal.md file about license statement and project name. Test Plan: all tests pass Reviewers: lei.yul, cengfeng.lzy, sanhong.lsh Issue: https://aone.alibaba-inc.com/task/45556466 CR: https://code.aone.alibaba-inc.com/java-tee/JavaEnclave/codereview/10435897 --- Proposal.md | 25 +++++---- README.md | 62 +++++++++++----------- build.sh | 2 +- .../EmbeddedLibOSInnerAttestationReport.java | 2 +- .../exception/ConfidentialComputingException.java | 2 +- .../jni_occlum_attestation_generate.h | 2 +- .../platform/tee_sdk_svm/edge_routines/sgx_mmap.c | 8 +-- .../tee_sdk_svm/edge_routines/tee_sdk_symbol.h | 2 +- sdk/host/docs/Configuration.md | 10 ++-- .../javasdk/host/EmbeddedLibOSEnclave.java | 2 +- .../teaclave/javasdk/host/EnclaveFactory.java | 4 +- .../apache/teaclave/javasdk/host/EnclaveType.java | 2 +- .../teaclave/javasdk/host/ExtractLibrary.java | 2 +- .../apache/teaclave/javasdk/host/MetricTrace.java | 4 +- .../teaclave/javasdk/host/MockInSvmEnclave.java | 2 +- .../teaclave/javasdk/host/RemoteAttestation.java | 2 +- .../teaclave/javasdk/host/TeeSdkEnclave.java | 2 +- .../sgx/jni/jni_remote_attestation_verify.c | 4 +- .../libos_occlum_enclave/jni/jni_occlum_enclave.h | 2 +- .../cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h | 2 +- .../cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c | 2 +- .../cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h | 2 +- .../javasdk/test/enclave/TestEnclaveException.java | 2 +- .../javasdk/test/host/TestEnclaveException.java | 2 +- tools/cicd/dockerfile_release | 2 +- tools/cicd/jenkinsfile | 4 +- 26 files changed, 78 insertions(+), 79 deletions(-) diff --git a/Proposal.md b/Proposal.md index 09d9a73..63c4022 100644 --- a/Proposal.md +++ b/Proposal.md @@ -2,21 +2,19 @@ ## Abstract -JavaEnclave is a Java confidential computing programming framework. It follows the host-and-enclave partition programming model defined by Intel-SGX SDK. -JavaEnclave provides an elegant way to divide a java project into host and enclave modules, where the enclave module is a provider of a user-defined service interface which is similar to the Java SPI model. JavaEnclave could help you to develop and build a Java confidential computing project with high efficiency. +Teaclave Java TEE SDK is a Java confidential computing programming framework. It follows the host-and-enclave partition programming model defined by Intel-SGX SDK. Teaclave Java TEE SDK provides an elegant way to divide a java project into host and enclave modules, where the enclave module is a provider of a user-defined service interface which is similar to the Java SPI model. Teaclave Java TEE SDK could help you to develop and build a Java confidential computing project with high efficiency. ## Proposal -JavaEnclave is a pure Java SDK for Java confidential computing. It eases the interactions between secured and unsecured environment with a few concise APIs. -From user's aspect, creating an enclave environment and invoking confidential computing services would be as simple as invoking SPI services. +Teaclave Java TEE SDK is a pure Java SDK for Java confidential computing. It eases the interactions between secured and unsecured environment with a few concise APIs. From user's aspect, creating an enclave environment and invoking confidential computing services would be as simple as invoking SPI services. ### Background -The JavaEnclave project is being actively developed within Alibaba Cloud. +The Teaclave Java TEE SDK project is being actively developed within Alibaba Cloud. ### Rationale -JavaEnclave is a Java confidential computing programming framework. The goal of Teaclave is to provide a universal secure computing platform for multiple programming languages. Teaclave currently supports Rust, Python and WebAssembly, but Java is still missing. JavaEnclave would be an important piece of the puzzle. +Teaclave Java TEE SDK is a Java confidential computing programming framework. The goal of Teaclave is to provide a universal secure computing platform for multiple programming languages. Teaclave currently supports Rust, Python and WebAssembly, but Java is still missing. Teaclave Java TEE SDK would be an important piece of the puzzle. ### Initial Goals @@ -25,11 +23,11 @@ JavaEnclave is a Java confidential computing programming framework. The goal of #### Meritocracy: -JavaEnclave project was originally developed and reviewed by Shaojun Wang/Ziyi Lin/Lei Yu/Sanhong Li within Alibaba Cloud. We encourage everyone to ask questions and create pull requests for the project. +Teaclave Java TEE SDK project was originally developed and reviewed by Shaojun Wang/Ziyi Lin/Lei Yu/Sanhong Li within Alibaba Cloud. We encourage everyone to ask questions and create pull requests for the project. #### Community: -JavaEnclave was developed and applied within Alibaba Cloud before it was donated to Teaclave. +Teaclave Java TEE SDK was developed and applied within Alibaba Cloud before it was donated to Teaclave. #### Core Developers: @@ -47,11 +45,11 @@ An exercise in self-knowledge. Risks don't mean that a project is unacceptable. #### Project Name -Since the project will be accepted as a subproject in Teaclave, the project is renamed Teaclave-java-tee-sdk. +Teaclave Java TEE SDK was initially developed and applied within Alibaba Cloud as a closed-source project which was called JavaEnclave. #### Inexperience with Open Source: -JavaEnclave has been reviewed by Mingshen Sun, who is from the Teaclave community. He's familiar with The Apache Way for the open-source community. +Teaclave Java TEE SDK has been reviewed by Mingshen Sun, who is from the Teaclave community. He's familiar with The Apache Way for the open-source community. #### Length of Incubation: @@ -59,11 +57,11 @@ The project will be in incubation with Apache Teaclave (incubating) project. ### Documentation -- N/A +- Teaclave Java TEE SDK's documentation will be submit to Teaclave PPMC for review by email [email protected] ### Initial Source -- N/A +- Teaclave Java TEE SDK's source code will be submit to Teaclave PPMC for review by email [email protected] ### Source and Intellectual Property Submission Plan @@ -71,7 +69,8 @@ We will submit a Software Grant for this project later. #### External Dependencies: -The dependencies have Apache compatible license, which is provided under the BSD 2-Clause license and GPL2.0 license. +The dependencies have Apache compatible license, which is provided under the BSD 2-Clause license and GPL2.0 license. One dependency of Teaclave Java TEE SDK is GraalVM SubstraceVM with GPL2.0 license, it's used as the enclave module's native image compiler, and Teaclave Java TEE SDK has contributed some patches to GraalVM and they had been contained in GraalVM's official releases assets. Teaclave Java TEE SDK is dependent on GraalVM's official releases and doesn't make any modifications [...] +https://www.apache.org/legal/resolved.html #### Cryptography: diff --git a/README.md b/README.md index 2960229..106c9a4 100644 --- a/README.md +++ b/README.md @@ -1,50 +1,50 @@ -## What's Teaclave-java-tee-sdk? +## What's Teaclave Java TEE SDK? -Teaclave-java-tee-sdk is a Java confidential computing programming framework. It follows the host-and-enclave partition programming model defined by Intel-SGX SDK. Teaclave-java-tee-sdk provides an elegant way to divide a java project into host and enclave modules, where the enclave module is a provider of a user-defined service interface which is similar to the Java SPI model. Teaclave-java-tee-sdk could help you to develop and build a Java confidential computing project with high efficiency. +Teaclave Java TEE SDK is a Java confidential computing programming framework. It follows the host-and-enclave partition programming model defined by Intel-SGX SDK. Teaclave Java TEE SDK provides an elegant way to divide a java project into host and enclave modules, where the enclave module is a provider of a user-defined service interface which is similar to the Java SPI model. Teaclave Java TEE SDK could help you to develop and build a Java confidential computing project with high efficiency. -## Why do we need Teaclave-java-tee-sdk? +## Why do we need Teaclave Java TEE SDK? -Occlum and Gramine libOS solutions run the entire Java application inside the enclave. Although it's much easier for end users, it suffers from a large TCB(Trusted Computing Base) that may compromise the security to some degree. On the other hand, Intel-SGX and OpenEnclave SDKs are more secure by only running the sensitive code inside the enclave, but they are limited to C/C++ ecosystem, and the development experience for programmers is unfriendly. For Example, it requests the programmer [...] +Occlum and Gramine libOS solutions run the entire Java application inside the enclave. Although it's much easier for end users, it suffers from a large TCB(Trusted Computing Base) that may compromise the security to some degree. On the other hand, Intel-SGX and OpenEnclave SDKs are more secure by only running the sensitive code inside the enclave, but they are limited to C/C++ ecosystem, and the development experience for programmers is unfriendly. For Example, it requests the programmer [...] -## Teaclave-java-tee-sdk architecture +## Teaclave Java TEE SDK architecture -Teaclave-java-tee-sdk provides seven components: +Teaclave Java TEE SDK provides seven components: -- Teaclave-java-tee-sdk Host .jar, provides API to create and destroy enclave instances, enclave service loading and unloading, remote attestation quote generation, and verification. +- Teaclave Java TEE SDK Host.jar, provides API to create and destroy enclave instances, enclave service loading and unloading, remote attestation quote generation, and verification. -- Teaclave-java-tee-sdk Enclave .jar, makes java native image runs in sgx enclave environment, and provides a stub between host and enclave for their interaction. +- Teaclave Java TEE SDK Enclave.jar, makes java native image runs in sgx enclave environment, and provides a stub between host and enclave for their interaction. -- Teaclave-java-tee-sdk Common .jar, provides an annotation for application, which helps to register user-defined interface parameters' type information for native image reflection. Also, it defines the interface between host and enclave for underlying interaction, and it's transparent for the application. +- Teaclave Java TEE SDK Common.jar, provides an annotation for application, which helps to register user-defined interface parameters' type information for native image reflection. Also, it defines the interface between host and enclave for underlying interaction, and it's transparent for the application. -- Teaclave-java-tee-sdk SDK, provides all kinds of underlying JNI .so and building toolchains. +- Teaclave Java TEE SDK, provides all kinds of underlying JNI .so and building toolchains. -- Teaclave-java-tee-sdk Archetype project, helps the user to create a Java confidential computing project Structure. +- Teaclave Java TEE SDK Archetype project, helps the user to create a Java confidential computing project Structure. - Native BouncyCastle third-party package, helps the user to apply BouncyCastle in the enclave native environment without reflection issues. -- Teaclave-java-tee-sdk Docker, provides a standard build and execution environment for Java confidential computing applications. +- Teaclave Java TEE SDK Docker, provides a standard build and execution environment for Java confidential computing applications. <br /> <div align="center"> -<img src="./docs/resources/JavaEnclave_Architecture.png" width = "400" height = "400" alt="Teaclave-java-tee-sdk Architecture" align=center /> +<img src="./docs/resources/JavaEnclave_Architecture.png" width = "400" height = "400" alt="Teaclave Java TEE SDK Architecture" align=center /> </div> -<center>Teaclave-java-tee-sdk Architecture</center> +<center>Teaclave Java TEE SDK Architecture</center> <br /> -## Confidential computing Java project structure based on Teaclave-java-tee-sdk +## Confidential computing Java project structure based on Teaclave Java TEE SDK -A Java confidential computing application project based on Teaclave-java-tee-sdk is a maven project which consists of three submodules, they are host submodule, enclave submodule, and common submodule. The common submodule contains the service interface definition, the enclave submodule implements the interface defined in the common submodule, host submodule contains the management of the enclave instance and service instance. We can view the enclave submodule as an SPI provider, Teaclav [...] +A Java confidential computing application project based on Teaclave Java TEE SDK is a maven project which consists of three submodules, they are host submodule, enclave submodule, and common submodule. The common submodule contains the service interface definition, the enclave submodule implements the interface defined in the common submodule, host submodule contains the management of the enclave instance and service instance. We can view the enclave submodule as an SPI provider, Teaclav [...] <br /> <div align="center"> -<img src="./docs/resources/JavaEnclave_Application_Dependency.png" width = "400" height = "300" alt="Teaclave-java-tee-sdk Application Dependency" align=center /> +<img src="./docs/resources/JavaEnclave_Application_Dependency.png" width = "400" height = "300" alt="Teaclave Java TEE SDK Application Dependency" align=center /> </div> -<center>Teaclave-java-tee-sdk Application Dependency</center> +<center>Teaclave Java TEE SDK Application Dependency</center> <br /> <div align="center"> -<img src="./docs/resources/JavaEnclave_Project_Structure.png" width = "400" height = "400" alt="Teaclave-java-tee-sdk Project Structure" align=center /> +<img src="./docs/resources/JavaEnclave_Project_Structure.png" width = "400" height = "400" alt="Teaclave Java TEE SDK Project Structure" align=center /> </div> -<center>Teaclave-java-tee-sdk Project Structure</center> +<center>Teaclave Java TEE SDK Project Structure</center> <br /> ## Getting started @@ -55,9 +55,9 @@ A Java confidential computing application project based on Teaclave-java-tee-sdk `apt install cpuid && cpuid -1 -l 0x12` -<img src="./docs/resources/SGX2_Supported_Check.png" width = "300" height = "100" alt="Teaclave-java-tee-sdk Application Dependency" align=center /> +<img src="./docs/resources/SGX2_Supported_Check.png" width = "300" height = "100" alt="Teaclave Java TEE SDK Application Dependency" align=center /> -if SGX2 is not supported, only MOCK_IN_JVM and MOCK_IN_SVM enclave modes in Teaclave-java-tee-sdk could be run normally. +if SGX2 is not supported, only MOCK_IN_JVM and MOCK_IN_SVM enclave modes in Teaclave Java TEE SDK could be run normally. #### 2. Is the SGX2 driver installed? @@ -67,19 +67,19 @@ if it is not, you need to install the sgx driver according to reference: https:/ #### 3. enable_rdfsbase kernel module -if Linux kernel before 5.9, please install the enable_rdfsbase kernel module according to reference: https://github.com/occlum/enable_rdfsbase. enable_rdfsbase kernel module is needed if you create an enclave instance with EMBEDDED_LIB_OS mode defined in Teaclave-java-tee-sdk. +if Linux kernel before 5.9, please install the enable_rdfsbase kernel module according to reference: https://github.com/occlum/enable_rdfsbase. enable_rdfsbase kernel module is needed if you create an enclave instance with EMBEDDED_LIB_OS mode defined in Teaclave Java TEE SDK. -#### 4. Enter Teaclave-java-tee-sdk docker +#### 4. Enter Teaclave Java TEE SDK docker `docker run -it --privileged --network host -v /dev/sgx_enclave:/dev/sgx/enclave -v /dev/sgx_provision:/dev/sgx/provision teaclave-java-tee-sdk:v0.1.0-ubuntu18.04` -Teaclave-java-tee-sdk Docker provides a compilation and deployment environment for a java confidential computing application based on Teaclave-java-tee-sdk. +Teaclave Java TEE SDK Docker provides a compilation and deployment environment for a java confidential computing application based on Teaclave Java TEE SDK. ### HelloWorld sample instruction #### 1. Create a HelloWorld project structure -Teaclave-java-tee-sdk provides a java confidential computing archetype project to help us create a basic project structure. +Teaclave Java TEE SDK provides a java confidential computing archetype project to help us create a basic project structure. `mvn archetype:generate -DgroupId=com.sample -DartifactId=helloworld -DarchetypeGroupId=org.apache.teaclave.javasdk -DarchetypeArtifactId=javaenclave-archetype -DarchetypeVersion=0.1.0 -DinteractiveMode=false` @@ -102,7 +102,7 @@ public interface Service { } ``` -Note that we have to annotate this service interface with `@EnclaveService` which Teaclave-java-tee-sdk provides. +Note that we have to annotate this service interface with `@EnclaveService` which Teaclave Java TEE SDK provides. #### 3. Create enclave service interface provider in enclave submodule @@ -170,16 +170,16 @@ Note that parameter `-Pnative` should not be ignored. then we could run this sample: `OCCLUM_RELEASE_ENCLAVE=true java -cp host/target/host-1.0-SNAPSHOT-jar-with-dependencies.jar:enclave/target/enclave-1.0-SNAPSHOT-jar-with-dependencies.jar com.sample.helloworld.host.Main` -## Four enclave types in Teaclave-java-tee-sdk +## Four enclave types in Teaclave Java TEE SDK ### MOCK_IN_JVM mode -`MOCK_IN_JVM` mode in Teaclave-java-tee-sdk is a simulated mode, it doesn't need SGX hardware support. The host module and enclave module run in the same JVM environment. +`MOCK_IN_JVM` mode in Teaclave Java TEE SDK is a simulated mode, it doesn't need SGX hardware support. The host module and enclave module run in the same JVM environment. In essence, it's an SPI mechanism between host and enclave parts. ### MOCK_IN_SVM mode -`MOCK_IN_SVM` mode in Teaclave-java-tee-sdk is also a simulated mode, it doesn't need SGX hardware support. Compare with `MOCK_IN_JVM` mode, the enclave submodule +`MOCK_IN_SVM` mode in Teaclave Java TEE SDK is also a simulated mode, it doesn't need SGX hardware support. Compare with `MOCK_IN_JVM` mode, the enclave submodule will be compiled into a native image, and the host submodule run in a JVM environment. host part will load, create and invoke service defined in enclave by JNI native call. ### TEE_SDK mode @@ -190,6 +190,6 @@ will be compiled into a native image, and the host submodule run in a JVM enviro `EMBEDDED_LIB_OS` mode is also a hardware mode, it must run on the platform with SGX2 hardware support. Compare with `TEE_SDK` mode, the enclave submodule will be compiled into a jar file, and it will be loaded and run in an enclave with libOS Occlum, an inner alpine JVM runs based on this libOS. The host part runs in another JVM based on a normal environment. The two JVM instances co-existence and run in one process. -## Teaclave-java-tee-sdk configuration +## Teaclave Java TEE SDK configuration please refer to the link: [Configuration.md](./sdk/host/docs/Configuration.md) \ No newline at end of file diff --git a/build.sh b/build.sh index bd04b94..fe7593b 100755 --- a/build.sh +++ b/build.sh @@ -33,7 +33,7 @@ WORKDIR="$PWD" if [ ! "$STAGE" -o "build" = "$STAGE" ]; then # Install local graal-processor.jar mvn install:install-file -DgroupId=org.graalvm.compiler -DartifactId=graal-processor -Dversion=22.2.0 -Dpackaging=jar -Dfile="${GRAALVM_HOME}"/lib/graal/graal-processor.jar - # Build and Install Teaclave-java-tee-sdk. + # Build and Install Teaclave Java TEE SDK. pushd "${WORKDIR}"/sdk && mvn clean install && popd # Install BouncyCastle Native Package pushd "${WORKDIR}"/third-party-libs/bouncycastle-native && mvn clean install && popd diff --git a/sdk/common/src/main/java/org/apache/teaclave/javasdk/common/EmbeddedLibOSInnerAttestationReport.java b/sdk/common/src/main/java/org/apache/teaclave/javasdk/common/EmbeddedLibOSInnerAttestationReport.java index d3b6601..5395d41 100644 --- a/sdk/common/src/main/java/org/apache/teaclave/javasdk/common/EmbeddedLibOSInnerAttestationReport.java +++ b/sdk/common/src/main/java/org/apache/teaclave/javasdk/common/EmbeddedLibOSInnerAttestationReport.java @@ -20,7 +20,7 @@ package org.apache.teaclave.javasdk.common; import java.io.Serializable; /** - * This class is used to transfer embedded lib os attestation report between Teaclave-java-tee-sdk's + * This class is used to transfer embedded lib os attestation report between Teaclave Java TEE SDK's * host and enclave module. */ public final class EmbeddedLibOSInnerAttestationReport implements Serializable { diff --git a/sdk/common/src/main/java/org/apache/teaclave/javasdk/common/exception/ConfidentialComputingException.java b/sdk/common/src/main/java/org/apache/teaclave/javasdk/common/exception/ConfidentialComputingException.java index a03764e..c0f4a94 100644 --- a/sdk/common/src/main/java/org/apache/teaclave/javasdk/common/exception/ConfidentialComputingException.java +++ b/sdk/common/src/main/java/org/apache/teaclave/javasdk/common/exception/ConfidentialComputingException.java @@ -19,7 +19,7 @@ package org.apache.teaclave.javasdk.common.exception; /** * ConfidentialComputingException {@link ConfidentialComputingException} is base exception in - * Teaclave-java-tee-sdk. All exceptions thrown in Teaclave-java-tee-sdk will inherit this base exception. + * Teaclave Java TEE SDK. All exceptions thrown in Teaclave Java TEE SDK will inherit this base exception. * Programmers need to handle ConfidentialComputingException seriously. */ public class ConfidentialComputingException extends Exception { diff --git a/sdk/enclave/src/main/native/cpp/platform/libos_occlum_enclave/remote_attestation_generate/jni_occlum_attestation_generate.h b/sdk/enclave/src/main/native/cpp/platform/libos_occlum_enclave/remote_attestation_generate/jni_occlum_attestation_generate.h index c0150e7..5ceb539 100644 --- a/sdk/enclave/src/main/native/cpp/platform/libos_occlum_enclave/remote_attestation_generate/jni_occlum_attestation_generate.h +++ b/sdk/enclave/src/main/native/cpp/platform/libos_occlum_enclave/remote_attestation_generate/jni_occlum_attestation_generate.h @@ -33,7 +33,7 @@ extern "C" { { \ jclass ra_class = (*env)->FindClass(env, exception); \ if (ra_class == NULL) { \ - fprintf(stderr, "Teaclave-java-tee-sdk Error: "); \ + fprintf(stderr, "Teaclave Java TEE SDK Error: "); \ fprintf(stderr, exception); \ fprintf(stderr, " class loading failed.\n"); \ return; \ diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c index df780e7..afaead3 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/sgx_mmap.c @@ -47,7 +47,7 @@ void* mmap(void *hint, int size, int prot, int flags) { void *ptr = 0; // flags == 0x4022, svm runtime expects to reserve a memory buffer with giving start address hint; // flags == 0x22 and hint == 0x0, svm runtime expects to reserve a memory buffer, the start address depends. - // Both the two scene, Teaclave-java-tee-sdk SDK view them as enclave memory allocation, while not memory space reserve. + // Both the two scene, Teaclave Java TEE SDK view them as enclave memory allocation, while not memory space reserve. if ((flags == 0x4022) || (flags == 0x22 && hint == 0x0 && prot == 0x3)) { // fd mapping is not supported in enclave, so the last two parameters of // (int fd, off_t offset) must be (-1, 0); @@ -57,15 +57,15 @@ void* mmap(void *hint, int size, int prot, int flags) { } else if (flags == 0x32) { ptr = hint; } else { - if(enable_trace_symbol_calling == 0x1) printf("Teaclave-java-tee-sdk Warning: unsupported mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); + if(enable_trace_symbol_calling == 0x1) printf("Teaclave Java TEE SDK Warning: unsupported mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); ASSERT(); } - if(enable_trace_symbol_calling == 0x1) printf("Teaclave-java-tee-sdk Warning: mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); + if(enable_trace_symbol_calling == 0x1) printf("Teaclave Java TEE SDK Warning: mmap operation in tee sdk enclave: 0x%lx, ptr is: %p, size is: %d, prot is: 0x%x, flags is: 0x%x.\n", (uint64_t)hint, ptr, size, prot, flags); return ptr; } int munmap(void *addr, int size) { TRACE_SYMBOL_CALL(); - if(enable_trace_symbol_calling == 0x1) printf("Teaclave-java-tee-sdk Warning: unmmap operation in tee sdk enclave: addr is: %p, size is: %d\n", addr, size); + if(enable_trace_symbol_calling == 0x1) printf("Teaclave Java TEE SDK Warning: unmmap operation in tee sdk enclave: addr is: %p, size is: %d\n", addr, size); return _munmap(addr, size); } \ No newline at end of file diff --git a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h index afa96c4..b26423f 100644 --- a/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h +++ b/sdk/enclave/src/main/native/cpp/platform/tee_sdk_svm/edge_routines/tee_sdk_symbol.h @@ -26,7 +26,7 @@ extern int enable_trace_symbol_calling; #define ENABLE_TRACE_SYSCALL #if defined(ENABLE_TRACE_SYSCALL) -#define TRACE_SYMBOL_CALL() if(enable_trace_symbol_calling == 0x1) printf("Teaclave-java-tee-sdk Warning: %s is called in enclave svm.\n", __FUNCTION__); +#define TRACE_SYMBOL_CALL() if(enable_trace_symbol_calling == 0x1) printf("Teaclave Java TEE SDK Warning: %s is called in enclave svm.\n", __FUNCTION__); #else #define TRACE_SYMBOL_CALL() #endif diff --git a/sdk/host/docs/Configuration.md b/sdk/host/docs/Configuration.md index df0b4aa..d9a7e60 100644 --- a/sdk/host/docs/Configuration.md +++ b/sdk/host/docs/Configuration.md @@ -1,15 +1,15 @@ -# Teaclave-java-tee-sdk Configuration Illustration +# Teaclave Java TEE SDK Configuration Illustration ## Configure file -Teaclave-java-tee-sdk provides a `java_enclave_configure.json` template file for user to set customized parameters. It provides six parameters: +Teaclave Java TEE SDK provides a `java_enclave_configure.json` template file for user to set customized parameters. It provides six parameters: | key | value(default) | illustration | |--------------------------------|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | debuggable | false | Allow `TEE_SDK` Enclave or `EMBEDDED_LIB_OS` Enclave to be debuggable or not, debuggable mode help to debug. Should make it to be not debuggable when the project is online service for security. | | enclave_type | TEE_SDK | When creating an enclave instance with method `EnclaveFactory.create()`, TEE_SDK kind of Enclave will be created by default, key `enclave_type` could be one of `MOCK_IN_JVM` `MOCK_IN_SVM` `TEE_SDK` `EMBEDDED_LIB_OS`. | -| metric_trace_enable | false | Enable Teaclave-java-tee-sdk performance metric or not. | -| metric_trace_file_path | "" | Customized Teaclave-java-tee-sdk metric log file path. Teaclave-java-tee-sdk Metric feature could help to measure the cost of every service invocation and service loading/unloading. | +| metric_trace_enable | false | Enable Teaclave Java TEE SDK performance metric or not. | +| metric_trace_file_path | "" | Customized Teaclave Java TEE SDK metric log file path. Teaclave Java TEE SDK Metric feature could help to measure the cost of every service invocation and service loading/unloading. | | enclave_max_thread | 50 | The max thread number which enclave allows to be e-called into `TEE_SDK` Enclave or `EMBEDDED_LIB_OS` Enclave. | | enclave_max_epc_memory_size_MB | 1500 | The max physical epc memory size in `TEE_SDK`, `EMBEDDED_LIB_OS` Enclave | @@ -17,7 +17,7 @@ Teaclave-java-tee-sdk provides a `java_enclave_configure.json` template file for ## Property Configuration Setting -Teaclave-java-tee-sdk provides some customized property setting for different scene. +Teaclave Java TEE SDK provides some customized property setting for different scene. | property | value | illustration | |---------------------------------------------------|-------------------------------------------------|----------------------------------------| diff --git a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EmbeddedLibOSEnclave.java b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EmbeddedLibOSEnclave.java index 3503d90..5680896 100644 --- a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EmbeddedLibOSEnclave.java +++ b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EmbeddedLibOSEnclave.java @@ -254,7 +254,7 @@ final class EmbeddedLibOSEnclave extends AbstractEnclave { synchronized (EmbeddedLibOSEnclave.class) { // Because enclave libos occlum doesn't support creating a new occlum instance even // destroy the pre-created occlum instance, Do nothing here. - // embedded lib os occlum instance in Teaclave-java-tee-sdk is similar with a singleton instance. + // embedded lib os occlum instance in Teaclave Java TEE SDK is similar with a singleton instance. try (MetricTraceContext trace = new MetricTraceContext( this.getEnclaveInfo(), MetricTraceContext.LogPrefix.METRIC_LOG_ENCLAVE_DESTROYING_PATTERN)) { diff --git a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EnclaveFactory.java b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EnclaveFactory.java index f16ddcf..b0517a5 100644 --- a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EnclaveFactory.java +++ b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EnclaveFactory.java @@ -28,10 +28,10 @@ import java.io.IOException; * TEE is an abstract concept, it contains many kinds of confidential compute technology. * From hardware's point, there are Intel's SGX/TDX, Arm's TrustZone and so on. * From software's point, there are SGX-SDK, OpenEnclave, TeeSDK and so on. - * Teaclave-java-tee-sdk is committed to make java enclave development easy and efficient. + * Teaclave Java TEE SDK is committed to make java enclave development easy and efficient. * <p> * Java developer does not need to care too much about enclave's underlying technology stack. - * And Teaclave-java-tee-sdk will help java programmer develop a java enclave service as a common java service. + * And Teaclave Java TEE SDK will help java programmer develop a java enclave service as a common java service. * <pre> * try { * Enclave enclave = EnclaveFactory.create(); diff --git a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EnclaveType.java b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EnclaveType.java index 7b0b1b7..7b5b320 100644 --- a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EnclaveType.java +++ b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/EnclaveType.java @@ -19,7 +19,7 @@ package org.apache.teaclave.javasdk.host; /** * An enumeration of enclave type. - * Teaclave-java-tee-sdk supports three kinds of enclave, they are mock_in_jvm、mock_in_svm、tee_sdk + * Teaclave Java TEE SDK supports three kinds of enclave, they are mock_in_jvm、mock_in_svm、tee_sdk * and embedded_lib_os. */ public enum EnclaveType { diff --git a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/ExtractLibrary.java b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/ExtractLibrary.java index 880b1a0..a8d2a88 100644 --- a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/ExtractLibrary.java +++ b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/ExtractLibrary.java @@ -25,7 +25,7 @@ import java.io.*; import java.util.zip.GZIPInputStream; /** - * Teaclave-java-tee-sdk building tool will put native .so files or .tgz files into a java .jar file, + * Teaclave Java TEE SDK building tool will put native .so files or .tgz files into a java .jar file, * ExtractLibrary will extract tee sdk's jni .so and enclave signed .so into a temp path * from the jar file. * extractAndDeCompressTgz will extract embedded lib os enclave's compressed .tgz image and diff --git a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/MetricTrace.java b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/MetricTrace.java index 59598e0..0415ce3 100644 --- a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/MetricTrace.java +++ b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/MetricTrace.java @@ -28,7 +28,7 @@ import java.util.Date; import java.util.concurrent.TimeUnit; /** - * MetricTrace is Teaclave-java-tee-sdk's internal mechanism to trace metric of key enclave operation. + * MetricTrace is Teaclave Java TEE SDK's internal mechanism to trace metric of key enclave operation. * For example, MetricTrace could metric and record the cost of enclave creation, also could * trace an enclave service invocation cost and so on. */ @@ -52,7 +52,7 @@ public abstract class MetricTrace implements AutoCloseable { } /** - * turn on/off metric trace for Teaclave-java-tee-sdk. + * turn on/off metric trace for Teaclave Java TEE SDK. * * @param flag turn on/off metric trace. */ diff --git a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/MockInSvmEnclave.java b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/MockInSvmEnclave.java index efb0e88..2a9b6ad 100644 --- a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/MockInSvmEnclave.java +++ b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/MockInSvmEnclave.java @@ -41,7 +41,7 @@ final class MockInSvmEnclave extends AbstractEnclave { // enclaveHandle stores created enclave svm sdk .so file handler. private long enclaveSvmSdkHandle; // isolate stores svm created isolate instance. - // In Teaclave-java-tee-sdk only one isolateHandle instance will be created. + // In Teaclave Java TEE SDK only one isolateHandle instance will be created. private long isolateHandle; // isolateThreadHandle stores the first attached isolateThread Handle. private long isolateThreadHandle; diff --git a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/RemoteAttestation.java b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/RemoteAttestation.java index 1a8e988..6f8e810 100644 --- a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/RemoteAttestation.java +++ b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/RemoteAttestation.java @@ -49,7 +49,7 @@ public final class RemoteAttestation { * * @param enclave an enclave instance. * @param userData provided as user identification, its length must be 64 bytes. - * If userData is null, Teaclave-java-tee-sdk will generate a random buffer + * If userData is null, Teaclave Java TEE SDK will generate a random buffer * with 64 length bytes for it. * If userData's length exceeds 64 bytes, RemoteAttestationException * will be thrown. diff --git a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/TeeSdkEnclave.java b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/TeeSdkEnclave.java index ca5dc64..fbd4bd6 100644 --- a/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/TeeSdkEnclave.java +++ b/sdk/host/src/main/java/org/apache/teaclave/javasdk/host/TeeSdkEnclave.java @@ -37,7 +37,7 @@ final class TeeSdkEnclave extends AbstractEnclave { // enclaveHandle stores created enclave's handle id. private long enclaveHandle; // isolate stores svm created isolate instance. - // In Teaclave-java-tee-sdk only one isolateHandle instance will be created. + // In Teaclave Java TEE SDK only one isolateHandle instance will be created. private long isolateHandle; // isolateThreadHandle stores the first attached isolateThread Handle. private long isolateThreadHandle; diff --git a/sdk/host/src/main/native/cpp/attestation_verify/sgx/jni/jni_remote_attestation_verify.c b/sdk/host/src/main/native/cpp/attestation_verify/sgx/jni/jni_remote_attestation_verify.c index 2728188..ca63c64 100644 --- a/sdk/host/src/main/native/cpp/attestation_verify/sgx/jni/jni_remote_attestation_verify.c +++ b/sdk/host/src/main/native/cpp/attestation_verify/sgx/jni/jni_remote_attestation_verify.c @@ -53,12 +53,12 @@ verify_result_wrapper ecdsa_quote_verification_qvl(const uint8_t* quote, uint32_ // Step one, get supplemental_data_size. dcap_ret = sgx_qv_get_quote_supplemental_data_size(&supplemental_data_size); if (dcap_ret != SGX_QL_SUCCESS) { - // printf("Teaclave-java-tee-sdk Remote Attestation Error: sgx_qv_get_quote_supplemental_data_size failed: 0x%04x\n", dcap_ret); + // printf("Teaclave Java TEE SDK Remote Attestation Error: sgx_qv_get_quote_supplemental_data_size failed: 0x%04x\n", dcap_ret); result.status = QUOTE_VERIFICATION_STATUS_GET_DATA_SIZE_FAILED; return result; } if (supplemental_data_size != sizeof(sgx_ql_qv_supplemental_t)) { - // printf("Teaclave-java-tee-sdk Remote Attestation Warning: sgx_qv_get_quote_supplemental_data_size returned size is not same with header definition in SGX SDK, please make sure you are using same version of SGX SDK and DCAP QVL.\n"); + // printf("Teaclave Java TEE SDK Remote Attestation Warning: sgx_qv_get_quote_supplemental_data_size returned size is not same with header definition in SGX SDK, please make sure you are using same version of SGX SDK and DCAP QVL.\n"); result.version_check = QUOTE_VERIFICATION_VERSION_CHECK_FAILED; return result; } diff --git a/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h b/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h index 3540350..058a196 100644 --- a/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h +++ b/sdk/host/src/main/native/cpp/platform/libos_occlum_enclave/jni/jni_occlum_enclave.h @@ -38,7 +38,7 @@ typedef struct { { \ jclass ra_class = (*env)->FindClass(env, exception); \ if (ra_class == NULL) { \ - fprintf(stderr, "Teaclave-java-tee-sdk Error: "); \ + fprintf(stderr, "Teaclave Java TEE SDK Error: "); \ fprintf(stderr, exception); \ fprintf(stderr, " class loading failed.\n"); \ return; \ diff --git a/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h b/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h index 0c268df..47f32e4 100644 --- a/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h +++ b/sdk/host/src/main/native/cpp/platform/mock_in_svm/jni/jni_mock_in_svm.h @@ -38,7 +38,7 @@ typedef struct { { \ jclass ra_class = (*env)->FindClass(env, exception); \ if (ra_class == NULL) { \ - fprintf(stderr, "Teaclave-java-tee-sdk Error: "); \ + fprintf(stderr, "Teaclave Java TEE SDK Error: "); \ fprintf(stderr, exception); \ fprintf(stderr, " class loading failed.\n"); \ return; \ diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c index 34568a4..ae6c4d5 100644 --- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c +++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.c @@ -242,7 +242,7 @@ JavaEnclave_TeeSDK_REMOTE_ATTESTATION_REPORT(JNIEnv *env, jobject obj, jlong enc // Step five, clear up loaded qe. qe3_ret = unload_qe_signed_package(); if (SGX_QL_SUCCESS != qe3_ret) { - printf("Teaclave-java-tee-sdk Warning: clear up loaded qe files failed"); + printf("Teaclave Java TEE SDK Warning: clear up loaded qe files failed"); } // create a quote byte array. diff --git a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h index 984fbd1..805f329 100644 --- a/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h +++ b/sdk/host/src/main/native/cpp/platform/tee_sdk_svm/jni/jni_tee_sdk_svm.h @@ -44,7 +44,7 @@ typedef struct { { \ jclass ra_class = (*env)->FindClass(env, exception); \ if (ra_class == NULL) { \ - fprintf(stderr, "Teaclave-java-tee-sdk Error: "); \ + fprintf(stderr, "Teaclave Java TEE SDK Error: "); \ fprintf(stderr, exception); \ fprintf(stderr, " class loading failed.\n"); \ return; \ diff --git a/test/enclave/src/test/java/org/apache/teaclave/javasdk/test/enclave/TestEnclaveException.java b/test/enclave/src/test/java/org/apache/teaclave/javasdk/test/enclave/TestEnclaveException.java index 4c08032..d154294 100644 --- a/test/enclave/src/test/java/org/apache/teaclave/javasdk/test/enclave/TestEnclaveException.java +++ b/test/enclave/src/test/java/org/apache/teaclave/javasdk/test/enclave/TestEnclaveException.java @@ -26,6 +26,6 @@ import static org.junit.jupiter.api.Assertions.*; public class TestEnclaveException { @Test public void testEnclaveException() { - assertThrows(JavaEnclaveException.class, () -> new EnclaveExceptionImpl().enclaveException("Teaclave-java-tee-sdk Exception")); + assertThrows(JavaEnclaveException.class, () -> new EnclaveExceptionImpl().enclaveException("Teaclave Java TEE SDK Exception")); } } diff --git a/test/host/src/main/java/org/apache/teaclave/javasdk/test/host/TestEnclaveException.java b/test/host/src/main/java/org/apache/teaclave/javasdk/test/host/TestEnclaveException.java index 8d9e2df..f17d72a 100644 --- a/test/host/src/main/java/org/apache/teaclave/javasdk/test/host/TestEnclaveException.java +++ b/test/host/src/main/java/org/apache/teaclave/javasdk/test/host/TestEnclaveException.java @@ -40,7 +40,7 @@ public class TestEnclaveException { assertNotNull(userServices); assertTrue(userServices.hasNext()); EnclaveException service = userServices.next(); - assertThrows(JavaEnclaveException.class, () -> service.enclaveException("Teaclave-java-tee-sdk Exception")); + assertThrows(JavaEnclaveException.class, () -> service.enclaveException("Teaclave Java TEE SDK Exception")); enclave.destroy(); } diff --git a/tools/cicd/dockerfile_release b/tools/cicd/dockerfile_release index e204c2f..279d472 100644 --- a/tools/cicd/dockerfile_release +++ b/tools/cicd/dockerfile_release @@ -19,6 +19,6 @@ FROM javaenclave_base:v0.1.0 as javaenclave_release LABEL maintainer="Junshao Wang" -# Install Teaclave-java-tee-sdk +# Install Teaclave Java TEE SDK WORKDIR /opt ADD ["javaenclave.tar.gz", "."] diff --git a/tools/cicd/jenkinsfile b/tools/cicd/jenkinsfile index a87524d..9842ce1 100644 --- a/tools/cicd/jenkinsfile +++ b/tools/cicd/jenkinsfile @@ -6,9 +6,9 @@ pipeline { } } stages { - stage('Test and Build Teaclave-java-tee-sdk') { + stage('Test and Build Teaclave Java TEE SDK') { steps { - echo 'Build Teaclave-java-tee-sdk:' + echo 'Build Teaclave Java TEE SDK:' sh "./tools/cicd/make.sh" } post { --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
