Re: [apache/incubator-teaclave-sgx-sdk] fix: correct buffer overwrite in sgx_libc::ocall::{read, pread64, readv, preadv64} (#353)
Thank you. @volcano0dr, can you review this PR again? Thanks. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/353#issuecomment-919620986
Re: [apache/incubator-teaclave] [SURVEY] What companies or open source projects are using the Apache Teaclave (Incubating) platform? (#310)
Hi, I want to ping this thread again. Please tell us while using the SDK for SGX implementation. This is really important for us to build the community. You can also send a pull request to the "Powered By" page in our home page about your projects/companies here: https://github.com/apache/incubator-teaclave-website/blob/master/site/powered-by.md -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/310#issuecomment-919570861
Re: [apache/incubator-teaclave-sgx-sdk] upgrade SDK and rust compiler urgently needed (#360)
@brenzi, as discussed with @volcano0dr, he's working on a new release recently. You'll see the changes in this month. In the meantime, I suggest to pin to a specific version (through vendoring) to avoid such problem. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/360#issuecomment-919570408
Re: [apache/incubator-teaclave] [SURVEY] What companies or open source projects are using the Apache Teaclave (Incubating) platform? (#310)
Reopened #310. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/310#event-5302486130
Re: [apache/incubator-teaclave] Support containerized Intel Aesmd service (#553)
Thanks for the proposal. I'm thinking if we still need keep the docker-compose files using the host aesmd. If not, we don't have to maintain these many `yml` files for both host aesmd and containerized aesmd. Also, we need to have a separate docker file for the AESM service only: `aesm-service.ubuntu-1804.Dockerfile`. I saw `linux-sgx/Dockerfile` uses multi-sage builds (https://docs.docker.com/develop/develop-images/multistage-build/) for different targets. I don't think this is suitable for us. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/553#issuecomment-919548754
[apache/incubator-teaclave] Support containerized Intel Aesmd service (#553)
### Motivation & problem statement As recommended in [Intel Linux SGX repo.](https://github.com/intel/linux-sgx), the aesmd service is to be built and run as a [containerized service](https://github.com/intel/linux-sgx/blob/master/docker/build/build_and_run_aesm_docker.sh#L41). it created a [named volume](https://github.com/intel/linux-sgx/blob/8abc6dd8cb44e3cef8294c508e77803ffeb8ed12/docker/build/build_and_run_aesm_docker.sh#L36) `aesmd-socket` that should be mounted into `/var/run/aesmd` folder in relying container. However, the docker compose files in Teaclave are using the following stanza to mount host based aesmd socket ![stanze_aemd_mount](https://user-images.githubusercontent.com/10856796/14968-9e3bbafd-dab9-45f1-b22b-022e65da92d7.png) That causes the following failure when starting with any docker compose files. ![aesmd_socket_notfound](https://user-images.githubusercontent.com/10856796/13373-58071e70-52b2-4b36-a932-6d367ae339da.png) ### Proposed solution I propose a solution to address this problems to streamline the usage of Teaclave services coordinated with containerized aesmd service through docker compose. the solution requires to introduce the following changes to Teaclave docker compose files and associated documents. - Remove the following configuration from all docker compose files for all services (3 files) ``` - type: bind source: /var/run/aesmd/aesm.socket target: /var/run/aesmd/aesm.socket ``` 1. docker-compose-ubuntu-1804-intel-sgx.yml 2. docker-compose-ubuntu-1804-isgx.yml 3. docker-compose-ubuntu-1804.yml - Add the following override compose files for host based aesmd socket bind mount for every services 1. docker-compose-ubuntu-1804-intel-sgx-with-host-aesmd-socket.yml 2. docker-compose-ubuntu-1804-isgx-with-host-aesmd-socket.yml 3. docker-compose-ubuntu-1804-with-host-aesmd-socket.yml with the following bind mount configuration ``` - type: bind source: /var/run/aesmd/aesm.socket target: /var/run/aesmd/aesm.socket ``` - Add the following override compose files for containerized aesmd socket volume mount for every services 1. docker-compose-ubuntu-1804-intel-sgx-with-aesmd-socket-volume.yml 2. docker-compose-ubuntu-1804-isgx-with-aesmd-socket-volume.yml 3. docker-compose-ubuntu-1804-with-aesmd-socket-volume.yml ``` - aesmd-socket:/var/run/aesmd ``` In addition, the README.md should be updated accordingly. Thanks. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/553
Tags of Teaclave Committers
Dear Teaclave Commiters, Thanks for your contribution to the projects. I'd like to propose "tags" of our committers to give a simple description of our current committers including our PPMC to show areas you're familiar with. This can help us to assign code reviews and help to answer related issues. This idea is from the TVM project. The project contributor page [1] lists the committers and their tags, e.g., runtime, relay, vm, compiler, etc. Each tag represents certain components or certain topics they're interested in/familiar with. I suggest doing the same to our contributor page [2]. I just came up with some tags like sgx-sdk, trustzone-sdk, faas-platform, rpc, attestation, etc. I hope this can give you some ideas of what it should look like. Therefore, please reply with your tags to this thread or send a PR to the website [3] directly. Thanks! Mingshen - [1] https://github.com/apache/tvm/blob/main/CONTRIBUTORS.md#committers - [2] https://teaclave.apache.org/contributors/ - [3] https://github.com/apache/incubator-teaclave-website/blob/master/site/contributors.md - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [apache/incubator-teaclave] Remove CONTRIBUTORS.md and point to the homepage (#552)
Merged #552 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/pull/552#event-5302240943
[apache/incubator-teaclave] Remove CONTRIBUTORS.md and point to the homepage (#552)
## Description Remove the `CONTRIBUTOS.md` file and point to the contributor information to the homepage. Originally, this file is to maintains all PPMC, committer and contributor list for the Teaclave platform project and sub-projects. However, Its very difficult to maintain the contributor list especially we have several sub-projects (SGX SDK, TrustZone SDK). I suggest to use the homepage to present our contributors instead. Also, people can submit PR to the `incubator-teaclave-website` repo to update the list. (https://github.com/apache/incubator-teaclave-website/blob/master/site/contributors.md) You can view, comment on, or merge this pull request online at: https://github.com/apache/incubator-teaclave/pull/552 -- Commit Summary -- * Remove CONTRIBUTORS.md and point to the homepage -- File Changes -- D CONTRIBUTORS.md (101) M README.md (3) -- Patch Links -- https://github.com/apache/incubator-teaclave/pull/552.patch https://github.com/apache/incubator-teaclave/pull/552.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/pull/552
Re: [apache/incubator-teaclave-sgx-sdk] [SURVEY] What companies or open source projects are using Apache Teaclave (Incubating) SGX SDK? (#239)
Hi, I want to ping this thread again. Please tell us while using the SDK for SGX implementation. This is really important for us to build the community. You can also send a pull request to the "Powered By" page in our home page about your projects/companies here: https://github.com/apache/incubator-teaclave-website/blob/master/site/powered-by.md -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/239#issuecomment-919503838
Re: [apache/incubator-teaclave-sgx-sdk] First Contribution: Issue #276 (#359)
The docs are rendered here: https://teaclave.apache.org/sgx-sdk-docs/ All links in the index page are broken because using absolute path. Can you fix it by changing them to relative path? For example, change `[Setting up your Development Environment](/documents/environment-setup.md)` to `[Setting up your Development Environment](environment-setup.md)` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/359#issuecomment-919490920
Re: [apache/incubator-teaclave-sgx-sdk] First Contribution: Issue #276 (#359)
Merged #359 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/359#event-5301898867
Re: [apache/incubator-teaclave-sgx-sdk] First Contribution: Issue #276 (#359)
> I see we already have a `release_notes.md` already, would you like the > release summaries seen in the main `Readme.md` added to these? I saw you fold the release summary, this is cool. Thanks! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/359#issuecomment-919419421
Re: [apache/incubator-teaclave-sgx-sdk] fix: correct buffer overwrite in sgx_libc::ocall::{read, pread64, readv, preadv64} (#353)
Sorry for the late reply. I've been very busy the last few weeks. Thanks to @volcano0dr for your suggestions. I just published a new commit with the suggested edits. Corentin Lauverjat @ Mithril Security -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/353#issuecomment-919180896