Commit Graph

10 Commits

Author SHA1 Message Date
Jämes Ménétrey
8b8c59589d
Clarify how to verify SGX evidence without an Intel SGX-enabled platform (#3158)
This PR encompasses two complementing purposes:

A documentation on verifying an Intel SGX evidence as produced by WAMR,
including a guide for verification without an Intel SGX-enabled platform.
This also contains a small addition to the RA sample to extract specific
information, such as whether the enclave is running in debug mode.

A C# sample to verify evidence on trusted premises (and without Intel SGX).
Evidence is generated on untrusted environments, using Intel SGX.
2024-02-17 18:44:22 +08:00
Haoxuan Xu
ef5e74fd8a
fix(sgx-ra): Fix building when enclave is built without librats ahead (#2968)
This PR addresses the issue with building the sgx-ra sample when the enclave under
the path product-mini/platforms/linux-sgx/enclave-sample is built beforehand.

When the enclave is built without librats ahead, an error occurs as the following
without the changes:
```bash
...
CP libvmlib.a  <=  /home/haoxuan/wasm-micro-runtime/samples/sgx-ra/build/libvmlib.a
/usr/local/bin/ld: libvmlib.a(lib_rats_wrapper.c.o): in function `librats_collect_wrapper':
lib_rats_wrapper.c:(.text.librats_collect_wrapper+0x4a): undefined reference to `wasm_runtime_get_module_hash'
collect2: error: ld returned 1 exit status
```
2024-01-02 16:32:16 +08:00
Jämes Ménétrey
f9e8b9535e
Attestation: Free JSON from the Wasm module heap (#2803)
The JSON evidence is allocated on the module instance heap, but no API
was given to dispose of this memory buffer. The sample mentions using
the function free, which behaves differently depending on the
execution context.

This fix provides a new function called librats_dispose_evidence_json,
enabling freeing the JSON evidence directly from the Wasm app.
2023-11-22 10:48:14 +08:00
Jämes Ménétrey
365cdfeb71
Upgrade SGX-RA integration for 0.1.2 and Ubuntu 20.04 (#2454) 2023-08-15 10:12:43 +08:00
Wenyong Huang
9b9ae0cfac
Update cmake files and wamr-test-suites to support collect code coverage (#1992)
Support collecting code coverage with wamr-test-suites script by using
lcov and genhtml tools, eg.:
  cd tests/wamr-test-suites
  ./test_wamr.sh -s spec -b -P -C

The default code coverage and html files are generated at:
  tests/wamr-test-suites/workspace/wamr.lcov
  tests/wamr-test-suites/workspace/wamr-lcov.zip

And update wamr-test-suites scripts to support testing GC spec cases to
avoid frequent synchronization conflicts between branch main and dev/gc.
2023-02-28 17:38:18 +08:00
Wenyong Huang
29b76dd275
Create module hash for each module in SGX lib-rats (#1745)
Current SGX lib-rats wasm module hash is stored in a global buffer,
which may be overwritten if there are multiple wasm module loadings.
We move the module hash into the enclave module to resolve the issue.

And rename the SGX_IPFS macro/variable in Makefile and Enclave.edl to
make the code more consistent.

And refine the sgx-ra sample document.
2022-11-24 21:48:50 +08:00
Zeuson
656a8427e6
linux-sgx: Improve the remote attestation (#1695)
The current implementation of remote attestation does not take into
account the integrity of the wasm module. The SHA256 of the wasm
module has been put into user_data to generate the quote, and more
parameters are exposed for further verification.
2022-11-22 14:45:03 +08:00
Jämes Ménétrey
aba267afc7
linux-sgx: Improve the documentation of SGX-RA sample (#1679)
Improve the documentation for setting up SGX-RA using WAMR, based on
the feedback in #1670.

This notably highlights the dependency on Intel PCS and PCCS and how to
install/configure them.
2022-11-04 14:14:18 +08:00
Wenyong Huang
0cea769b71
Fix sample sgx-ra build error (#1544) 2022-09-30 15:57:04 +08:00
Zeuson
729c4aeeaa
Enable remote attestation by librats in SGX mode (#1445)
Add library librats, update SGX build scripts, add sample and update document.
2022-09-06 14:29:58 +08:00