gramine

2022-03-26 · 5 min read

• #confidential-computing
• #gramine
• #sgx
• #libOS

site: https://gramineproject.io/ github: https://github.com/gramineproject/gramine related: mystikos

Gramine on Azure #

Related: fortanix rust tutorial > Fortanix on Azure DCsv3 VM

Provision our VM #

We're using Ubuntu 20.04 LTS here. If you use an older Ubuntu version, you will experience problems.

$ az vm create \
	--name sgx-test \
	--resource-group sgx-test_group \
	--size Standard_DC1s_v3 \
	--image Canonical:0001-com-ubuntu-server-focal:20_04-lts-gen2:latest

{
  "fqdns": "",
  "id": "/subscriptions/XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX/resourceGroups/sgx-test_group/providers/Microsoft.Compute/virtualMachines/sgx-test",
  "location": "westus",
  "macAddress": "..",
  "powerState": "VM running",
  "privateIpAddress": "10.0.0.4",
  "publicIpAddress": "..",
  "resourceGroup": "sgx-test_group",
  "zones": ""
}

Installing Dependencies #

Still on our DCsv3 VM w/ Ubuntu 20.04

# Intel SGX SDK
$ echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
$ wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -

# Azure DCAP SDK
$ echo "deb [arch=amd64] https://packages.microsoft.com/ubuntu/20.04/prod focal main" | sudo tee /etc/apt/sources.list.d/msprod.list
$ wget -qO - https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

$ sudo apt update

# SGX SDK libs should show up now
$ apt search libsgx
libsgx-ae-epid/unknown 2.15.101.1-bionic1 amd64
  Intel(R) Software Guard Extensions QE and PvE
# ..
libsgx-urts-dbgsym/unknown 2.15.101.1-bionic1 amd64
  debug symbols for libsgx-urts

$ sudo apt upgrade

# install SGX SDKs and gramine build deps
$ sudo apt-get install -y \
	build-essential autoconf bison gawk libcurl4-openssl-dev \
	libprotobuf-c-dev ninja-build pkg-config protobuf-c-compiler python3 \
	python3-click python3-jinja2 python3-pip python3-protobuf wget \
	libunwind8 python3-pyelftools python3-pytest \
	libsgx-dcap-quote-verify-dev az-dcap-client \
	libsgx-enclave-common libsgx-quote-ex libsgx-dcap-ql libsgx-dcap-ql-dev
$ sudo python3 -m pip install 'meson>=0.55' 'toml>=0.10'

Build Gramine #

# pull gramine src
$ git clone https://github.com/gramineproject/gramine.git --depth=1
$ cd gramine

# build gramine
$ meson setup build/ --buildtype=release \
    -Dsgx=enabled -Ddirect=disabled -Ddcap=enabled
$ ninja -C build/
$ sudo ninja -C build/ install

Run the helloworld #

# generate our enclave signing key
$ gramine-sgx-gen-private-key

# # (If their command doesn't work) generate your enclave signing key
# $ mkdir -p ~/.config/gramine
# $ openssl genrsa -3 -out ~/.config/gramine/enclave-key.pem 3072

# Run helloworld
$ cd CI-Examples/helloworld
$ make SGX=1
$ gramine-sgx helloworld
# ..
Hello, world

GSC (Gramine Shielded Containers) #

We're going to try building a sample OpenVino container, then wrap it with Gramine Shielded Containers (GSC) to run on a remote enclave.

Build example container (on local machine!) #

$ git clone https://github.com/gramineproject/gsc.git
$ cd gsc/Examples/openvino

$ docker build --rm \
	-t ubuntu20.04-openvino \
	-f ubuntu20.04-openvino.dockerfile .

$ cd ../../
$ mkdir .venv && python3 -m venv ./.venv/gsc # (phlip9-only) $ mkvenv gsc
$ ./.venv/gsc/bin/activate                   # (phlip9-only) $ workon gsc
(gsc) $ pip3 install --upgrade pip
(gsc) $ pip3 install docker jinja2 toml pyyaml

Create gsc/config.yaml #

# gsc/config.yaml
# Specify the OS distro. Currently tested distros are
# ``ubuntu:18.04``, ``ubuntu:20.04``, ``ubuntu:21.04`` and ``centos:8``.
Distro: "ubuntu:20.04"

# If you're using your own fork and branch of Gramine, specify the GitHub link and the branch name
# below; typically, you want to keep the default values though
Gramine:
    Repository: "https://github.com/gramineproject/gramine.git"
    Branch:     "master"
	# Build based on a pre-built image (via ./gsc build-gramine)
	# Image: ""

# Specify the Intel SGX driver installed on your machine (more specifically, on the machine where
# the graminized Docker container will run); there are several variants of the SGX driver:
#
#   - legacy out-of-tree driver: use something like the below values, but adjust the branch name
#         Repository: "https://github.com/01org/linux-sgx-driver.git"
#         Branch:     "sgx_driver_1.9"
#
#   - DCAP out-of-tree driver: use something like the below values
#         Repository: "https://github.com/intel/SGXDataCenterAttestationPrimitives.git"
#         Branch:     "DCAP_1.11 && cp -r driver/linux/* ."
#
#   - DCAP in-kernel driver: use empty values like below
#         Repository: ""
#         Branch:     ""
#
SGXDriver:
    Repository: ""
    Branch:     ""

(WSL-only) Edit gsc/gsc.py #

TODO: submit a PR

diff --git a/gsc.py b/gsc.py
index 4e71d12..b9a33cf 100755
--- a/gsc.py
+++ b/gsc.py
@@ -43,10 +43,12 @@ def build_docker_image(docker_api, build_path, image_name, dockerfile, **kwargs)
                               **kwargs)
     for chunk in stream:
         encoding = sys.stdout.encoding if sys.stdout.encoding is not None else 'UTF-8'
-        json_output = json.loads(chunk.decode(encoding))
-        if 'stream' in json_output:
-            for line in json_output['stream'].splitlines():
-                print(line)
+        msgs = chunk.decode(encoding).splitlines()
+        for msg in msgs:
+            json_output = json.loads(msg)
+            if 'stream' in json_output:
+                for line in json_output['stream'].splitlines():
+                    print(line)


 def extract_binary_cmd_from_image_config(config, env):

Gramine-ify and sign built container #

# gramine-ify built container
(gsc) $ ./gsc build --insecure-args ubuntu20.04-openvino \
    Examples/openvino/ubuntu20.04-openvino.manifest

# generate our enclave signing key
$ mkdir -p ~/.config/gramine
$ openssl genrsa -3 -out ~/.config/gramine/enclave-key.pem 3072

# sign our container
(gsc) $ ./gsc sign-image ubuntu20.04-openvino ~/.config/gramine/enclave-key.pem

Successfully built a signed Docker image `gsc-ubuntu20.04-openvino` from `gsc-ubuntu20.04-openvino-unsigned`.

Gramine RA-TLS (Remote Attestation) #

• Enclaves create a random, self-signed RA-TLS cert containing an attestation Quote.
• Client connects to the enclave over TLS. The client's TLS library is hooked with a custom cert chain verifier, which verifies the attestation quote.

RA-TLS x509 certificate #

• The enclave generates an RSA 3072 key pair.
• The enclave builds an attestation Report containing hash(pubkey) in the user report_data.
• The enclave gets an attestation Quote endorsing their Report.
• The enclave generates a self-signed cert embedding the Quote. The cert is signed with their previously generated RSA key.

RA-TLS x509 cert details #

• MD Alg: SHA256
• Subject Key: enclave's RSA pubkey
• Issuer Key: enclave's RSA pubkey
• Subject Name: "CN=RATLS,O=GramineDevelopers,C=US"
• Issuer Name: "CN=RATLS,O=GramineDevelopers,C=US"
• Serial Number: 1 (dummy value)
• Timestamp Not-Before: (configurable)
• Timestamp Not-After: (configurable)
• Custom Quote Extension: quote bytes