WIP - Adding AWS Greengrass - Parsec Demo

.gitignore

@@ -0,0 +1,9 @@
+*.iml
+target
+dependency-reduced-pom.xml
+.flattened-pom.xml
+.idea
+.run/gg_*
+.run/parsec_docker_run.run.xml
+secrets.env
+

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "greengrass_parsec_workshop/aws-greengrass-parsec-provider"]
+	path = greengrass_parsec_workshop/aws-greengrass-parsec-provider
+	url = https://github.com/56kcloud/aws-greengrass-parsec-provider.git
+	branch = main

README.md

@@ -1,37 +1,39 @@
-# Parsec Tutorials and Workshops
+# PARSEC Tutorials and Workshops
 
-<img src="../img/56k.jpg" alt="56K.Cloud Logo" width="150" height="99">
-<img src="https://github.com/parallaxsecond/parsec/doc/images/parsec/ARM1007_PARSEC Logo_ST2_RGB_Stacked_Colour.png" alt="Parsec logo">
+<img src="img/56k.cloud_logo_.png" alt="56K.Cloud Logo" width="150">
 
-This repo contains an independant setup of introudciton to Parsec and workshop tutorials to introduce both Parsec as a security tool for developers and a provider on various platforms. This content is supported by 56K.Cloud and by members of the community. We welcome contributions and want to grow the repo.
+![PARSEC logo](https://raw.githubusercontent.com/parallaxsecond/parsec/67a22ccc11a8914068f9a559c9f8005ca6b17673/doc/images/parsec/ARM1007_PARSEC%20Logo_ST2_RGB_Stacked_Colour.png)
+
+This repo contains an independant setup of introduction to PARSEC and workshop tutorials to introduce both PARSEC as a security tool for developers and a provider on various platforms. This content is supported by 56K.Cloud and by members of the community. We welcome contributions and want to grow the repo.
 (Some workshops are currently in progress of being updated)
 
-#### Parsec Tutorials:
-* [Introduction to Parsec](intro/README.md)
-* [AWS Greengrass and Parsec Workshop (WIP)](greengrass_parsec_workshop/README.md)
+#### PARSEC Tutorials:
+* [Introduction to PARSEC](intro/README.md)
+* [AWS Greengrass and PARSEC Workshop (WIP)](greengrass_parsec_workshop/README.md)
 * [AWS Graviton2](kickstart/README.md)
 * [ARM DevSummit 2021 Workshop (RPi + TPM Example)](devsummit2021/README.md)
 * [Parsec on Qualcomm RB5 /w HW RoT and Secure96 (WIP)]
 
-### Additional Parsec Information
+### Additional PARSEC Information
 
 Be sure to check out the additional Docker ressources section aimed at Developers.
 
-* [Parsec Addtional Ressources](additional-ressources/)
-* Parsec Community 
-* Parsec Demos on Youtube
+* [PARSEC Addtional Ressources](additional-ressources/)
+* PARSEC Community
+* PARSEC Demos on Youtube
 
 
 #### Contributing
 
-We'd love to hear from you and how you would like to contrivbute, please fork this repo and make corrections, adoptions and updates as you wish, as parsec is always evolving so does the need for the training
+We'd love to hear from you and how you would like to contribute, please fork this repo and make corrections, adoptions and updates as you wish, as PARSEC is always evolving so does the need for the training.
 
-Companies and Individusl current contiburing / participating 
+Companies and Individusl that have contributed and participated in building this workshop
 * [56K.Cloud](https://blog.56k.cloud/arm-parsec-and-56k-5gusecases/)
 * [SayDo](https://www.saydo.co/en/)
 * [ReVault](https://revault.ch/en/#)
-* [ARM]
+* [Solid-Run](https://solid-run.com/)
+* [ARM](https://developer.arm.com/solutions/infrastructure/developer-resources/security/parsec)
 
 #### Contact
 
-Welcome to contact the 56K.Cloud Team and ARM team for any futher information, we are happy to support your cloud security journey 
+Welcome to contact the 56K.Cloud and ARM Team for any futher information, we are happy to support your cloud security journey.

greengrass_parsec_workshop/.dockerignore

@@ -0,0 +1,15 @@
+build_demo.sh
+greengrass_demo/.gitignore
+secrets.env
+target
+.gitignore
+.git
+.cache
+**/parsec_docker_cache
+**/target
+.idea
+*.iml
+.run
+.flattened-pom.xml
+*~
+.DS_Store

greengrass_parsec_workshop/README.md

@@ -1,21 +1,52 @@
-# AWS Greengrass using Parsec - Workshop
+# AWS IoT Greengrass using PARSEC - Workshop
 
-This is a short workshop on how to use PARSEC plugin in AWS Greengrass v2 Nucleaus to achieve native security across device hardware
-Before you begin you should be family of both PARSEC and AWS Greengrass, have at least deployed both and understand the use case of both technologies, we recommend the following to become familur
+This is a short workshop on how to use the PARSEC plugin in AWS IoT Greengrass v2 Nucleaus to achieve native security across device hardware.
 
-* [AWS Greengrass V2 Workshop](https://catalog.us-east-1.prod.workshops.aws/v2/workshops/5ecc2416-f956-4273-b729-d0d30556013f/en-US/) 
-* Parsec Walkthorugh with 
+Before you begin you should be familiar with PARSEC and AWS IoT Greengrass. You should have at least deployed both and understand the use case of both technologies, we recommend the following to become familiar
+
+* [AWS IoT Greengrass V2 Workshop](https://catalog.us-east-1.prod.workshops.aws/v2/workshops/5ecc2416-f956-4273-b729-d0d30556013f/en-US/)
+* PARSEC Walkthrough with
 
 ## DEMO
-Located in this workshop is a "out of the box" demo setup which build and deploys the complete solution from the workshop learning steps, it is used as both a learning guide and short example when demonstrating the use of Parsec with AWS Greengrass
+Located in this workshop is a "out of the box" demo setup which build and deploys the complete solution from the workshop learning steps, it is used as both a learning guide and short example when demonstrating the use of PARSEC with AWS IoT Greengrass.
+
+### How to start the Demo
+
+#### Clone the repo and switch to the branch
+```shell
+git clone [email protected]:56kcloud/parsec-workshop.git
+cd parsec-workshop
+git checkout building_parsec_workshop
+```
+
+#### Create `secrets.env` file
+```shell
+cat <<EOT >secrets.env
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+AWS_REGION=eu-central-1
+EOT
+```
+
+#### Run the demo
+```shell
+./build_demo.sh
+```
+This script builds all the containers and runs the demo.
+
+__PLEASE NOTE__: Depending on the spec of your machine the building of the containers can take between 10 and 20 minutes. It depends on how long the AWS CRT and Device SDK container build runs, as they are build from a branch (op-key-prototype) that hasn't been upstreamed yet.
+
+Once the build is finished it will go directly into provisioning Greengrass, and restarts with the PARSEC plugin where the provisioning step stores the private key in the PARSEC service (EMbed crypto backend)
+
+If you visit the [Greengrass console](https://eu-central-1.console.aws.amazon.com/iot/home?region=eu-central-1#/greengrass/v2/cores) you should now see your device listed as `<hostname/username>-greengrass-parsec`
 
-### How to get started
+### How to get started in development
 
 To get started you will need the following, an aarch64 or x86 device or your local computer, an active AWS account and your API credentials, Github access configurated locally
 The demo.sh file will do the following
 
-- Prepare Git and gitsubmodule (for sourcing the Java client, Greengrass Parsec plugin and build them )
-- Build the docker containers that package in, AWS Greengrass, Parsec service and intermidate steps 
+- Prepare Git and gitsubmodule (for sourcing the Java client, Greengrass PARSEC plugin and build them )
+- Build the docker containers that package in, AWS IoT Greengrass, PARSEC service and intermidate steps
 
 If you don't have hardware at hand, but still would like to test on an embedded device, then the ARM Hardware lab hosted by MiniNodes can help more info can be found here: https://github.com/WorksOnArm/mininodes-arm-edge
 
@@ -29,14 +60,14 @@ Tested on the following
 
 TPM's currently being implemented as part of this workshop
 
-- 96boards Secure96 TPM 
+- 96boards Secure96 TPM
 - Qualcomm SPU240 HW RoT / SPU (WIP)
-- EDK II UEFI SoftTPM (new concept) 
+- EDK II UEFI SoftTPM (new concept)
 
-### Example of 
+### Example of Demo
 
-Example of 3 screens, PArsec Service, Greengrass Local Debug Console showing 
-<img src="docs/56kcloud_parsec_greengrass_onrb5_sucess.png" alt="56K.Cloud Logo" height="1024">
+Example of 3 screens, PARSEC Service, Greengrass Local Debug Console showing
+<img src="docs/56kcloud_parsec_greengrass_onrb5_sucess.png" alt="56K.Cloud Logo" height="800">
 
 ## Contributions
 
@@ -45,4 +76,4 @@ Companies and Individusl that have contributed and participated in building this
 * [SayDo](https://www.saydo.co/en/)
 * [ReVault](https://revault.ch/en/#)
 * [Solid-Run](https://solid-run.com/)
-* [ARM](https://developer.arm.com/solutions/infrastructure/developer-resources/security/parsec)
+* [ARM](https://developer.arm.com/solutions/infrastructure/developer-resources/security/parsec)

greengrass_parsec_workshop/build_demo.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 pushd $(dirname $0)
-md5_cmd=md5
+md5_cmd=md5sum
 
 if ! test -x /sbin/md5; then
   md5_cmd=md5sum
@@ -12,44 +12,51 @@ if test -e /etc/hostname; then
 fi
 
 function update_git() {
+  echo "Update git modules ..."
   # Need to update the protobuf from parsec
-  git submodule init
-  git submodule update
-
+  git submodule update --init --recursive
+  echo "... git modules updated."
 }
 
-function dirty_build_on_new_comits() {
+function dirty_build_on_new_commits() {
   for repo in \
     awslabs/aws-crt-java \
-    aws/aws-iot-device-sdk-java-v2 \
-    revaultch/aws-greengrass-nucleus; do
+    aws/aws-iot-device-sdk-java-v2; do
+#    revaultch/aws-greengrass-nucleus; do
   curl -S https://api.github.com/repos/${repo}/commits/key-op-prototype
   done | ${md5_cmd} | cut -d" " -f1 > greengrass_demo/dirty_repo.txt
   touch -t 190001010000 greengrass_demo/dirty_repo.txt
   export DIRTY_TS=$(cat greengrass_demo/dirty_repo.txt)
 }
 
 function build_greengrass_patched() {
-pushd examples/greengrass/parsec-greengrass-run-config/docker/
-docker build . \
-       --build-arg BUILD_TS=${DIRTY_TS} \
-       --tag parallaxsecond/greengrass_patched:latest \
-       --progress plain
-popd
+  echo "Build greengrass patched ..."
+  pushd ./aws-greengrass-parsec-provider/parsec-greengrass-run-config/docker/
+  docker build . \
+         --build-arg BUILD_TS=${DIRTY_TS} \
+         --tag parallaxsecond/greengrass_patched:latest \
+         --progress plain
+  popd
+  echo "... greengrass patched successfully built."
 }
+
 function copy_deps_from_greengrass_patched_to_local() {
   docker run -v ~/.m2/repository:/host_m2_repository parallaxsecond/greengrass_patched:latest \
   /bin/bash -c "cp -r ~/.m2/repository/* /host_m2_repository"
 }
 
 function build_parsec_containers() {
-pushd ./parsec-testcontainers/
-./build.sh
-popd
+  echo "Build PARSEC containers ..."
+  pushd ./parsec-testcontainers/
+  ./build.sh
+  popd
+  echo "... successfully built PARSEC containers."
 }
 
 function build_greengrass_with_provider() {
+  echo "Build of Greengrass and PARSEC Plugin started..."
   docker build . -f greengrass_demo/Dockerfile --tag parallaxsecond/greengrass_demo:latest  --progress plain
+  echo "... successfully built greengrass and PARSEC plugin."
 }
 
 function parsec_run() {
@@ -60,6 +67,7 @@ function parsec_run() {
           -v GG_PARSEC_SOCK:/run/parsec \
            parallaxsecond/parsec:0.8.1
 }
+
 function gg_run() {
   docker rm -f "${1}" 2> /dev/null
 
@@ -76,6 +84,7 @@ function gg_run() {
          -v GG_HOME:/home/ggc_user \
          parallaxsecond/greengrass_demo:latest "${2}"
 }
+
 function run_demo() {
   parsec_run
   source secrets.env
@@ -85,15 +94,33 @@ function run_demo() {
 }
 
 function build() {
+  update_git
   echo "Starting build ..."
-  dirty_build_on_new_comits
+  dirty_build_on_new_commits
+  build_parsec_containers
   build_greengrass_patched
   copy_deps_from_greengrass_patched_to_local
-  build_parsec_containers
   build_greengrass_with_provider
-  echo "Build Done."
+  echo "... build done."
 }
+
+function validate() {
+  echo "Validate requirements ..."
+  if ! docker info > /dev/null 2>&1; then
+    echo "This script uses docker, and it isn't running - please start docker and try again!"
+    exit 1
+  fi
+
+  if [ ! -f "secrets.env" ]; then
+    echo "The file 'secrets.env' does not exist. Please create it and set the needed env variables."
+    exit
+  fi
+
+  echo "... requirements successfully validated."
+}
+
 if [ "${1}" == "" ]; then
+  validate
   build
   run_demo
 else

greengrass_parsec_workshop/cleanup_demo.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+
+# Cleanup the container's that are started in the `build_demo.sh` script
+docker rm -f greengrass_demo_run
+docker rm -f parsec_docker_run

greengrass_parsec_workshop/greengrass_demo/Dockerfile

@@ -1,8 +1,8 @@
 FROM parallaxsecond/greengrass_patched:latest as from_source_builder
 COPY ./ /project
-RUN cd /project && \
+RUN cd /project/aws-greengrass-parsec-provider && \
      ./mvnw clean install -DskipTests=true -Dcontainers.skip=true
 
 FROM parallaxsecond/greengrass_patched:latest
-COPY --from=from_source_builder /project/examples/greengrass/parsec-greengrass-plugin/target/aws.greengrass.crypto.ParsecProvider.jar /provider.jar
+COPY --from=from_source_builder /project/aws-greengrass-parsec-provider/parsec-greengrass-plugin/target/aws.greengrass.crypto.ParsecProvider.jar /provider.jar
 COPY greengrass_demo/config.yml /greengrass/

greengrass_parsec_workshop/parsec-testcontainers/.gitignore

@@ -0,0 +1 @@
+parsec_docker_cache

greengrass_parsec_workshop/parsec-testcontainers/build.sh

@@ -0,0 +1,15 @@
+#!/bin/bash -e
+docker_cache=parsec_docker_cache
+
+CACHE_CONFIG=""
+if (docker buildx inspect |grep "Driver: docker-container"); then
+  CACHE_CONFIG=" --set *.cache-from=type=local,src=${docker_cache} --set *.cache-to=mode=max,type=local,dest=${docker_cache}_new"
+fi
+
+# shellcheck disable=SC2086
+docker buildx bake ${CACHE_CONFIG} \
+  --progress plain \
+  --load
+
+rm -rf ${docker_cache} || true
+mv ${docker_cache}_new ${docker_cache} || true

greengrass_parsec_workshop/parsec-testcontainers/docker-bake.hcl

@@ -0,0 +1,38 @@
+group "default" {
+  #targets = ["parsec", "parsec_0_7_0", "parsec_0_8_1"]
+  targets = ["parsec_0_8_1"]
+}
+target "generic" {
+  context = "."
+  args = {
+    REGISTRY = "parallaxsecond"
+  }
+}
+target "parsec" {
+  inherits = ["generic"]
+  context  = "./parsec"
+  args = {
+    PARSEC_BRANCH = "main"
+  }
+  tags = [
+    "parallaxsecond/parsec:latest"
+  ]
+}
+target "parsec_0_8_1" {
+  inherits = ["parsec"]
+  args = {
+    PARSEC_BRANCH = "0.8.1"
+  }
+  tags = [
+    "parallaxsecond/parsec:0.8.1"
+  ]
+}
+target "parsec_0_7_0" {
+  inherits = ["parsec"]
+  args = {
+    PARSEC_BRANCH = "0.7.0"
+  }
+  tags = [
+    "parallaxsecond/parsec:0.7.0"
+  ]
+}