Cwinter ext attest #7
Open
+86,763
−26,700
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The prior path was actually a symlink made by `esy`, instead we need the real executable (and we have to rename it upon installation).
This adds automatic formatting to the build instead of just an editor hook.
We no longer need to create these ourselves.
With esy we have access to an up-to-date (and pinned) version of `ocamlformat`, which also formats our `dune` files. This newer version also allows us to include only our code, excluding the Intel code (and the copy of `main.ml`). Manually, this can be run via `esy dune build @fmt --auto-promote`, but this will also be integrated into the build system.
Notably Windows does not get setup via Ansible, only validated. So we'll have to manually install it.
This is temporary until the package is fixed not to contain broken symlinks, which causes the installation to crash on Windows.
This can be used manually or in scripts.
This is meant to be reverted once the containers are updated.
2221: Replace OCPWin and OCaml with esy r=andschwa a=andschwa This replaces the CMake-driven OCaml build with [`esy`](https://esy.sh/) and `dune`, which means that our dependencies drop down to just installing `esy` via `npm`, and it builds a native `oeedger8r` executable across all our platforms. Rough edges: - [x] It builds in the source tree instead of the build tree, grr. - [x] We need `npm install -g esy` done to our CI systems. - [x] Update Ansible scripts. - [x] Update Windows install script. - [x] Still need to update the CI containers. - [x] I need to setup the correct `.gitignore` file and commit the `esy.lock` directory to vendor our dependencies. Gains: no more OCPWin! Modern OCaml! OCaml packages! Dune build! (And actually, no `npm` requirement on Linux, only on Windows, and only for now.) Co-authored-by: Andrew Schwartzmeyer <[email protected]>
Bumps [ansible](https://github.com/ansible/community) from 2.8.0 to 2.8.2. - [Release notes](https://github.com/ansible/community/releases) - [Commits](https://github.com/ansible/community/commits) Signed-off-by: dependabot[bot] <[email protected]>
2292: Bump ansible from 2.8.0 to 2.8.2 in /scripts/ansible r=BRMcLaren a=dependabot[bot] Bumps [ansible](https://github.com/ansible/community) from 2.8.0 to 2.8.2. <details> <summary>Commits</summary> - See full diff in [compare view](https://github.com/ansible/community/commits) </details> <br /> [](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openenclave/openenclave/network/alerts). </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Replace references to the CLA requirement from contribution documents with information about the new DCO requirements. - Add a git hook to enforce that all commit messages must include a sign-off for the DCO. Signed-off-by: Simon Leet <[email protected]>
2295: Update project to use DCO instead of CLA r=CodeMonkeyLeet a=CodeMonkeyLeet - Replace references to the CLA requirement from contribution documents with information about the new DCO requirements. - Add a git hook to enforce that all commit messages must include a sign-off for the DCO. Signed-off-by: Simon Leet <[email protected]> Co-authored-by: Simon Leet <[email protected]>
Per contribution of the project to Confidential Computing Consortium, update all the copyright headers on source files to include all Open Enclave SDK contributors. All copyright headers should now read: ``` Copyright (c) Open Enclave SDK contributors. Licensed under the MIT License. ``` - Update scripts/check-license to enforce this new value on git commit. Signed-off-by: Simon Leet <[email protected]>
Signed-off-by: Simon Leet <[email protected]>
2260: Update copyright headers to include Open Enclave SDK contributors r=CodeMonkeyLeet a=CodeMonkeyLeet Per contribution of the project to Confidential Computing Consortium, update all the copyright headers on source files to include all Open Enclave SDK contributors. All copyright headers should now read: ``` Copyright (c) Open Enclave SDK contributors. Licensed under the MIT License. ``` - Update scripts/check-license to enforce this new value on git commit. Co-authored-by: Simon Leet <[email protected]>
The next latest version fixed the symlink issue in the package, which allows this to be installed on Windows. Note that the syntax ~0.12.0 does not work because the published package is no longer using semver, they dropped the trailing .0 and published with 0.12. Signed-off-by: Andrew Schwartzmeyer <[email protected]>
This is the last time we're doing this for a while, I swear. We couldn't stick to 0.11 because of issues installing it on Windows, and 0.12 surprisingly changes a lot more formatting than expected. Signed-off-by: Andrew Schwartzmeyer <[email protected]>
Signed-off-by: Andrew Schwartzmeyer <[email protected]>
2296: Add ocamlformat back to oeedger8r r=andschwa a=andschwa PR ocaml-ppx/ocamlformat#980 fixed the ocamlformat package to install on Windows, and the fix is in the latest release 0.12. This means that we can add it back, and make running ocamlformat part of the build, but it also requires auto-formatting the edger8r code again. Co-authored-by: Andrew Schwartzmeyer <[email protected]>
While the minutes were already public, we hadn't made their whereabouts widely known, so here they are. Note that the public can read and comment, but only CGC members can edit the document (admin invites just went out to all the CGC members). Signed-off-by: Andrew Schwartzmeyer <[email protected]>
Signed-off-by: Andrew Schwartzmeyer <[email protected]>
Signed-off-by: Andrew Schwartzmeyer <[email protected]>
2370: change required approvers from 1 to 2 r=BRMcLaren a=BRMcLaren Change the required reviewers from 1 to 2. We should be requiring 2 approvers given cross-collaboration efforts. Co-authored-by: Brett McLaren <[email protected]>
2406: Avoid data race with variable _capacity r=jhand2 a=jxyang This fix copies the shared variable `_capacity` into a thread-local area atomically, and then operates on the thread-local copy thereafter. This ensures function `oe_arena_malloc` sees a consistent capacity value throughout its execution in the face of other threads modifying `_capacity`. Co-authored-by: Xuejun Yang <[email protected]>
2415: Update OE SDK contact alias to [email protected] r=CodeMonkeyLeet a=CodeMonkeyLeet Signed-off-by: Simon Leet <[email protected]> Co-authored-by: Simon Leet <[email protected]>
Signed-off-by: Thomas Tendyck <[email protected]>
2416: Fix oe_random for size > 1024 r=jhand2 a=thomasten mbedtls_ctr_drbg_random() does not accept arbitrary large output sizes and must be called repeatedly to fill large buffers. Co-authored-by: Thomas Tendyck <[email protected]>
2391: Avoid potential target name conflicts on "crypto" and "dl" in cmake r=jhand2 a=mingweishih This PR addresses openenclave#2082, which prevents developers to create target named `crypto` or `dl`. The reason is that our linux build depends on crypto and dl libraries without using namespace. To avoid this problem, this PR put these libraries into `3rdparty` namespace, indicating that these libraries are currently outside of oe. Co-authored-by: Ming-Wei Shih <[email protected]>
Additionally, fix errors which arise from enabling this flag. Signed-off-by: Jordan Hand <[email protected]>
2389: Enable /W2 to treat W2 warnings as errors for Windows builds r=jhand2 a=jhand2 Change windows builds to treat W1 and W2 warnings as errors, rather than just W1. Additionally, fix errors which arise from enabling this flag. Warning for use of Flexible Array Members is ignored, although we should consider alternatives as these are a concerning in terms of memory safety. Co-authored-by: Jordan Hand <[email protected]>
setjmp has returns_twice behavior that prevents the compiler from being able to reason about the control flow behavior of the function. Mark it with the returns_twice attribute so that the compiler knows it is not a normal function. Signed-off-by: Jordan Hand <[email protected]>
2303: Add malloc_usable_size r=CodeMonkeyLeet a=thomasten Co-authored-by: Thomas Tendyck <[email protected]>
Signed-off-by: Jordan Hand <[email protected]>
2388: Mark oe_setjmp and setjmp as returns_twice r=jhand2 a=jhand2 The function setjmp in libc has a behavior known as "returns twice". This means that setjmp returns from normal control flow, but can also return via another method. The `longjmp` function resets a saved register state and jumps to the instruction immediately after a call to `setjmp`, which is functionally equivalent to a return from `setjmp`. clang 8 and 9 have a feature called Speculative Load Hardening, which is designed to mitigate some vulnerabilities in speculative execution. One such mitigation is to check for a return address in the "red zone" of the stack (a range of the stack below %rsp) to ensure proper control flow. You can read more [here](https://llvm.org/docs/SpeculativeLoadHardening.html#indirect-call-branch-and-return-predicates). Clang cannot apply these mitigations to functions with nonstandard control flow (like returns_twice) but in OE clang does not know that setjmp and oe_setjmp have this havavior. This PR adds annotations to these functions. Because it updates a 3rdparty library (musl) a .patch file is also included that can be applied to future versions of musl. It also changes oe_setjmp and oe_longjmp to use straight assembly rather than inline assembly in C files. This ensures that the stack is not improperly modified by compiler generated instructions. It also removes the need to compile setjmp and longjmp with specific optimization. Fixes openenclave#2386 Co-authored-by: Jordan Hand <[email protected]> Co-authored-by: Jordan Hand <[email protected]>
Signed-off-by: Yen Lee <[email protected]>
2402: Query registered attesters/verifiers r=soccerGB a=yentsanglee There could be more than one registered plugins. Query API provides a way for the relying party and the attester to negotiate a common evidence format before transmitting quote. Co-authored-by: Yen Lee <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
|
(This branch is based on the actual openenclave-master, only the last few commits are relevant here) |
added 9 commits
January 30, 2020 14:36
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Signed-off-by: Christoph M. Wintersteiger <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the first iteration of the extended attestation proposal. All feedback welcome! I'm not expecting this to be merged as a PR right away, but it's convenient to track feedback and progress.
I think that we should enforce an application-specific check of the data in _oe_check_eeid, e.g. by requiring a function pointer at enclave creation time.
The sample isn't really necessary as there are tests now, so skip that.
CC @sylvanc @ad-l @letmaik @mikbras @prp @davidchisnall