confidential-computing-modules icon indicating copy to clipboard operation
confidential-computing-modules copied to clipboard

Published 20 hours ago verified publisher icon LayerXcom

[example/~/server] TEEノードのGraceful shutdown実装

Open osuketh opened this issue 4 years ago • 2 comments

  • actix-webにより、基本的なgraceful shutdown機能は提供されている(https://github.com/actix/actix-website/blob/master/content/docs/server.md#graceful-shutdown)
  • 一方、別途 enclaveのdestroyもshutdown時に実行する必要がある(sgx_destroy_enclave

Reference

  • https://github.com/apache/incubator-teaclave/commit/196419554ad25dcb86fc2fb1e807f62e9ee6c8e0
  • https://dingelish.github.io/sgx_tse/sgx_types/fn.sgx_destroy_enclave.html

osuketh avatar Jan 06 '21 03:01 osuketh

Intel® Software Guard Extensions (Intel® SGX) SDK for Linux* OS内の記述

Destroy an Enclave: To release the enclave memory, you need to invoke sgx_destroy_enclave provided by the sgx_urts library. It will recycle the EPC memory and untrus- ted resources used by that enclave instance.

osuketh avatar Jan 06 '21 04:01 osuketh

oakのshutdown実装 https://github.com/project-oak/oak/blob/21d434914aecd6441dd25df06bac7cff047ce14b/oak_loader/src/main.rs#L58-L73

osuketh avatar Jan 13 '21 11:01 osuketh