gsc

gsc copied to clipboard

This is split from #120. At least some of `/var` needs to be preserved, `/run` needs to be discarded. Very likely other paths. References: - https://manpages.debian.org/testing/manpages/hier.7.en.html - https://manpages.debian.org/testing/systemd/file-hierarchy.7.en.html - https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html...

woju

Cleaning up of docker images created during gsc process is not happening

3

## Description of the problem There are 2 dangling docker images are present after every workload graminization ## Steps to reproduce Graminize any workload Once it is done, you will...

anjalirai-intel

PR https://github.com/gramineproject/gramine/pull/1093 in core Gramine removes the need for explicit `gramine-sgx-get-token` action. (And the follow-up PR https://github.com/gramineproject/gramine/pull/1094 removes such possibility for DCAP/upstream completely.) When those PRs are merged plus the...

dimakuv

Change positional args `manifest` and `key` to optional args

1

Signed-off-by: Sankaranarayanan Venkatasubramanian ## Description of the changes This PR changes the positional arguments `manifest` and `key` that `gsc build` and `gsc sign-image` commands take respectively to optional ones. This...

svenkata9

Future direction of Graphene Shielded Containers

9

## Description of the problem The first version of Graphene Shielded Containers (PR gramineproject/graphene#1430) is limited in scope and we've frozen the feature list. This issue lists limitations and possible...

vahldiek

gsc build and gsc-sign fail when building/signing images for ubuntu18.04

2

What fails? 1. gsc build fails to find sgx_user.h: ``` meson.build:165:8: ERROR: Problem encountered: Invalid SGX driver configuration (-Dsgx_driver and/or -Dsgx_driver_include_path); expected "sgx_user.h" to exist under "/gramine/driver/driver/linux/include" ``` Suggested fix...

max-lepikhin

gramine-sgx-get-token fails on a read-only rootfs

8

## Description of the problem ## Steps to reproduce It's a common security measure to run containers with their rootfs mounted as read-only. In kubernetes this is enforced in the...

mythi

unable to run customized image

18

## Description of the problem I am trying to run a modified PostgreSQL (with customized executors and so on) inside an enclave. Hence, I pulled the ubuntu18.04 image from dockerhub,...

ScottLiao920

gramine-sgx-get-token fails to connect to aesmd from within a container

11

## Description of the problem This is an existing on-prem (Intel Nuc) system that has been used for graphene-sgx in the past. Our team is now looking to upgrade to...

jpelkonen

Add example of AKS attestation and secret provisioning

1

Signed-off-by: Veena Saini ## Description of the changes This PR provides a reference implementation to show how gramine attestation (DCAP) samples works inside AKS cluster. We have created two docker...

veenasai2