fabric-private-chaincode icon indicating copy to clipboard operation
fabric-private-chaincode copied to clipboard

Published 20 hours ago verified publisher icon hyperledger

Keep (somewhat) uptodate with latest SGX SDK and SSL releases

Open mbrandenburger opened this issue 4 years ago • 2 comments

Description Upgrade the SGX SDK and SSL used in FPC. Currently, FPC uses the Intel SGX SDK v2.6 for linux and SSL for SGX SDK v2.4.1.

Most recent available version of the SGX SDK is v2.10. See https://github.com/intel/linux-sgx/releases and https://github.com/intel/linux-sgx/releases

Link to feature or bug

Link to dependent issues

mbrandenburger avatar Jul 20 '20 12:07 mbrandenburger

Intel just released v2.12. The main noteworthy feature is that now Ubuntu 20.04 is also supported. Nothing else noteworthy which should push to upgrade. In some quick tests, make for flow-refactoring works with a 2.12 machine; running make on cr2.0.0 will fail when running the test in demo/chaincode/fpc, but that seems to be an issue which also happens with earlier sgx versions.

A few caveats:

  • apt update -- which (semi-)automagically upgrades to the latest sgx packages -- can result in a broken upgrade, a simple apt --fix-broken install does provide remedy, though.
  • it seems on FLC-enabled NUCs, you now need the dcap driver (now as version 1.36.2), the old-style driver, (now as version 2.11) does not seem to work anymore. Note, though, that download site provides both.
  • there is also a newer version of sgxssl ( lin2.11_1.1.1.g vs currently used lin2.10_1.1.1.g). Nothing important for us to upgrade; in fact right now upgrade wouldn't work as some pthread stuff changed which make pdo crypto fail on that version.
  • regarding 20.04, a quick fix (PR #463, matching a similar change for PDO) makes all our docker images build, just do DOCKER_BUILD_OPTS="--build-arg SGX=2.12 --build-arg UBUNTU_VERSION=20.04 --build-arg UBUNTU_NAME=focal" make -C utils/docker. In a quick test on my personal (SKL) NUC just upgraded to 20.04, a make worked also (in HW mode) for flow-refactoring except for the checks target: clang-format seems to have changed some default rules not covered by our .clang-format which re-orders #include by grouping separating "..." from <...> includes with a blank line and as well as alphabetically ordering them in the same group

g2flyer avatar Nov 12 '20 01:11 g2flyer

fyi: SGX SDK&PSW 2.13 got released. From release notes perspective there should be only bug-fixes as far as FPC use is concerned. As we haven't noticed any issue i guess there is no reason force version increase nor should there be an issue if somebody uses a newer version ...

g2flyer avatar Feb 05 '21 03:02 g2flyer