Xuejun Yang
Xuejun Yang
Generate TLS certificate and private key and expose them to user space through tmpfs. We need this for establishing attested TLS channel with external apps. Currently a few scenario tests...
This enables code coverage with a build config, namely: ``` make CODE_COVERAGE=true ``` Once built sgx-lkl this way, the script `.azure-pipelines/scripts/measure_code_cov.sh` is used to run test cases under `tests` and...
We publish the base container as part of the Mystikos release, which tends to occur every few months. Users who build their applications on top of the base container are...
1. The target directory inside the enclave has to be explicitly created within appdir 2. The target directory cannot be on tmpfs or ramfs such as `/var/run`
The current Unix Domain Socket (UDS), a.k.a, AF_LOCAL, allows communication inside the enclave only. [Kubernest allows](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) a UDS created by a daemon to be mapped into a pod and communicate...
To repro: 1. Build the base container with .jenkins/docker/base/build.sh 2. `docker run -it --device /dev/sgx/enclave:/dev/sgx/enclave --device /dev/sgx/provision:/dev/sgx/provision docker.io/library/mystikos-bionic:latest` 3. Inside the container: ``` apt update && apt install -y docker.io...
We should have a tool to convert regular container applications into mystikos-based confidential containers like the [docker_aks sample](https://github.com/deislabs/mystikos/tree/main/samples/docker_aks). The tool would download/build the docker image, inject Mystikos, Intel SGX PSW,...
Currently most the failed test cases in the dotnet P0 test suite are due to event pipe: https://github.com/deislabs/mystikos/blob/main/solutions/coreclr/pr0-FAILED All of them failed with similar messages below. I guess our implementation...
The current behavior is that when `HostApplicationParameters` is true, we ignore the parameters from the config file.