dfd16f8e4f
This PR integrates an Intel SGX feature called Intel Protection File System Library (IPFS) into the runtime to create, operate and delete files inside the enclave, while guaranteeing the confidentiality and integrity of the data persisted. IPFS can be referred to here: https://www.intel.com/content/www/us/en/developer/articles/technical/overview-of-intel-protected-file-system-library-using-software-guard-extensions.html Introduce a cmake variable `WAMR_BUILD_SGX_IPFS`, when enabled, the files interaction API of WASI will leverage IPFS, instead of the regular POSIX OCALLs. The implementation has been written with light changes to sgx platform layer, so all the security aspects WAMR relies on are conserved. In addition to this integration, the following changes have been made: - The CI workflow has been adapted to test the compilation of the runtime and sample with the flag `WAMR_BUILD_SGX_IPFS` set to true - Introduction of a new sample that demonstrates the interaction of the files (called `file`), - Documentation of this new feature
467 lines
17 KiB
YAML
467 lines
17 KiB
YAML
# Copyright (C) 2019 Intel Corporation. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
|
|
|
name: compilation on SGX
|
|
|
|
on:
|
|
# will be triggered on PR events
|
|
pull_request:
|
|
paths-ignore:
|
|
- "assembly-script/**"
|
|
- "ci/**"
|
|
- "doc/**"
|
|
- "test-tools/**"
|
|
- ".github/workflows/compilation_on_sgx.yml"
|
|
# will be triggered on push events
|
|
push:
|
|
paths-ignore:
|
|
- "assembly-script/**"
|
|
- "ci/**"
|
|
- "doc/**"
|
|
- "test-tools/**"
|
|
- ".github/workflows/compilation_on_sgx.yml"
|
|
# allow to be triggered manually
|
|
workflow_dispatch:
|
|
|
|
# Cancel any in-flight jobs for the same PR/branch so there's only one active
|
|
# at a time
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
env:
|
|
AOT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=0 -DWAMR_BUILD_LAZY_JIT=0"
|
|
CLASSIC_INTERP_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=0 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=1 -DWAMR_BUILD_JIT=0 -DWAMR_BUILD_LAZY_JIT=0"
|
|
FAST_INTERP_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=0 -DWAMR_BUILD_FAST_INTERP=1 -DWAMR_BUILD_INTERP=1 -DWAMR_BUILD_JIT=0 -DWAMR_BUILD_LAZY_JIT=0"
|
|
LAZY_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=1"
|
|
MC_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=0"
|
|
LLVM_CACHE_SUFFIX: "build-llvm_libraries_ex"
|
|
|
|
jobs:
|
|
# Cancel any in-flight jobs for the same PR/branch so there's only one active
|
|
# at a time
|
|
cancel_previous:
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-20.04]
|
|
steps:
|
|
- name: Cancel Workflow Action
|
|
uses: styfle/cancel-workflow-action@0.9.1
|
|
with:
|
|
access_token: ${{ github.token }}
|
|
|
|
# set different traffic lights based on the current repo and the running OS.
|
|
# according to light colors, the workflow will run different jobs
|
|
check_repo:
|
|
needs: cancel_previous
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-20.04]
|
|
outputs:
|
|
traffic_light_on_ubuntu_2004: ${{ steps.do_check_on_ubuntu_2004.outputs.light }}
|
|
steps:
|
|
- name: do_check_on_ubuntu_2004
|
|
id: do_check_on_ubuntu_2004
|
|
if: ${{ matrix.os == 'ubuntu-20.04' }}
|
|
run: |
|
|
if [[ ${{ github.repository }} == */wasm-micro-runtime ]]; then
|
|
echo "::set-output name=light::green"
|
|
else
|
|
echo "::set-output name=light::green"
|
|
fi
|
|
|
|
build_llvm_libraries:
|
|
needs: check_repo
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-20.04]
|
|
include:
|
|
- os: ubuntu-20.04
|
|
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
|
|
steps:
|
|
- name: light status
|
|
run: echo "matrix.os=${{ matrix.os }}, light=${{ matrix.light }}"
|
|
|
|
- name: checkout
|
|
if: ${{ matrix.light == 'green' }}
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Cache LLVM libraries
|
|
id: cache_llvm
|
|
if: ${{ matrix.light == 'green' }}
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
./core/deps/llvm/build/bin
|
|
./core/deps/llvm/build/include
|
|
./core/deps/llvm/build/lib
|
|
./core/deps/llvm/build/libexec
|
|
./core/deps/llvm/build/share
|
|
key: ${{ matrix.os }}-${{ env.LLVM_CACHE_SUFFIX }}
|
|
|
|
- name: Build llvm and clang from source
|
|
id: build_llvm
|
|
if: ${{ matrix.light == 'green' && steps.cache_llvm.outputs.cache-hit != 'true' }}
|
|
run: /usr/bin/env python3 ./build_llvm.py --arch X86 WebAssembly --project clang lldb
|
|
working-directory: build-scripts
|
|
|
|
build_iwasm:
|
|
needs: [check_repo]
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
make_options_run_mode: [
|
|
# Running mode
|
|
$AOT_BUILD_OPTIONS,
|
|
$CLASSIC_INTERP_BUILD_OPTIONS,
|
|
$FAST_INTERP_BUILD_OPTIONS,
|
|
# doesn't support
|
|
# $LAZY_JIT_BUILD_OPTIONS,
|
|
# $MC_JIT_BUILD_OPTIONS,
|
|
]
|
|
make_options_feature: [
|
|
# Features
|
|
"-DWAMR_BUILD_CUSTOM_NAME_SECTION=1",
|
|
# doesn't support
|
|
# "-DWAMR_BUILD_DEBUG_AOT=1",
|
|
# "-DWAMR_BUILD_DEBUG_INTERP=1",
|
|
"-DWAMR_BUILD_DUMP_CALL_STACK=1",
|
|
"-DWAMR_BUILD_LIB_PTHREAD=1",
|
|
"-DWAMR_BUILD_LOAD_CUSTOM_SECTION=1",
|
|
"-DWAMR_BUILD_MINI_LOADER=1",
|
|
"-DWAMR_BUILD_MEMORY_PROFILING=1",
|
|
"-DWAMR_BUILD_MULTI_MODULE=1",
|
|
"-DWAMR_BUILD_PERF_PROFILING=1",
|
|
"-DWAMR_BUILD_REF_TYPES=1",
|
|
# doesn't support
|
|
# "-DWAMR_BUILD_SIMD=1",
|
|
"-DWAMR_BUILD_TAIL_CALL=1",
|
|
"-DWAMR_DISABLE_HW_BOUND_CHECK=1",
|
|
"-DWAMR_BUILD_SGX_IPFS=1",
|
|
]
|
|
os: [ubuntu-20.04]
|
|
platform: [linux-sgx]
|
|
exclude:
|
|
# uncompatiable mode and feature
|
|
# MULTI_MODULE only on INTERP mode
|
|
- make_options_run_mode: $AOT_BUILD_OPTIONS
|
|
make_options_feature: "-DWAMR_BUILD_MULTI_MODULE=1"
|
|
# MINI_LOADER only on INTERP mode
|
|
- make_options_run_mode: $AOT_BUILD_OPTIONS
|
|
make_options_feature: "-DWAMR_BUILD_MINI_LOADER=1"
|
|
include:
|
|
- os: ubuntu-20.04
|
|
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
|
|
steps:
|
|
- name: light status
|
|
run: echo "matrix.os=${{ matrix.os }}, light=${{ matrix.light }}"
|
|
|
|
- name: install SGX SDK and necessary libraries
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
mkdir -p /opt/intel
|
|
cd /opt/intel
|
|
wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
|
|
chmod +x sgx_linux_x64_sdk_2.15.100.3.bin
|
|
echo 'yes' | ./sgx_linux_x64_sdk_2.15.100.3.bin
|
|
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
|
|
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
|
|
sudo apt update
|
|
sudo apt install -y libsgx-launch libsgx-urts
|
|
source /opt/intel/sgxsdk/environment
|
|
|
|
- name: checkout
|
|
if: ${{ matrix.light == 'green' }}
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Build iwasm
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
mkdir build && cd build
|
|
cmake .. ${{ matrix.make_options_run_mode }} ${{ matrix.make_options_feature }}
|
|
cmake --build . --config Release --parallel 4
|
|
working-directory: product-mini/platforms/${{ matrix.platform }}
|
|
|
|
build_wamrc:
|
|
needs: [build_llvm_libraries, check_repo]
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-20.04]
|
|
include:
|
|
- os: ubuntu-20.04
|
|
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
|
|
steps:
|
|
- name: light status
|
|
run: echo "matrix.os=${{ matrix.os }}, light=${{ matrix.light }}"
|
|
|
|
- name: install SGX SDK and necessary libraries
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
mkdir -p /opt/intel
|
|
cd /opt/intel
|
|
wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
|
|
chmod +x sgx_linux_x64_sdk_2.15.100.3.bin
|
|
echo 'yes' | ./sgx_linux_x64_sdk_2.15.100.3.bin
|
|
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
|
|
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
|
|
sudo apt update
|
|
sudo apt install -y libsgx-launch libsgx-urts
|
|
source /opt/intel/sgxsdk/environment
|
|
|
|
- name: checkout
|
|
if: ${{ matrix.light == 'green' }}
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Get LLVM libraries
|
|
id: cache_llvm
|
|
if: ${{ matrix.light == 'green' }}
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
./core/deps/llvm/build/bin
|
|
./core/deps/llvm/build/include
|
|
./core/deps/llvm/build/lib
|
|
./core/deps/llvm/build/libexec
|
|
./core/deps/llvm/build/share
|
|
key: ${{ matrix.os }}-${{ env.LLVM_CACHE_SUFFIX }}
|
|
|
|
- name: Quit if cache miss
|
|
if: ${{ matrix.light == 'green' && steps.cache_llvm.outputs.cache-hit != 'true' }}
|
|
run: echo "::error::can not get prebuilt llvm libraries" && exit 1
|
|
|
|
- name: Build wamrc
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
mkdir build && cd build
|
|
cmake ..
|
|
cmake --build . --config Release --parallel 4
|
|
working-directory: wamr-compiler
|
|
|
|
build_samples_wasm_c_api:
|
|
needs: [build_iwasm, check_repo]
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
make_options: [
|
|
# Running mode
|
|
$CLASSIC_INTERP_BUILD_OPTIONS,
|
|
$FAST_INTERP_BUILD_OPTIONS,
|
|
# doesn't support
|
|
#$LAZY_JIT_BUILD_OPTIONS,
|
|
#$MC_JIT_BUILD_OPTIONS,
|
|
#$AOT_BUILD_OPTIONS,
|
|
]
|
|
os: [ubuntu-20.04]
|
|
include:
|
|
- os: ubuntu-20.04
|
|
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
|
|
wasi_sdk_release: https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-12/wasi-sdk-12.0-linux.tar.gz
|
|
wabt_release: https://github.com/WebAssembly/wabt/releases/download/1.0.24/wabt-1.0.24-ubuntu.tar.gz
|
|
steps:
|
|
- name: light status
|
|
run: echo "matrix.os=${{ matrix.os }}, light=${{ matrix.light }}"
|
|
|
|
- name: checkout
|
|
if: ${{ matrix.light == 'green' }}
|
|
uses: actions/checkout@v3
|
|
|
|
- name: download and install wabt
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
cd /opt
|
|
sudo wget ${{ matrix.wabt_release }}
|
|
sudo tar -xzf wabt-1.0.24-*.tar.gz
|
|
sudo mv wabt-1.0.24 wabt
|
|
|
|
- name: install SGX SDK and necessary libraries
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
mkdir -p /opt/intel
|
|
cd /opt/intel
|
|
wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
|
|
chmod +x sgx_linux_x64_sdk_2.15.100.3.bin
|
|
echo 'yes' | ./sgx_linux_x64_sdk_2.15.100.3.bin
|
|
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
|
|
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
|
|
sudo apt update
|
|
sudo apt install -y libsgx-launch libsgx-urts
|
|
source /opt/intel/sgxsdk/environment
|
|
|
|
- name: Build Sample [wasm-c-api]
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
mkdir build && cd build
|
|
cmake .. ${{ matrix.make_options }}
|
|
cmake --build . --config Release --parallel 4
|
|
./callback
|
|
./callback_chain
|
|
./empty_imports
|
|
./global
|
|
./hello
|
|
./hostref
|
|
./memory
|
|
./reflect
|
|
./table
|
|
./trap
|
|
working-directory: samples/wasm-c-api
|
|
|
|
build_samples_others:
|
|
needs: [build_iwasm, check_repo]
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- os: ubuntu-20.04
|
|
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
|
|
wasi_sdk_release: https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-12/wasi-sdk-12.0-linux.tar.gz
|
|
wabt_release: https://github.com/WebAssembly/wabt/releases/download/1.0.24/wabt-1.0.24-ubuntu.tar.gz
|
|
steps:
|
|
- name: light status
|
|
run: echo "matrix.os=${{ matrix.os }}, light=${{ matrix.light }}"
|
|
|
|
- name: checkout
|
|
if: ${{ matrix.light == 'green' }}
|
|
uses: actions/checkout@v3
|
|
|
|
- name: download and install wasi-sdk
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
cd /opt
|
|
sudo wget ${{ matrix.wasi_sdk_release }}
|
|
sudo tar -xzf wasi-sdk-12.0-*.tar.gz
|
|
sudo mv wasi-sdk-12.0 wasi-sdk
|
|
|
|
- name: download and install wabt
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
cd /opt
|
|
sudo wget ${{ matrix.wabt_release }}
|
|
sudo tar -xzf wabt-1.0.24-*.tar.gz
|
|
sudo mv wabt-1.0.24 wabt
|
|
|
|
- name: install SGX SDK and necessary libraries
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
mkdir -p /opt/intel
|
|
cd /opt/intel
|
|
wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
|
|
chmod +x sgx_linux_x64_sdk_2.15.100.3.bin
|
|
echo 'yes' | ./sgx_linux_x64_sdk_2.15.100.3.bin
|
|
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
|
|
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
|
|
sudo apt update
|
|
sudo apt install -y libsgx-launch libsgx-urts
|
|
source /opt/intel/sgxsdk/environment
|
|
|
|
- name: Build Sample [basic]
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
cd samples/basic
|
|
./build.sh
|
|
./run.sh
|
|
|
|
- name: Build Sample [file]
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
cd samples/file
|
|
mkdir build && cd build
|
|
cmake ..
|
|
cmake --build . --config Release --parallel 4
|
|
./src/iwasm -f wasm-app/file.wasm -d .
|
|
|
|
- name: Build Sample [multi-thread]
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
cd samples/multi-thread
|
|
mkdir build && cd build
|
|
cmake ..
|
|
cmake --build . --config Release --parallel 4
|
|
./iwasm wasm-apps/test.wasm
|
|
|
|
- name: Build Sample [multi-module]
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
cd samples/multi-module
|
|
mkdir build && cd build
|
|
cmake ..
|
|
cmake --build . --config Release --parallel 4
|
|
./multi_module
|
|
|
|
- name: Build Sample [spawn-thread]
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
cd samples/spawn-thread
|
|
mkdir build && cd build
|
|
cmake ..
|
|
cmake --build . --config Release --parallel 4
|
|
./spawn_thread
|
|
|
|
- name: Build Sample [ref-types]
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
cd samples/ref-types
|
|
mkdir build && cd build
|
|
cmake ..
|
|
cmake --build . --config Release --parallel 4
|
|
./hello
|
|
|
|
spec_test_default:
|
|
needs: [build_iwasm, build_llvm_libraries, build_wamrc, check_repo]
|
|
runs-on: ubuntu-20.04
|
|
strategy:
|
|
matrix:
|
|
running_mode: ["classic-interp", "fast-interp", "aot"]
|
|
test_option: ["-x -p -s spec -P", "-x -p -s spec -S -P"]
|
|
include:
|
|
- os: ubuntu-20.04
|
|
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
|
|
steps:
|
|
- name: checkout
|
|
if: ${{ matrix.light == 'green' }}
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Get LLVM libraries
|
|
if: ${{ matrix.light == 'green' }}
|
|
id: cache_llvm
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
./core/deps/llvm/build/bin
|
|
./core/deps/llvm/build/include
|
|
./core/deps/llvm/build/lib
|
|
./core/deps/llvm/build/libexec
|
|
./core/deps/llvm/build/share
|
|
key: ubuntu-20.04-${{ env.LLVM_CACHE_SUFFIX }}
|
|
|
|
- name: Quit if cache miss
|
|
if: ${{ matrix.light == 'green' && steps.cache_llvm.outputs.cache-hit != 'true' }}
|
|
run: echo "::error::can not get prebuilt llvm libraries" && exit 1
|
|
|
|
- name: install Ninja
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: sudo apt install -y ninja-build
|
|
|
|
- name: install SGX SDK and necessary libraries
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
mkdir -p /opt/intel
|
|
cd /opt/intel
|
|
wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
|
|
chmod +x sgx_linux_x64_sdk_2.15.100.3.bin
|
|
echo 'yes' | ./sgx_linux_x64_sdk_2.15.100.3.bin
|
|
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
|
|
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
|
|
sudo apt update
|
|
sudo apt install -y libsgx-launch libsgx-urts
|
|
|
|
- name: run spec tests
|
|
if: ${{ matrix.light == 'green' }}
|
|
run: |
|
|
source /opt/intel/sgxsdk/environment
|
|
./test_wamr.sh ${{ matrix.test_option }} -t ${{ matrix.running_mode }}
|
|
working-directory: ./tests/wamr-test-suites
|