Add TDX MRs support for gRPC-RATLS (#244)

* Remove some useless files and fix evfs commit

* Update the code of clf (#234)

* Add HFL with CoCo (#235)

* Update for TDX (#231)

* Add Bazel compiling system and TDX support for gRPC-RA-TLS

* Add TDX docker support for tdx-encrypted-vfs

* Add hfl-tdx-coco solution

Signed-off-by: Bu Jianlin <jianlinx.bu@intel.com>

* Remove some useless files && update tdx-dev docker

* Update evfs commit

---------

Signed-off-by: Bu Jianlin <jianlinx.bu@intel.com>

* Remove some useless files and fix evfs commit (#233)

---------

Signed-off-by: Bu Jianlin <jianlinx.bu@intel.com>
Co-authored-by: 0400H <jianlinx.bu@intel.com>

* Update index.rst

* Create tdxcoco.md

* Update TDX coco images

* Update index.rst

* Update tdxcoco.md

* Add TD Encrypted Image  (#236)

* Add Solution - Attested boot with encrypted tdvm OS image

Signed-off-by: RodgerZhu <yunge.zhu@intel.com>

* Update TD encrypted image

---------

Signed-off-by: RodgerZhu <yunge.zhu@intel.com>

* Update index.rst

* Updates to tf-serving/hfl (SGX) dockerfiles (#238)

* Update tf-serving (SGX) dockerfiles

* Update hfl (SGX) dockerfiles

* Update hfl.md

* Updates to patches/secret_prov_pf files

* Add Security.md

* Update tf-serving (SGX) dockerfiles (#239)

* Update tf-serving/hfl (SGX) documentation (#240)

* Update TF Serving (SGX) documentation (#241)

* Add tdx_report_parser tool (#243)

* Add tdx_report_parser tool

Signed-off-by: Bu Jianlin <jianlinx.bu@intel.com>

* Update README.md

---------

Signed-off-by: Bu Jianlin <jianlinx.bu@intel.com>

* Add Third party programs

* Add TDX MRs support for grpc-ratls

Signed-off-by: Bu Jianlin <jianlinx.bu@intel.com>

---------

Signed-off-by: Bu Jianlin <jianlinx.bu@intel.com>
Signed-off-by: RodgerZhu <yunge.zhu@intel.com>
Co-authored-by: pengyuabc <pengyux.ji@intel.com>
Co-authored-by: Zhu Yunge <yunge.zhu@intel.com>
Co-authored-by: shui1 <sammy.hui@intel.com>

Author: 4 people

Security.md

@@ -0,0 +1,6 @@
+# Security Policy
+Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation. 
+
+## Reporting a Vulnerability
+Please report any security vulnerabilities in this project [utilizing the guidelines here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).
+

THIRD-PARTY-PROGRAMS.txt

@@ -13,9 +13,7 @@ to do software development.
 
 Execute the following command to build this docker image:
 ```
-base_image=centos:8
 image_tag=tdx-dev:dcap1.15-centos8-latest
-./build_docker_image.sh ${base_image} ${image_tag}
+docker_file=tdx-dev.centos.dockerfile
+./build_docker_image.sh ${image_tag} ${docker_file}
 ```
-
-`centos:8` could be selected as base_image.

cczoo/common/docker/tdx/README.md

@@ -17,15 +17,15 @@
 set -e
 
 if  [ -n "$1" ] ; then
-    base_image=$1
+    image_tag=$1
 else
-    base_image=centos:8
+    image_tag=tdx-dev:dcap1.15-centos8-latest
 fi
 
 if  [ -n "$2" ] ; then
-    image_tag=$2
+    docker_file=$2
 else
-    image_tag=tdx-dev:dcap1.15-centos8-latest
+    docker_file=tdx-dev.centos.dockerfile
 fi
 
 # Use the host proxy as the default configuration, or specify a proxy_server
@@ -43,8 +43,7 @@ DOCKER_BUILDKIT=0 docker build \
     --build-arg no_proxy=${no_proxy} \
     --build-arg http_proxy=${http_proxy} \
     --build-arg https_proxy=${https_proxy} \
-    --build-arg BASE_IMAGE=${base_image} \
-    -f tdx-dev.dockerfile \
+    -f ${docker_file} \
     -t ${image_tag} \
     .
 

cczoo/common/docker/tdx/build_docker_image.sh

@@ -1,20 +1,21 @@
-#!/usr/bin/expect
 #
 # Copyright (c) 2023 Intel Corporation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#    http://www.apache.org/licenses/LICENSE-2.0
+#     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-spawn sh ./sgx_linux_x64_sdk_2.18.100.3.bin
-send "no\r"
-send "/opt/intel/\r"
-expect eof
+#!/bin/bash
+
+$1 << EOF
+no
+/opt/intel
+EOF

cczoo/common/docker/tdx/configs/install_sgx_sdk.sh renamed to cczoo/common/docker/tdx/configs/install_sgxsdk.sh

@@ -29,7 +29,7 @@ RUN cd /etc/yum.repos.d/ && \
 RUN yum install -y yum-utils.noarch
 RUN yum groupinstall -y 'Development Tools'
 
-RUN yum install -y python3 python3-devel && \
+RUN yum install -y python38 python38-devel python38-pip && \
     yum install -y python3-protobuf protobuf-c-devel protobuf-c-compiler openssl-devel libcurl-devel && \
     yum install -y cryptsetup e4fsprogs expect wget vim
 
@@ -46,12 +46,16 @@ RUN wget https://download.01.org/intel-sgx/sgx-dcap/${DCAP_VERSION}/linux/distro
     yum install -y --nogpgcheck sgx_rpm_local_repo/libsgx-urts-*.el8.x86_64.rpm && \
     yum install -y --setopt=install_weak_deps=False --nogpgcheck tdx-qgs && \
     yum install -y --setopt=install_weak_deps=False --nogpgcheck libsgx-dcap-quote-verify-devel && \
-    yum install -y --setopt=install_weak_deps=False --nogpgcheck libsgx-ae-qve
+    yum install -y --setopt=install_weak_deps=False --nogpgcheck libsgx-ae-qve && \
+    rm -f sgx_rpm_local_repo.tgz
 
 COPY configs /
 
-RUN wget https://download.01.org/intel-sgx/sgx-dcap/${DCAP_VERSION}/linux/distro/centos-stream/sgx_linux_x64_sdk_2.18.100.3.bin && \
-    /install_sgx_sdk.sh
+RUN wget https://download.01.org/intel-sgx/sgx-dcap/${DCAP_VERSION}/linux/distro/centos-stream/sgx_linux_x64_sdk_2.18.100.3.bin -P /opt/intel && \
+    chmod +x /opt/intel/sgx_linux_x64_sdk_2.18.100.3.bin && \
+    /install_sgxsdk.sh /opt/intel/sgx_linux_x64_sdk_2.18.100.3.bin
+
+ENV INTEL_SGXSDK_INCLUDE=/opt/intel/sgxsdk/include
 
 # only for tdx vsock
 # RUN echo 'port=4050' | tee /etc/tdx-attest.conf

cczoo/common/docker/tdx/tdx-dev.dockerfile renamed to cczoo/common/docker/tdx/tdx-dev.centos.dockerfile

@@ -47,7 +47,7 @@ docker run -it \
     -v /home:/home/host-home \
     -v `pwd -P`/../tools/server_private_key.pem:/clf/cczoo/cross_lang_framework/clf_server/certs/server_private_key.pem \
     -v `pwd -P`/../tools/server_signed_cert.crt:/clf/cczoo/cross_lang_framework/clf_server/certs/server_signed_cert.crt \
-    -v `pwd -P`/../clf_server/clf_server.conf:/clf/cczoo/cross_lang_framework/clf_server/clf_server.conf \  
+    -v `pwd -P`/../clf_server/clf_server.conf:/clf/cczoo/cross_lang_framework/clf_server/clf_server.conf \
     ${image_tag} \
     bash
 

cczoo/cross_lang_framework/docker/start_clf_server_container.sh

@@ -1,3 +1,3 @@
 *.deb
-*.prm
+*.rpm
 *.tar*

cczoo/grpc-ra-tls/.gitignore

@@ -62,9 +62,9 @@ Intel SGX technology offers hardware-based memory encryption that isolates speci
  library OS Based on Intel SGX technology, designed to run a single application with minimal host
  requirements.
 
- - [Occlum](https://github.com/occlum/occlum) (In progress)
+ - [Occlum](https://github.com/occlum/occlum)
 
- - [TDX](https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html) (TODO)
+ - [TDX](https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html)
 
 ## Build and installation
 
@@ -108,9 +108,9 @@ images for developing the gRPC RA-TLS application.
         ```
         cd cczoo/common/docker/tdx
 
-        base_image=centos:8
         image_tag=tdx-dev:dcap1.15-centos8-latest
-        ./build_docker_image.sh ${base_image} ${image_tag}
+        docker_file=tdx-dev.centos.dockerfile
+        ./build_docker_image.sh ${image_tag} ${docker_file}
         ```
 
 2. Build gRPC RA-TLS docker image based on TEE docker image
@@ -158,9 +158,10 @@ images for developing the gRPC RA-TLS application.
 For saving the expected measurement values of remote application enclave, we create a json template
 as following. It is loaded in gRPC server or client initialization.
 
-Refer to `cczoo/grpc-ra-tls/grpc/common/dynamic_config.json`
+Refer to `cczoo/grpc-ra-tls/grpc/common/dynamic_config.<TEE TYPE>.json`
 
 ```json
+# dynamic_config.sgx.json
 {
     "verify_mr_enclave": "on",
     "verify_mr_signer": "on",
@@ -176,26 +177,43 @@ Refer to `cczoo/grpc-ra-tls/grpc/common/dynamic_config.json`
     ],
 }
 ```
-In Gramine examples, the mr_enclave and mr_signer are automatically parsed in `build.sh`.
-
-Refer to `cczoo/grpc-ra-tls/gramine/CI-Examples/grpc/cpp/ratls/build.sh`
+In Gramine examples, the `mr_enclave` and `mr_signer` are automatically parsed in 
+`cczoo/grpc-ra-tls/gramine/CI-Examples/grpc/cpp/ratls/build.sh`.
 
-```bash
-function get_env() {
-    gramine-sgx-get-token -s grpc.sig -o /dev/null | grep $1 | awk -F ":" '{print $2}' | xargs
-}
+For `isv_prod_id` and `isv_svn` value, please refer to the values defined in libOS configuration files.
+In Gramine, it is defined in the template file.
 
-function generate_json() {
-    cd ${RUNTIME_TMP_PATH}/$1
-    jq ' .sgx_mrs[0].mr_enclave = ''"'`get_env mr_enclave`'" | .sgx_mrs[0].mr_signer = ''"'`get_env
-    mr_signer`'" ' ${GRPC_PATH}/dynamic_config.json > ${RUNTIME_TMP_PATH}/$2/dynamic_config.json
-    cd -
+```json
+# dynamic_config.tdx.json
+{
+    "verify_mr_seam" : "off",
+    "verify_mrsigner_seam" : "off",
+    "verify_mr_td" : "on",
+    "verify_mr_config_id" : "off",
+    "verify_mr_owner" : "off",
+    "verify_mr_owner_config" : "off",
+    "verify_rt_mr0" : "on",
+    "verify_rt_mr1" : "on",
+    "verify_rt_mr2" : "on",
+    "verify_rt_mr3" : "off",
+    "tdx_mrs": [
+        {
+            "mr_seam" : "",
+            "mrsigner_seam" : "",
+            "mr_td" : "",
+            "mr_config_id" : "",
+            "mr_owner" : "",
+            "mr_owner_config" : "",
+            "rt_mr0" : "",
+            "rt_mr1" : "",
+            "rt_mr2" : "",
+            "rt_mr3" : ""
+        }
+    ]
 }
 ```
 
-For isv_prod_id and isv_svn value, please refer to the values defined in libOS configuration files.
-In Gramine, it is defined in the template file.
-
+Please refer to [tdx_report_parser](https://github.com/intel/confidential-computing-zoo/tree/main/utilities/tdx/tdx_report_parser) tool to get mrs in TDX VM.
 
 ## Run examples
 
@@ -296,9 +314,6 @@ In Gramine, it is defined in the template file.
     #start and enter the docker container
     image_tag=grpc-ratls-dev:tdx-dcap1.15-centos8-latest
     ./start_container.sh ${pccs_service_ip} ${image_tag}
-
-    #Run the aesm service
-    /root/start_aesm_service.sh
     ```
 
     Run the cpp example

cczoo/grpc-ra-tls/README.md

@@ -45,7 +45,8 @@ RUN ln -s ${GRPC_VERSION_PATH} ${GRPC_PATH}
 RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1
 
 RUN pip3 install --upgrade pip \
-    && pip3 install -r ${GRPC_PATH}/requirements.txt
+    && pip3 install -r ${GRPC_PATH}/requirements.txt \
+    && pip3 install cython==0.29.36
 
 RUN apt-get update \
     && apt-get install -y lsb-release golang strace gdb ctags curl zip\

cczoo/grpc-ra-tls/gramine/grpc-ratls-dev.dockerfile

@@ -17,9 +17,9 @@
 set -e
 
 if  [ -n "$1" ] ; then
-    ip_addr=$1
+    pccs_ip_addr=$1
 else
-    ip_addr=127.0.0.1
+    pccs_ip_addr=127.0.0.1
 fi
 
 if  [ -n "$2" ] ; then
@@ -41,11 +41,11 @@ docker run -it \
     --privileged=true \
     --cap-add=SYS_PTRACE \
     --security-opt seccomp=unconfined \
-    --add-host=pccs.service.com:${ip_addr} \
+    --add-host=pccs.service.com:${pccs_ip_addr} \
     --device=/dev/sgx_enclave:/dev/sgx/enclave \
     --device=/dev/sgx_provision:/dev/sgx/provision \
+    -v /home:/mnt/home \
     -v /var/run/aesmd/aesm.socket:/var/run/aesmd/host-aesm.socket \
-    -v /home:/home/host-home \
     -e no_proxy=${no_proxy} \
     -e http_proxy=${http_proxy} \
     -e https_proxy=${https_proxy} \

cczoo/grpc-ra-tls/gramine/grpc-ratls-sgx-dev.dockerfile

@@ -25,6 +25,12 @@ if [ -z ${SGX_RA_TLS_BACKEND} ]; then
     export SGX_RA_TLS_BACKEND=GRAMINE # GRAMINE,OCCLUM,TDX,DUMMY
 fi
 
+if [ "${SGX_RA_TLS_BACKEND}" == "TDX" ]; then
+    cp ${GRPC_PATH}/dynamic_config.tdx.json ${GRPC_PATH}/dynamic_config.json
+else
+    cp ${GRPC_PATH}/dynamic_config.sgx.json ${GRPC_PATH}/dynamic_config.json
+fi
+
 cd ${GRPC_PATH}
 
 echo 'RA_TLS_BACKEND = "'${SGX_RA_TLS_BACKEND}'"' > ${GRPC_PATH}/bazel/ratls.bzl