demo: add SGX EPC stress-ng using Gramine

mythi · mythi · commit 0d1003ce95b0 · 2024-08-02T10:22:55.000+03:00
Signed-off-by: Mikko Ylinen &lt;mikko.ylinen@intel.com&gt;
diff --git a/.github/workflows/lib-build.yaml b/.github/workflows/lib-build.yaml
@@ -43,6 +43,7 @@ jobs:
           - sgx-aesmd-demo
           - dlb-dpdk-demo
           - dlb-libdlb-demo
+          - stress-ng-gramine
         builder: [buildah, docker]
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
diff --git a/demo/stress-ng-gramine/Dockerfile b/demo/stress-ng-gramine/Dockerfile
@@ -0,0 +1,13 @@
+FROM gramineproject/gramine:1.7-jammy
+
+RUN apt-get update \
+ && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    stress-ng \
+    make
+
+COPY * /stress-ng/
+WORKDIR /stress-ng
+
+RUN gramine-sgx-gen-private-key && \
+    make SGX=1
+ENTRYPOINT ["/usr/bin/gramine-sgx"]
diff --git a/demo/stress-ng-gramine/build/Makefile b/demo/stress-ng-gramine/build/Makefile
@@ -0,0 +1,52 @@
+ARCH_LIBDIR ?= /lib/x86_64-linux-gnu
+
+ifeq ($(DEBUG),1)
+	GRAMINE_LOG_LEVEL = debug
+else
+	GRAMINE_LOG_LEVEL = error
+endif
+
+.PHONY: all
+all: stress-ng.manifest stress-ng-edmm.manifest
+ifeq ($(SGX),1)
+all: stress-ng.manifest.sgx stress-ng.sig stress-ng-edmm.manifest.sgx stress-ng-edmm.sig
+endif
+
+stress-ng.manifest: stress-ng.manifest.template
+	gramine-manifest \
+		-Dlog_level=$(GRAMINE_LOG_LEVEL) \
+		-Dedmm='false' \
+		-Denclave_size=128M \
+		-Dexecdir=$(shell dirname $(shell which stress-ng)) \
+		-Darch_libdir=$(ARCH_LIBDIR) \
+		$< >$@
+
+stress-ng.manifest.sgx: stress-ng.manifest
+	gramine-sgx-sign \
+		--manifest stress-ng.manifest \
+		--output $@
+
+stress-ng.sig: stress-ng.manifest.sgx
+
+stress-ng-edmm.manifest: stress-ng.manifest.template
+	gramine-manifest \
+		-Dlog_level=$(GRAMINE_LOG_LEVEL) \
+		-Dedmm='true' \
+		-Denclave_size=128G \
+		-Dexecdir=$(shell dirname $(shell which stress-ng)) \
+		-Darch_libdir=$(ARCH_LIBDIR) \
+		$< >$@
+
+stress-ng-edmm.manifest.sgx: stress-ng.manifest
+	gramine-sgx-sign \
+		--manifest stress-ng-edmm.manifest \
+		--output $@
+
+stress-ng-edmm.sig: stress-ng-edmm.manifest.sgx
+
+.PHONY: clean
+clean:
+	$(RM) *.manifest *.manifest.sgx *.token *.sig OUTPUT
+
+.PHONY: distclean
+distclean: clean
diff --git a/demo/stress-ng-gramine/build/stress-ng.manifest.template b/demo/stress-ng-gramine/build/stress-ng.manifest.template
@@ -0,0 +1,29 @@
+loader.entrypoint = "file:{{ gramine.libos }}"
+libos.entrypoint = "{{ execdir }}/stress-ng"
+
+loader.log_level = "{{ log_level }}"
+loader.insecure__use_cmdline_argv = true
+
+loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr{{ arch_libdir }}"
+loader.env.PATH = "{{ execdir }}"
+
+fs.mounts = [
+  { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
+  { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
+  { path = "/usr/lib", uri = "file:/usr/lib" },
+  { path = "/stress-ng", uri = "file:/stress-ng" },
+  { path = "{{ execdir }}", uri = "file:{{ execdir }}" },
+]
+
+sgx.debug = false
+sgx.edmm_enable = {{ edmm }}
+sgx.enclave_size = "{{ enclave_size }}"
+sgx.max_threads = 6
+
+sgx.trusted_files = [
+  "file:{{ gramine.libos }}",
+  "file:{{ execdir }}/",
+  "file:{{ gramine.runtimedir() }}/",
+  "file:{{ arch_libdir }}/",
+  "file:/usr/{{ arch_libdir }}/",
+]
