deps: update gramineproject/gramine Docker tag to v1.5 (#446)

* deps: update gramineproject/gramine Docker tag to v1.5 * Update files to Gramine v1.5 * Remove deprecated/removed manifest syntax * Fix gramine-redis readme --------- Signed-off-by: Daniel Weiße <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
edgelesssys · Aug 23, 2023 · a3c2f2c · a3c2f2c
1 parent a615baf
commit a3c2f2c
Show file tree

Hide file tree

Showing 9 changed files with 12 additions and 13 deletions.
diff --git a/docs/versioned_docs/version-1.1/building-services/gramine.md b/docs/versioned_docs/version-1.1/building-services/gramine.md
@@ -73,7 +73,7 @@ The premain process is written in Go. The enclave needs to have enough resources
 
 ```toml
 sgx.enclave_size = "1024M"
-sgx.thread_num = 16
+sgx.max_threads = 16
 ```
 
 If your application has high memory demands, you may need to increase the size even further.

diff --git a/docs/versioned_docs/version-1.2/building-marbles/gramine.md b/docs/versioned_docs/version-1.2/building-marbles/gramine.md
@@ -73,7 +73,7 @@ The premain process is written in Go. The enclave needs to have enough resources
 
 ```toml
 sgx.enclave_size = "1024M"
-sgx.thread_num = 16
+sgx.max_threads = 16
 ```
 
 If your application has high memory demands, you may need to increase the size even further.

diff --git a/samples/gramine-hello/README.md b/samples/gramine-hello/README.md
@@ -4,7 +4,7 @@ This example shows how to run a [Gramine](https://github.com/gramineproject/gram
 
 ## Requirements
 
-First, install Gramine on [release v1.4](https://github.com/gramineproject/gramine/releases/tag/v1.4). You will need hardware with Intel SGX support.
+First, install Gramine on [release v1.5](https://github.com/gramineproject/gramine/releases/tag/v1.5). You will need hardware with Intel SGX support.
 
 Then, before you can run the example, make sure you got the prerequisites for ECDSA remote attestation installed on your system. You can collectively install them with the following command:
 

diff --git a/samples/gramine-nginx/README.md b/samples/gramine-nginx/README.md
@@ -2,7 +2,7 @@
 
 This example is a slightly modified variant of the [Gramine nginx example](https://github.com/gramineproject/gramine/tree/master/CI-Examples/nginx). These changes are required to run it with MarbleRun.
 
-*Prerequisite*: Gramine is installed on [release v1.4](https://github.com/gramineproject/gramine/releases/tag/v1.4) and the original nginx example is working. You will need hardware with Intel SGX support, and the Coordinator must not run in simulation mode.
+*Prerequisite*: Gramine is installed on [release v1.5](https://github.com/gramineproject/gramine/releases/tag/v1.5) and the original nginx example is working. You will need hardware with Intel SGX support, and the Coordinator must not run in simulation mode.
 
 To marbleize the example we edited [nginx.manifest.template](nginx.manifest.template). See comments starting with `MARBLERUN` for explanations of the required changes.
 

diff --git a/samples/gramine-nginx/nginx.manifest.template b/samples/gramine-nginx/nginx.manifest.template
@@ -34,7 +34,7 @@ sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
 # MARBLERUN: enclave must have enough memory for Go runtime of premain
 sgx.enclave_size = "1024M"
 # MARBLERUN: enclave must have enough threads for Go runtime of premain
-sgx.thread_num = 16
+sgx.max_threads = 16
 
 sgx.trusted_files = [
   "file:{{ gramine.libos }}",

diff --git a/samples/gramine-redis/Dockerfile b/samples/gramine-redis/Dockerfile
@@ -10,8 +10,7 @@ WORKDIR /premain/build
 RUN cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
 RUN make premain-libos
 
-FROM gramineproject/gramine:v1.4 AS release
-
+FROM gramineproject/gramine:v1.5 AS release
 RUN apt-get update && apt-get install -y \
     wget \
     libssl-dev \

diff --git a/samples/gramine-redis/README.md b/samples/gramine-redis/README.md
@@ -67,7 +67,7 @@ First, we are installing MarbleRun on your cluster.
 * Port-forward the Redis service to localhost
 
     ```bash
-    kubectl -n redis port-forward svc/redis 6379:6379 --address localhost >/dev/null &
+    kubectl -n redis port-forward svc/redis-main 6379:6379 --address localhost >/dev/null &
     ```
 
 ### Step 3: Using Redis
@@ -79,7 +79,7 @@ You can now securely connect to the Redis server using the `redis-cli` and the M
     ```bash
     wget http://download.redis.io/redis-stable.tar.gz
     tar xzf redis-stable.tar.gz && cd redis-stable
-    make BUILD_TLS=yes && cp redis-stable/src/redis-cli /usr/local/bin
+    make BUILD_TLS=yes && cp src/redis-cli /usr/local/bin
     ```
 
 * Obtain the Coordinator's CA certificate

diff --git a/samples/gramine-redis/manifest.json b/samples/gramine-redis/manifest.json
@@ -16,7 +16,7 @@
                     "/redis-data/redis.conf"
                 ],
                 "Files": {
-                    "/dev/attestation/protected_files_key": "{{ hex .Secrets.ProtectedFilesKey }}",
+                    "/dev/attestation/keys/redis-key": "{{ raw .Secrets.ProtectedFilesKey }}",
                     "/redis-data/redis.conf": "bind 0.0.0.0\nprotected-mode no\nport 0\ntls-port 6379\ntls-cert-file redis.crt\ntls-key-file redis.key\ntls-ca-cert-file ca.crt\ntls-auth-clients no\ntls-replication yes\ntls-cluster yes\nsave ''\ndir /redis-data/",
                     "/redis-data/redis.crt": "{{ pem .MarbleRun.MarbleCert.Cert }}",
                     "/redis-data/redis.key": "{{ pem .MarbleRun.MarbleCert.Private }}",
@@ -32,7 +32,7 @@
                     "/redis-data/redis.conf"
                 ],
                 "Files": {
-                    "/dev/attestation/protected_files_key": "{{ hex .Secrets.ProtectedFilesKey }}",
+                    "/dev/attestation/keys/redis-key": "{{ raw .Secrets.ProtectedFilesKey }}",
                     "/redis-data/redis.conf": "bind 0.0.0.0\nprotected-mode no\nport 0\ntls-port 6379\ntls-cert-file redis.crt\ntls-key-file redis.key\ntls-ca-cert-file ca.crt\ntls-auth-clients no\ntls-replication yes\ntls-cluster yes\nsave ''\ndir /redis-data/\nreplicaof redis-main.redis 6379",
                     "/redis-data/redis.crt": "{{ pem .MarbleRun.MarbleCert.Cert  }}",
                     "/redis-data/redis.key": "{{ pem .MarbleRun.MarbleCert.Private }}",

diff --git a/samples/gramine-redis/redis-server.manifest.template b/samples/gramine-redis/redis-server.manifest.template
@@ -67,7 +67,7 @@ fs.mounts = [
   { path = "/etc", uri = "file:/etc" },
 
   # Redis encrypted data dir
-  { type = "encrypted", path = "/redis-data/", uri = "file:redis-data/" },
+  { type = "encrypted", path = "/redis-data/", uri = "file:redis-data/", key_name = "redis-key" },
 ]
 
 ############################### SGX: GENERAL ##################################
@@ -100,7 +100,7 @@ sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
 # but spawns couple additional threads to do background bookkeeping. Therefore,
 # specifying '8' allows to run a maximum of 6 Redis threads which is enough.
 # MARBLERUN: enclave must have enough threads for Go runtime of premain
-sgx.thread_num = 16
+sgx.max_threads = 16
 
 ############################# SGX: TRUSTED FILES ###############################