Skip to content
This repository was archived by the owner on Jul 25, 2024. It is now read-only.

K8s #309

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

K8s #309

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
887d7fb
Update k8s docs
Sep 27, 2023
0e7eef2
Update k8s docs
Sep 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ dkeycache/App/auto_version.h
dkeyserver/App/auto_version.h

test/__pycache__/
test/ehsm_enclave_out.log

sdk/rust/target/
sdk/rust/Cargo.lock
3 changes: 2 additions & 1 deletion docker/.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,5 @@ DKEYCACHE_SOCKET_LOCALTION='/var/run/ehsm'
DKEYSERVER_ROLE="root"

# eHMS KMS port
KMS_PORT=9000
KMS_PORT=9000
TAG_VERSION=main
4 changes: 2 additions & 2 deletions docs/build-instructions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ Welcome to see the build instructions for the ehsm-kms project.
```
``` vi
# PCCS server address
PCCS_URL=https://1.2.3.4:8081/sgx/certification/v3/ (your pccs IP)
"pccs_url": "https://1.2.3.4:8081/sgx/certification/v3/" (your pccs IP)

# To accept insecure HTTPS certificate, set this option to FALSE
USE_SECURE_CERT=FALSE
"use_secure_cert": false
```

* Install docker-compose
Expand Down
4 changes: 2 additions & 2 deletions docs/deployment-instructions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ This below diagram depicts the high-level overview of the eHSM-KMS in K8S cluste
* Download and Start the Dkeyserver service in the Dkeyserver node

```Shell
wget https://github.com/intel/ehsm/tree/main/docker/k8s/run_dkeyserver.sh
wget https://github.com/intel/ehsm/raw/main/docker/k8s/run_dkeyserver.sh

# modify the below configs
EHSM_DOCKER_IMAGE_NAME="intelccc/ehsm_dkeyserver:0.2.0" --> <your_dkeyserver_image>
Expand All @@ -40,7 +40,7 @@ This below diagram depicts the high-level overview of the eHSM-KMS in K8S cluste
* Download and modify the yaml file in the K8S master node.
```Shell
Notes: You can get the example YAML file from:
https://github.com/intel/ehsm/tree/main/docker/k8s/ehsm-kms.yaml
https://github.com/intel/ehsm/raw/main/docker/k8s/ehsm-kms.yaml

# Modify the below parameters based on your environment

Expand Down
2 changes: 1 addition & 1 deletion docs/k8s-setup-guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ You must have at least three computers,a master-node server,one or more work-nod
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
#SupportIPVSProxyMode: true
mode: ipvs

# Start initialize and save log to kubeadm-init.log
Expand Down
142 changes: 142 additions & 0 deletions test/ehsm_enclave_out.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
=============================
The metadata information:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why add this log?

=============================
metadata->magic_num: 0x86a80294635d0e4c
metadata->version: 0x100000004
metadata->size: 0x1028
metadata->tcs_policy: 0x1
metadata->ssa_frame_size: 0x1
metadata->max_save_buffer_size: 0xa80
metadata->desired_misc_select: 0x0
metadata->enclave_size: 0x2000000
metadata->attributes.flags: 0x4
metadata->attributes.xfrm: 0xe7
metadata->enclave_css.header.header:
0x06 0x00 0x00 0x00 0xe1 0x00 0x00 0x00 0x00 0x00 0x01 0x00
metadata->enclave_css.header.type: 0x0
metadata->enclave_css.header.module_vendor: 0x0
metadata->enclave_css.header.date: 0x20230927
metadata->enclave_css.header.header2:
0x01 0x01 0x00 0x00 0x60 0x00 0x00 0x00 0x60 0x00 0x00 0x00 0x01 0x00 0x00 0x00
metadata->enclave_css.header.hw_version: 0x0
metadata->enclave_css.key.modulus:
0x8b 0xe1 0x27 0x31 0x65 0x4c 0xdb 0x9c 0x0d 0x91 0x1a 0xe6 0xd9 0xa3 0x45 0xa9
0x47 0xcd 0xc0 0x52 0xc1 0x1d 0x83 0x82 0xa0 0x32 0x9b 0xf8 0x80 0x95 0x8e 0x3e
0xf1 0x60 0xc0 0x13 0x58 0x6c 0xd4 0x86 0xb2 0x1b 0x02 0x6c 0x1c 0x96 0xe4 0xb1
0xab 0x1c 0x6b 0x2f 0x24 0xdc 0x3b 0xae 0x63 0xfd 0xec 0x02 0x7f 0xbe 0xa7 0x9c
0xc4 0x91 0x25 0xf7 0x81 0x0b 0x55 0xcd 0x8c 0xf5 0x73 0xb2 0x2a 0x19 0x62 0xbd
0xbd 0xf6 0xa0 0x3a 0x80 0x8d 0x45 0x1c 0x0e 0xc2 0x55 0x03 0x3b 0xca 0x39 0x47
0x77 0x12 0x5f 0xd0 0x38 0x73 0x56 0xcf 0x8c 0x7f 0x5f 0x44 0x0f 0x75 0x87 0x11
0x2c 0x13 0x93 0x6d 0x34 0xbc 0xd2 0x86 0xd4 0x35 0x3d 0xa8 0xb7 0x02 0xde 0x2f
0xf3 0x51 0x3d 0x63 0x0c 0xdb 0x9b 0x0d 0x53 0x6e 0x31 0x37 0x6d 0x0c 0x1f 0x2c
0x9f 0x91 0xdf 0x14 0xeb 0x9a 0xb9 0x71 0x95 0x48 0xf3 0x53 0x62 0x43 0x3f 0x15
0x69 0x58 0x24 0x33 0x26 0x7d 0x9f 0xeb 0x2d 0xe2 0x64 0x74 0x10 0x6d 0xa0 0x26
0x9e 0xe1 0xc1 0x77 0xe0 0x00 0x15 0xad 0xd3 0xd1 0xf1 0x39 0x25 0xd8 0x25 0x37
0x32 0xe7 0x57 0x96 0x18 0x45 0xab 0x36 0x1e 0x79 0x98 0xa1 0x89 0x89 0xe4 0xdf
0xfc 0x88 0x14 0x7a 0xb7 0xb3 0x29 0x1b 0xd5 0x0d 0xa5 0x1d 0x59 0x9f 0x38 0xe4
0x02 0x0b 0x48 0x1f 0x82 0x5f 0x4e 0x83 0x9a 0x98 0xfc 0xed 0xa2 0x09 0x1d 0x61
0x45 0x26 0x20 0xa8 0xf8 0x11 0x1f 0x64 0x27 0x1b 0xec 0x61 0x31 0x84 0x3d 0x9f
0x65 0x55 0xcd 0x62 0x16 0x95 0x2a 0x99 0xc2 0x0a 0xbb 0xdd 0x5a 0x3d 0xd9 0x93
0x4b 0xfa 0x1e 0x38 0x67 0x3e 0xd0 0x87 0x1f 0x4f 0xa9 0x28 0x8c 0x51 0xa0 0xf4
0x50 0x37 0xbc 0xc7 0xba 0x77 0x13 0xc1 0x71 0xcf 0x76 0x45 0x9f 0x69 0x02 0x41
0xfe 0x37 0xb3 0x8b 0xf8 0x49 0x0b 0xac 0x0f 0x80 0x79 0x5a 0x42 0x71 0x36 0xa7
0x4b 0x3d 0xc3 0xae 0x81 0xbe 0xf5 0xbc 0x28 0x05 0x41 0x7f 0xf5 0xca 0x14 0xd1
0xb3 0x6a 0xb4 0x6a 0xbd 0x34 0xb8 0xf7 0x01 0xa3 0x9c 0x73 0xf4 0x19 0x3e 0xcb
0xb0 0x11 0xa6 0xc7 0xfd 0xf5 0xa4 0xec 0x75 0xdd 0x08 0xb9 0x89 0x3a 0x66 0x70
0xff 0x2d 0xa5 0x1f 0xb0 0x4a 0xcc 0x21 0xd4 0x9d 0xb3 0xf2 0xc3 0x78 0x98 0xb8
metadata->enclave_css.key.exponent:
0x03 0x00 0x00 0x00
metadata->enclave_css.key.signature:
0x59 0xf9 0x54 0x1d 0x3c 0x3a 0xf0 0xca 0xb3 0xb3 0xa5 0xd1 0x1b 0x76 0x8d 0xe0
0xdc 0xcc 0x1c 0x5e 0x92 0xab 0x92 0xef 0x79 0x86 0x34 0x7e 0x71 0xff 0x10 0xba
0x62 0x7e 0x90 0x07 0x76 0x46 0x52 0xff 0xe5 0x58 0x39 0xa2 0x86 0xfc 0x9d 0xd1
0x47 0x49 0xa2 0x94 0xfd 0x7a 0xb0 0x00 0xf0 0xc5 0x2c 0xf9 0x48 0x17 0x10 0x51
0xbe 0x17 0xe0 0x95 0xf2 0x5d 0x7e 0x74 0xce 0x7a 0x4d 0xb1 0xbd 0xd0 0x24 0xfa
0x2b 0x01 0x02 0xc2 0x4f 0x79 0xed 0x83 0xdd 0xe5 0xd3 0xbe 0xaa 0x33 0x58 0x99
0x20 0xb7 0xe9 0x45 0x4c 0x8a 0x20 0x24 0x91 0x07 0x09 0x0d 0x1c 0x63 0x91 0xe3
0xee 0xbb 0x59 0xe1 0xab 0x3b 0x3c 0xd5 0x6f 0xb4 0x0a 0xe4 0x94 0xad 0x9c 0x39
0x67 0x8c 0x77 0x49 0x38 0xf3 0xb8 0x9a 0x4f 0x4d 0xd6 0x7d 0x67 0xe7 0xbd 0x28
0xaf 0xe0 0x69 0xda 0x38 0x86 0xfa 0xb4 0x1b 0xdf 0x73 0x77 0x04 0x86 0x9b 0x52
0xd4 0x92 0x9a 0xf1 0x1a 0x9d 0x54 0xbd 0xc8 0x80 0xf8 0x77 0x6a 0x3e 0xfe 0xce
0x82 0xf0 0xd1 0xf2 0x89 0x97 0x45 0x58 0xa5 0xfe 0xfa 0xb1 0xff 0x0c 0xd2 0xb4
0x87 0xf8 0xec 0x07 0x41 0x73 0x87 0xeb 0x76 0xda 0x97 0xfb 0x86 0xd4 0x1f 0xe0
0x2b 0xa8 0xd9 0xd8 0x60 0x33 0x7a 0x7c 0xe5 0x82 0xea 0x5f 0x67 0x0f 0x4c 0x94
0x01 0xb2 0x02 0xa0 0x98 0xcf 0x2c 0xeb 0xed 0x6b 0xcb 0xf2 0xaf 0xb0 0xd5 0x44
0x4d 0xfc 0x67 0x56 0xe5 0x3f 0xfc 0x74 0xa2 0xbf 0xdb 0xf0 0x4a 0x64 0x4e 0xfe
0x6f 0x24 0x38 0x65 0x9b 0x38 0xea 0xfb 0x33 0xaf 0x8b 0x8b 0x9f 0xc7 0xcb 0xbf
0xee 0x60 0x17 0x40 0xa4 0xb4 0x34 0x8e 0xfe 0xcf 0xcd 0x61 0x0f 0xa3 0x08 0x65
0x1b 0x01 0x0d 0xf4 0x3e 0x02 0xbf 0x00 0x1f 0xa1 0xdf 0xa0 0xc7 0x81 0xb4 0x7f
0xd8 0x53 0x61 0x61 0x8b 0xf9 0xf6 0x54 0x1d 0x4e 0x80 0x40 0x58 0xc2 0xc4 0x56
0xc2 0x05 0x69 0x49 0x08 0xe3 0xe2 0x2b 0xca 0x74 0xf2 0x28 0x11 0xfc 0x45 0x06
0xbc 0xd2 0x54 0x0e 0x53 0xa8 0xd8 0x04 0x6f 0xce 0xd4 0x33 0x64 0xa3 0x3c 0xad
0x6e 0xc0 0xc1 0x8c 0xb8 0x14 0x77 0xda 0x06 0x3a 0xa1 0x87 0x3a 0xec 0xa5 0x2d
0x8c 0x4c 0xd4 0x67 0x90 0xe2 0x09 0x89 0xc5 0x1d 0x53 0xad 0x57 0x83 0x3d 0xb6
metadata->enclave_css.body.misc_select: 0x0
metadata->enclave_css.body.misc_mask: 0xffffffff
metadata->enclave_css.body.attributes.flags: 0x4
metadata->enclave_css.body.attributes.xfrm: 0x3
metadata->enclave_css.body.attribute_mask.flags: 0xff00fffffffffffd
metadata->enclave_css.body.attribute_mask.xfrm: 0xffffffffffffff1b
metadata->enclave_css.body.enclave_hash.m:
0x9a 0x16 0x62 0xf0 0xb0 0xe7 0x35 0xab 0xf4 0xe0 0xed 0x15 0x93 0xcf 0x8f 0x5c
0x93 0x26 0x0d 0xbf 0x33 0xf6 0xc2 0x0c 0x2e 0xa1 0x89 0x73 0xb6 0xe1 0x8f 0x0f
metadata->enclave_css.body.isv_prod_id: 0x0
metadata->enclave_css.body.isv_svn: 0x0
metadata->enclave_css.buffer.q1:
0x18 0x1e 0xdd 0xe9 0x17 0x66 0x79 0x67 0x7d 0xbd 0x3f 0xf1 0x32 0xdc 0x92 0xd9
0xea 0xb2 0x11 0xb7 0xfc 0x87 0xbe 0xc6 0x47 0x11 0x3b 0x19 0x71 0xa6 0xa5 0xc9
0xff 0xff 0xfd 0x5f 0x73 0xbd 0x5f 0x6b 0xfc 0x90 0xc6 0xc3 0x22 0xd7 0x88 0xf6
0xd9 0x9d 0xf8 0xfd 0xd2 0xc7 0xef 0x18 0x22 0x82 0xb8 0x2c 0x7e 0x63 0xa9 0xd1
0x0d 0x84 0xb6 0xff 0x05 0x86 0x13 0xa3 0xad 0xb5 0xa5 0x51 0xf6 0x2d 0x47 0x0c
0x1f 0x24 0x24 0x0f 0x03 0x7e 0x59 0x2b 0x77 0x5a 0x15 0x24 0x3e 0xf3 0x41 0x67
0x41 0x40 0x46 0x45 0x9e 0x85 0x86 0xc1 0x09 0x43 0x95 0x95 0x51 0xea 0xe5 0xdd
0x7a 0x33 0x21 0x12 0xa9 0xc5 0x85 0x84 0xa0 0x5f 0xb8 0x96 0x80 0x96 0xad 0xf4
0xc0 0xf8 0x10 0xa6 0x95 0x01 0x1c 0x21 0x53 0xb4 0xd3 0x07 0xef 0xc1 0x4c 0xeb
0xd3 0xdd 0xf0 0xe6 0x03 0xac 0x8c 0x1c 0xbd 0x48 0xf6 0x6e 0x82 0x98 0x29 0xd2
0x14 0xb0 0x67 0xdc 0x9c 0x32 0x26 0x53 0x6e 0xa7 0xfb 0xfb 0x95 0x3e 0x25 0x08
0x2e 0x6f 0xa0 0x9a 0x95 0xfb 0x9f 0xeb 0x56 0x55 0x21 0x43 0x7b 0x9f 0xec 0xe7
0xee 0x04 0xac 0xff 0x76 0x92 0xd3 0x29 0x2b 0x13 0xdd 0x6a 0xc0 0x77 0x78 0x49
0x3d 0xc4 0x02 0xf5 0x5a 0x18 0x8b 0x0d 0xea 0x79 0xa4 0xd4 0x41 0xf6 0x0f 0x55
0xc8 0x79 0x38 0x70 0xa1 0xab 0x33 0xa8 0x25 0x23 0xe8 0x5a 0x74 0x58 0xc0 0x62
0x76 0x85 0xe7 0xd2 0x87 0xfc 0x0e 0xca 0x35 0xa0 0x06 0x8d 0x88 0xc4 0x05 0xa4
0x61 0x3a 0xab 0xf4 0xb2 0x2b 0x9f 0x0e 0x57 0x8b 0x1e 0x27 0x3c 0x8a 0x5d 0x2f
0xdd 0x2a 0x65 0x2a 0x29 0x61 0x03 0x10 0xbd 0xe8 0xc1 0x64 0x35 0x09 0x28 0x41
0xa6 0x07 0xfd 0x00 0xf2 0x7a 0x4d 0x94 0xbc 0x0a 0x9e 0x98 0x33 0x0c 0xd4 0x2f
0x54 0x53 0xb7 0xde 0xeb 0xc0 0xc5 0xb0 0xee 0xbb 0x47 0x59 0x22 0xa8 0x25 0x53
0x8c 0x2d 0x8d 0x76 0x87 0x2f 0x20 0x55 0x85 0x27 0xc1 0x06 0x06 0x39 0xd1 0x07
0x87 0x46 0xab 0x1b 0x62 0xfe 0x54 0xf1 0xa3 0xb7 0x9e 0x7d 0xcc 0xb4 0x7c 0xc0
0xa7 0x7d 0xdc 0xb5 0x40 0xb8 0xbb 0x03 0xda 0xfc 0x58 0x2d 0x58 0xa3 0xf7 0x8b
0x2c 0xe9 0xe3 0xa6 0x84 0x65 0xb8 0x02 0x36 0x0c 0x8b 0xd8 0x68 0x3f 0xea 0xb3
metadata->enclave_css.buffer.q2:
0xe3 0x93 0x01 0x0e 0x95 0x34 0x83 0xe6 0xfd 0x2e 0x8c 0x8a 0x7c 0x5c 0x56 0xe3
0xee 0xce 0xcb 0x4d 0x17 0xe8 0x66 0x00 0x57 0xf9 0xb6 0x10 0x8c 0x7f 0xd4 0xbe
0x58 0x4f 0x5e 0xd8 0x02 0x7e 0x76 0x75 0x44 0x33 0x73 0xf6 0xc4 0x12 0x61 0x2c
0xde 0xd0 0xcd 0x72 0x3a 0xc6 0xb7 0x36 0x34 0x60 0xa0 0x21 0xbb 0x02 0xad 0x20
0xc4 0x0e 0x46 0x1f 0xb4 0xff 0xce 0x9e 0xd9 0x68 0x30 0xed 0x10 0xfb 0xda 0x59
0x44 0xca 0xcd 0xca 0xc5 0xdc 0x51 0x0c 0xda 0x51 0x66 0x30 0x55 0x49 0x3c 0xda
0x82 0x8d 0x8d 0xa0 0x81 0x9e 0x0f 0x01 0x15 0x77 0x90 0xcd 0x21 0x96 0x27 0x02
0x76 0xe4 0x08 0x30 0xe2 0xf3 0xa7 0x74 0x5e 0xa9 0x25 0x2d 0xe3 0xe7 0xb9 0x0d
0x58 0xf6 0xa1 0x91 0x23 0x9c 0xb6 0x87 0xc1 0x42 0x96 0xd7 0xa8 0x41 0xd0 0xf1
0x30 0x9d 0xc4 0xb4 0x35 0x18 0xd3 0xcd 0xe9 0x03 0xd5 0xcd 0xd8 0x9c 0x89 0xb6
0x86 0xf2 0x6e 0xf2 0xf5 0x2a 0x22 0x4a 0x92 0x08 0x52 0x0a 0x54 0xed 0xb1 0xdd
0xd4 0x94 0x0c 0x41 0xb5 0x9a 0x22 0x68 0x73 0xe1 0x3c 0x7b 0x63 0xed 0xf9 0x63
0xa0 0x54 0x2c 0x9a 0x0e 0x46 0x32 0x28 0xf8 0x52 0xc7 0x95 0x7b 0x92 0x32 0x14
0xa6 0x37 0xea 0x2e 0x6c 0x34 0xcd 0x66 0x98 0x1a 0x22 0x7d 0xc8 0xc4 0xc1 0xd5
0x03 0xc0 0xd7 0xc4 0x83 0xac 0x02 0x56 0x84 0x55 0x5e 0x2c 0x85 0x5d 0x3d 0xf2
0x6e 0x71 0x14 0x22 0x55 0x76 0xf7 0x31 0x74 0x70 0xa4 0xd3 0xc4 0x95 0x6f 0xc7
0x65 0xb5 0x3e 0x15 0xf4 0x69 0x91 0x27 0x1b 0xed 0xec 0x3b 0x68 0x0e 0x8e 0xdc
0x94 0xa5 0xf3 0x50 0xd9 0xd4 0x9d 0x8f 0x6b 0xb9 0xb6 0xa5 0x85 0xeb 0xf7 0x32
0x84 0x2d 0x46 0xf8 0x92 0xb0 0x8f 0x4f 0x89 0x11 0xdb 0xc4 0x28 0x1e 0xa1 0x86
0x72 0xb7 0xa0 0x73 0x31 0x10 0x58 0xb3 0x18 0x42 0xc1 0x94 0x4e 0x7f 0xfc 0x8e
0xd5 0xd6 0xac 0xa8 0xd7 0x3d 0x4b 0x4f 0x7e 0x40 0x77 0x4a 0x45 0xc4 0xfd 0x1c
0xfc 0x82 0x70 0x08 0x71 0xea 0x38 0xd6 0x55 0xea 0x8f 0x28 0xe1 0xf4 0xfd 0xd3
0x0d 0x49 0x99 0x11 0x09 0xcd 0xa2 0x18 0xd2 0xb3 0xf3 0xd4 0x93 0xb1 0xe5 0x35
0xa8 0x3c 0xc1 0x8c 0xc2 0xd9 0x55 0x6a 0x08 0x8d 0x8d 0xd7 0xe6 0xa4 0x3e 0x5a


===================
The mrsigner value:
===================
mrsigner->value:
0xc3 0x04 0x46 0xb4 0xbe 0x9b 0xaf 0x0f 0x69 0x72 0x84 0x23 0xea 0x61 0x3e 0xf8
0x1a 0x63 0xe7 0x2a 0xcf 0x74 0x39 0xfa 0x05 0x49 0x00 0x1f 0xd5 0x48 0x28 0x35