From 74b34819d7c5582c0686dccfd2cdf3df058c6b1e Mon Sep 17 00:00:00 2001 From: Eddy Ashton Date: Tue, 17 Oct 2023 14:11:08 +0100 Subject: [PATCH] [release/4.x] Cherry pick: Pass enclave path as CLI argument rather than in configuration (#5665) (#5737) --- CHANGELOG.md | 6 ++++ doc/host_config_schema/cchost_config.json | 4 +-- src/host/configuration.h | 9 ++++-- src/host/main.cpp | 36 +++++++++++++++++++++-- tests/config.jinja | 1 - tests/e2e_operations.py | 17 +++++++---- tests/infra/remote.py | 9 +++++- 7 files changed, 67 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c703931c9d0..54b404cbdf41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [4.0.11] + +[4.0.11]: https://github.com/microsoft/CCF/releases/tag/ccf-4.0.11 + +- Path to the enclave file should now be passed as `--enclave-file` CLI argument to `cchost`, rather than `enclave.file` entry within configuration file. This is to ensure the path to the application file is attested on Confidential Containers/SNP, even if the configuration itself is provided from un-attested storage. The configuration entry is deprecated, and will be removed in a future release. + ## [4.0.10] [4.0.10]: https://github.com/microsoft/CCF/releases/tag/ccf-4.0.10 diff --git a/doc/host_config_schema/cchost_config.json b/doc/host_config_schema/cchost_config.json index 8023769fdc70..dba86ce3ff95 100644 --- a/doc/host_config_schema/cchost_config.json +++ b/doc/host_config_schema/cchost_config.json @@ -25,7 +25,7 @@ } }, "description": "This section includes configuration for the enclave application launched by this node", - "required": ["file"], + "required": [], "additionalProperties": false }, "network": { @@ -676,6 +676,6 @@ "minimum": 0 } }, - "required": ["enclave", "network", "command"], + "required": ["network", "command"], "additionalProperties": false } diff --git a/src/host/configuration.h b/src/host/configuration.h index 90d43e7481fb..f7ba51083aaa 100644 --- a/src/host/configuration.h +++ b/src/host/configuration.h @@ -64,6 +64,8 @@ namespace host std::string file; EnclaveType type; EnclavePlatform platform; + + bool operator==(const Enclave&) const = default; }; Enclave enclave = {}; @@ -165,8 +167,8 @@ namespace host }; DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(CCHostConfig::Enclave); - DECLARE_JSON_REQUIRED_FIELDS(CCHostConfig::Enclave, type, file); - DECLARE_JSON_OPTIONAL_FIELDS(CCHostConfig::Enclave, platform); + DECLARE_JSON_REQUIRED_FIELDS(CCHostConfig::Enclave); + DECLARE_JSON_OPTIONAL_FIELDS(CCHostConfig::Enclave, file, type, platform); DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(CCHostConfig::OutputFiles); DECLARE_JSON_REQUIRED_FIELDS(CCHostConfig::OutputFiles); @@ -221,9 +223,10 @@ namespace host CCHostConfig::Command, service_certificate_file, start, join, recover); DECLARE_JSON_TYPE_WITH_BASE_AND_OPTIONAL_FIELDS(CCHostConfig, CCFConfig); - DECLARE_JSON_REQUIRED_FIELDS(CCHostConfig, enclave, command); + DECLARE_JSON_REQUIRED_FIELDS(CCHostConfig, command); DECLARE_JSON_OPTIONAL_FIELDS( CCHostConfig, + enclave, tick_interval, slow_io_logging_threshold, node_client_interface, diff --git a/src/host/main.cpp b/src/host/main.cpp index de37cf3b7256..6731cacf1495 100644 --- a/src/host/main.cpp +++ b/src/host/main.cpp @@ -78,7 +78,13 @@ int main(int argc, char** argv) { // ignore SIGPIPE signal(SIGPIPE, SIG_IGN); - CLI::App app{"ccf"}; + CLI::App app{ + "CCF Host launcher. Runs a single CCF node, based on the given " + "configuration file.\n" + "Some parameters are marked \"(security critical)\" - these must be passed " + "on the CLI rather than within a configuration file, so that (on relevant " + "platforms) their value is captured in an attestation even if the " + "configuration file itself is unattested.\n"}; std::string config_file_path = "config.json"; app.add_option( @@ -109,9 +115,15 @@ int main(int argc, char** argv) .add_option( "--enclave-log-level", enclave_log_level, - "Logging level for the enclave code") + "Logging level for the enclave code (security critical)") ->transform(CLI::CheckedTransformer(log_level_options, CLI::ignore_case)); + std::string enclave_file_path; + app.add_option( + "--enclave-file", + enclave_file_path, + "Path to enclave application (security critical)"); + try { app.parse(argc, argv); @@ -262,8 +274,26 @@ int main(int argc, char** argv) config.slow_io_logging_threshold; // create the enclave + if (!config.enclave.file.empty()) + { + LOG_FAIL_FMT( + "DEPRECATED: Enclave path was specified in config file! This should be " + "removed from the config, and passed directly to the CLI instead"); + + if (enclave_file_path.empty()) + { + enclave_file_path = config.enclave.file; + } + } + + if (enclave_file_path.empty()) + { + LOG_FATAL_FMT("No enclave file path specified"); + return static_cast(CLI::ExitCodes::ValidationError); + } + host::Enclave enclave( - config.enclave.file, config.enclave.type, config.enclave.platform); + enclave_file_path, config.enclave.type, config.enclave.platform); // messaging ring buffers const auto buffer_size = config.memory.circuit_size; diff --git a/tests/config.jinja b/tests/config.jinja index b9ed8f94ead6..7e4da73c5334 100644 --- a/tests/config.jinja +++ b/tests/config.jinja @@ -1,6 +1,5 @@ { "enclave": { - "file": "{{ enclave_file }}", "type": "{{ enclave_type }}", "platform": "{{ enclave_platform }}" }, diff --git a/tests/e2e_operations.py b/tests/e2e_operations.py index 46fa9ee739c9..02d8a6037b9c 100644 --- a/tests/e2e_operations.py +++ b/tests/e2e_operations.py @@ -296,6 +296,7 @@ def run_file_operations(args): network.stop_all_nodes(skip_verification=True) test_split_ledger_on_stopped_network(primary, args) + args.common_read_only_ledger_dir = None # Reset for future tests def run_tls_san_checks(args): @@ -306,7 +307,6 @@ def run_tls_san_checks(args): args.perf_nodes, pdb=args.pdb, ) as network: - args.common_read_only_ledger_dir = None # Reset from previous test network.start_and_open(args) network.verify_service_certificate_validity_period( args.initial_service_cert_validity_days @@ -361,7 +361,8 @@ def run_tls_san_checks(args): # works as intended. It is difficult to do with the existing framework # as is because of the indirections and the fact that start() is a # synchronous call. - start_node_path = network.nodes[0].remote.remote.root + node = network.nodes[0] + start_node_path = node.remote.remote.root # Remove ledger and pid file to allow a restart shutil.rmtree(os.path.join(start_node_path, "0.ledger")) os.remove(os.path.join(start_node_path, "node.pid")) @@ -381,7 +382,15 @@ def run_tls_san_checks(args): env["ASAN_OPTIONS"] = "alloc_dealloc_mismatch=0" proc = subprocess.Popen( - ["./cchost", "--config", "0.config.json", "--config-timeout", "10s"], + [ + "./cchost", + "--config", + "0.config.json", + "--config-timeout", + f"{config_timeout}s", + "--enclave-file", + node.remote.enclave_file, + ], cwd=start_node_path, env=env, stdout=open(os.path.join(start_node_path, "out"), "wb"), @@ -435,7 +444,6 @@ def run_preopen_readiness_check(args): args.perf_nodes, pdb=args.pdb, ) as network: - args.common_read_only_ledger_dir = None # Reset from previous test network.start(args) primary, _ = network.find_primary() with primary.client() as c: @@ -459,7 +467,6 @@ def run_pid_file_check(args): args.perf_nodes, pdb=args.pdb, ) as network: - args.common_read_only_ledger_dir = None # Reset from previous test network.start_and_open(args) LOG.info("Check that pid file exists") node = network.nodes[0] diff --git a/tests/infra/remote.py b/tests/infra/remote.py index ef42f9293a37..392a43cd9c19 100644 --- a/tests/infra/remote.py +++ b/tests/infra/remote.py @@ -757,7 +757,7 @@ def __init__( t = t_env.get_template(self.TEMPLATE_CONFIGURATION_FILE) output = t.render( start_type=start_type.name.title(), - enclave_file=self.enclave_file, + enclave_file=self.enclave_file, # Ignored by current jinja, but passed for LTS compat enclave_type=enclave_type.title(), enclave_platform=enclave_platform.title() if enclave_platform == "virtual" @@ -837,6 +837,12 @@ def __init__( "--enclave-log-level", enclave_log_level, ] + + if v is None or v >= Version("4.0.11"): + cmd += [ + "--enclave-file", + self.enclave_file, + ] if start_type == StartType.start: members_info = kwargs.get("members_info") @@ -884,6 +890,7 @@ def __init__( sig_tx_interval = kwargs.get("sig_tx_interval") primary_rpc_interface = host.get_primary_interface() + cmd = [ bin_path, f"--enclave-file={self.enclave_file}",