diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f561c3..0b9234f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. +## [[1.1.1]](https://github.com/iExecBlockchainComputing/iexec-commons-containers/releases/tag/v1.1.1) 2023-09-27 + +### Bug Fixes +- Revert PR #23, the official **SGX devices** coming with the **in-kernel SGX driver** since kernel 5.11 + are not yet supported in SGX enclaves based on the Gramine framework currently in use. (#25) + ## [[1.1.0]](https://github.com/iExecBlockchainComputing/iexec-commons-containers/releases/tag/v1.1.0) 2023-09-26 ### New Features diff --git a/src/main/java/com/iexec/commons/containers/SgxDriverMode.java b/src/main/java/com/iexec/commons/containers/SgxDriverMode.java index 7a8dab4..d2f11dd 100644 --- a/src/main/java/com/iexec/commons/containers/SgxDriverMode.java +++ b/src/main/java/com/iexec/commons/containers/SgxDriverMode.java @@ -16,12 +16,35 @@ package com.iexec.commons.containers; +import lombok.Getter; + import javax.annotation.Nonnull; +/** + * List of supported SGX drivers and devices. + *
+ * Currently, 3 modes are supported: + *
+ * Since kernel version 5.11, official devices are {@code /dev/sgx_enclave} and {@code /dev/sgx_provision}. + * It is not possible to upgrade the {@code NATIVE} driver mode with those devices as we use an old version of the + * Gramine framework which does not support them. An upgrade to a newer version of the Gramine framework is required + * before updating this enum. + * + * @see + * Gramine SGX drivers support + */ +@Getter public enum SgxDriverMode { NONE(), LEGACY("/dev/isgx"), - NATIVE("/dev/sgx_enclave", "/dev/sgx_provision"); + NATIVE("/dev/sgx/enclave", "/dev/sgx/provision"); private final String[] devices; @@ -29,10 +52,6 @@ public enum SgxDriverMode { this.devices = driverNames; } - public String[] getDevices() { - return devices; - } - /** * Returns {@literal false} if given {@link SgxDriverMode} is {@literal null} * or {@link SgxDriverMode#NONE}, {@literal true} otherwise. diff --git a/src/test/java/com/iexec/commons/containers/DockerRunRequestTests.java b/src/test/java/com/iexec/commons/containers/DockerRunRequestTests.java index 26f62d9..951da43 100644 --- a/src/test/java/com/iexec/commons/containers/DockerRunRequestTests.java +++ b/src/test/java/com/iexec/commons/containers/DockerRunRequestTests.java @@ -86,15 +86,15 @@ void shouldAddNativeSgxDevices() { assertThat(request.getDevices().get(0).getcGroupPermissions()) .isEqualTo(SgxUtils.SGX_CGROUP_PERMISSIONS); assertThat(request.getDevices().get(0).getPathInContainer()) - .isEqualTo("/dev/sgx_enclave"); + .isEqualTo("/dev/sgx/enclave"); assertThat(request.getDevices().get(0).getPathOnHost()) - .isEqualTo("/dev/sgx_enclave"); + .isEqualTo("/dev/sgx/enclave"); assertThat(request.getDevices().get(1).getcGroupPermissions()) .isEqualTo(SgxUtils.SGX_CGROUP_PERMISSIONS); assertThat(request.getDevices().get(1).getPathInContainer()) - .isEqualTo("/dev/sgx_provision"); + .isEqualTo("/dev/sgx/provision"); assertThat(request.getDevices().get(1).getPathOnHost()) - .isEqualTo("/dev/sgx_provision"); + .isEqualTo("/dev/sgx/provision"); } // endregion