Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update vale #242

Merged
merged 1 commit into from
Jan 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 5 additions & 10 deletions .github/workflows/vale.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Linting
name: Vale
on:
push:
branches:
Expand All @@ -10,17 +10,12 @@ on:
- "docs/**"

jobs:
prose:
vale:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: actions/checkout@v3

- name: Vale
uses: errata-ai/vale-action@v2
- uses: errata-ai/vale-action@reviewdog
with:
files: docs/docs
env:
# Required, set by GitHub actions automatically:
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
fail_on_error: true
1 change: 1 addition & 0 deletions .vale.ini
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ Vocab = edgeless

[*.md]
BasedOnStyles = Vale, Microsoft, Google
Vale.Terms = NO

# decrease to suggestion
Microsoft.Foreign = suggestion # conflicts with Microsoft.Contractions
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/knowledge/limitations.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ These usually compile, but return an error at runtime.
* `os/exec`: spawning processes is unsupported
* `os/signal`: signals aren't passed to the enclave

## cgo: Unsupported libc functions
## cgo: Unsupported `libc` functions

Using these functions causes a build, sign, or runtime error.

Expand Down
4 changes: 3 additions & 1 deletion docs/docs/knowledge/model.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
# Programming model

Enclaves are execution environments isolated from the rest of the system. In the original SGX programming model, the application code is partitioned into trusted and untrusted code. The untrusted code runs in a conventional process. Within this process, one or more enclaves are created that execute the trusted code. The enclave is entered with an *ECALL*. The enclave can transfer execution to untrusted code by performing an *OCALL*.

EGo has a different programming model: The entire application runs inside the enclave. Transitions between trusted and untrusted code are hidden inside the EGo runtime and are transparent to the developer. Internally, an ECALL is performed when the enclave creates a new thread. The enclave uses OCALLs to implement some classes of syscalls, e.g., file and network I/O. (Some syscalls can be fully emulated within the enclave.) Manual ECALLs/OCALLs by application code are neither required nor possible.
EGo has a different programming model: The entire application runs inside the enclave. Transitions between trusted and untrusted code are hidden inside the EGo runtime and are transparent to the developer. Internally, an ECALL is performed when the enclave creates a new thread. The enclave uses OCALLs to implement some classes of system calls, e.g., file and network I/O. (Some system calls can be fully emulated within the enclave.) Manual ECALLs/OCALLs by application code are neither required nor possible.

Advantages of this approach are:

* Developing a confidential app is almost like developing a conventional app. Developers don't need to learn a new programming model.
* No need to partition an app, which can be effortful and error-prone
* Porting an existing app is simple
2 changes: 1 addition & 1 deletion docs/docs/reference/cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ Run a signed executable as a MarbleRun Marble

Run a signed executable as a MarbleRun Marble.
Requires a running MarbleRun Coordinator instance.
Environment variables are only readable from within the enclave if they start with "EDG_" and
Environment variables are only readable from within the enclave if they start with `EDG_` and
will be extended/overwritten with the ones specified in the manifest.

Requires the following configuration environment variables:
Expand Down
22 changes: 14 additions & 8 deletions docs/docs/reference/config.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
# Configuration file

Your enclave's configuration is defined in JSON and applied when signing an executable via `ego sign`.

Here's an example configuration:

```json
{
"exe": "helloworld",
Expand Down Expand Up @@ -47,6 +49,7 @@ Here's an example configuration:
```

## Basic settings

`exe` is the (relative or absolute) path to the executable that should be signed.

`key` is the path to the private RSA key of the signer. When invoking `ego sign` and the key file doesn't exist, a key with the required parameters is automatically generated. You can also generate it yourself with:
Expand All @@ -55,7 +58,7 @@ Here's an example configuration:
openssl genrsa -out private.pem -3 3072
```

If `debug` is true, the enclave will be debuggable.
If `debug` is true, the enclave can be inspected with a debugger.

`heapSize` specifies the heap size available to the enclave in MB. It should be at least 512 MB.

Expand All @@ -66,12 +69,13 @@ If `executableHeap` is true, the enclave heap will be executable. This is requir
`securityVersion` should be incremented by the developer whenever a security fix is made to the enclave code.

## Mounts

`mounts` define custom mount points that apply to the file system presented to the enclave. This can be omitted if no mounts other than the default mounts should be performed, or you can define multiple entries with the following parameters:

* `source` (required for `hostfs`): The directory from the host file system that should be mounted in the enclave when using `hostfs`. If this is a relative path, it will be relative to the working directory of the ego host process. For `memfs`, this value will be ignored and can be omitted.
* `target` (required): Defines the mount path in the enclave.
* `type` (required): Either `hostfs` if you want to mount a path from the host's file system in the enclave, or `memfs` if you want to use a temporary file system similar to *tmpfs* on UNIX systems, with your data stored in the secure memory environment of the enclave.
* `readOnly`: Can be `true` or `false` depending on if you want to mount the path as read-only or read-write. When omitted, will default to read-write.
* `source` (required for `hostfs`): The directory from the host file system that should be mounted in the enclave when using `hostfs`. If this is a relative path, it will be relative to the working directory of the ego host process. For `memfs`, this value will be ignored and can be omitted.
* `target` (required): Defines the mount path in the enclave.
* `type` (required): Either `hostfs` if you want to mount a path from the host's file system in the enclave, or `memfs` if you want to use a temporary file system similar to *tmpfs* on UNIX systems, with your data stored in the secure memory environment of the enclave.
* `readOnly`: Can be `true` or `false` depending on if you want to mount the path as read-only or read-write. When omitted, will default to read-write.

By default, `/` is initialized as an empty `memfs` file system. To expose certain directories to the enclave, you can use the `hostfs` mounts with the options mentioned above. You can also choose to define additional `memfs` mount points, but note that there is no explicit isolation between them. They can be accessed either via the path specified in `target` or also via `/edg/mnt/<target>`, which is where the files of the additional `memfs` mount are stored internally.

Expand All @@ -82,15 +86,17 @@ It's not recommended to use the mount options to remount `/` as `hostfs` other t
:::

## Environment variables

`env` holds environment variables to set or take over from the host inside the enclave. By default, all environment variables not starting with `EDG_` are dropped when entering the enclave.

* `name` (required): The name of the environment variable
* `value` (required if not `fromHost`): The value of the environment variable
* `fromHost`: When set to `true`, the current value of the requested environment variable will be copied over if it exists on the host. If the host doesn't hold this variable, it will either fall back to the value set in `value` (if it exists), or won't be created at all.
* `name` (required): The name of the environment variable
* `value` (required if not `fromHost`): The value of the environment variable
* `fromHost`: When set to `true`, the current value of the requested environment variable will be copied over if it exists on the host. If the host doesn't hold this variable, it will either fall back to the value set in `value` (if it exists), or won't be created at all.

A special environment variable is `PWD`. Depending on the mount options you have set in your configuration, you can set the initial working directory of your enclave by specifying your desired path as a value for `PWD`. Note that this directory needs to exist in the context of the enclave, not your host file system.

## Embedded files

`files` specifies files that should be embedded into the enclave. Embedded files are included in the enclave measurement and thus can't be manipulated. At runtime they're accessible via the in-enclave-memory filesystem.

`source` is the path to the file that should be embedded. `target` Is the path within the in-enclave-memory filesystem where the file will reside at runtime.
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/workflows/debug.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ ego-gdb --args ./helloworld

The enclave may raise SIGILL signals during startup. These are expected and will be handled by EGo, so you can just `continue`. Use `handle SIGILL nostop` to do this automatically.

Setting up the `mi` interface for VSCode is a bit trickier. First, install the [C/C++ extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.cpptools).
Setting up the `mi` interface for Visual Studio Code is a bit trickier. First, install the [C/C++ extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.cpptools).

Use one of the following templates for your `.vscode/launch.json` file. Just replace `samples/helloworld/helloworld` with the path to your EGo executable.

Expand Down
12 changes: 0 additions & 12 deletions docs/styles/Google/OptionalPlurals.yml

This file was deleted.

4 changes: 3 additions & 1 deletion docs/styles/Google/Spelling.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,6 @@ ignorecase: true
level: warning
tokens:
- '(?:\w+)nised?'
- '(?:\w+)logue'
- 'colour'
- 'labour'
- 'centre'
6 changes: 3 additions & 3 deletions docs/styles/Google/Units.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
extends: existence
message: "Put a nonbreaking space between the number and the unit in '%s'."
link: 'https://developers.google.com/style/units-of-measure'
link: "https://developers.google.com/style/units-of-measure"
nonword: true
level: error
tokens:
- \d+(?:B|kB|MB|GB|TB)
- \d+(?:ns|ms|s|min|h|d)
- \b\d+(?:B|kB|MB|GB|TB)
- \b\d+(?:ns|ms|s|min|h|d)
2 changes: 1 addition & 1 deletion docs/styles/Microsoft/Contractions.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ swap:

should not: shouldn't

'that is(?!\.)': that's
"that is(?![.,])": that's
'that''s(?=\.)': that is

'they are(?!\.)': they're
Expand Down
3 changes: 2 additions & 1 deletion docs/styles/Microsoft/Foreign.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,5 @@ action:
swap:
'\b(?:eg|e\.g\.)[\s,]': for example
'\b(?:ie|i\.e\.)[\s,]': that is

'\b(?:viz\.)[\s,]': namely
'\b(?:ergo)[\s,]': therefore
7 changes: 7 additions & 0 deletions docs/styles/Microsoft/Plurals.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
extends: existence
message: "Don't add '%s' to a singular noun. Use plural instead."
ignorecase: true
level: error
link: https://learn.microsoft.com/en-us/style-guide/a-z-word-list-term-collections/s/s-es
raw:
- '\(s\)|\(es\)'
10 changes: 4 additions & 6 deletions docs/styles/Microsoft/Terms.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
extends: substitution
message: "Prefer '%s' over '%s'."
# term preference should be based on microsoft style guide, such as
link: https://learn.microsoft.com/en-us/style-guide/a-z-word-list-term-collections/a/adapter
level: warning
ignorecase: true
action:
Expand All @@ -24,10 +26,8 @@ swap:
anti-spyware: antispyware
anti-virus: antivirus
appendixes: appendices
artificial intelligence: artificial intelligence
assembler: assembly language
bpp: bpp
bps: bps
artificial intelligence: AI
'(?:assembler|machine language)': assembly language
caap: CaaP
conversation-as-a-platform: conversation as a platform
eb: EB
Expand All @@ -39,5 +39,3 @@ swap:
pb: PB
tb: TB
zb: ZB
viz: namely
ergo: therefore
Original file line number Diff line number Diff line change
@@ -1,20 +1,14 @@
Alibaba
attestable
cgo
[Cc]loud
cloud
collateral
debuggable
dereference
env
libc
MarbleRun
marblerun
OCALL
SignerID
signerid
syscall
tmpfs
uncomment
UniqueID
uniqueid
untrusted
Wasmer
2 changes: 1 addition & 1 deletion ego/ego/cmd/marblerun.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ func newMarblerunCmd() *cobra.Command {
Short: "Run a signed executable as a MarbleRun Marble",
Long: `Run a signed executable as a MarbleRun Marble.
Requires a running MarbleRun Coordinator instance.
Environment variables are only readable from within the enclave if they start with "EDG_" and
Environment variables are only readable from within the enclave if they start with ` + "`EDG_`" + ` and
will be extended/overwritten with the ones specified in the manifest.

Requires the following configuration environment variables:
Expand Down
Loading