WIP: Tyche support

CI-Examples/blender/blender.manifest.tyche

@@ -0,0 +1,83 @@
+[libos]
+entrypoint = "/blender/blender"
+
+[loader]
+log_level = "error"
+insecure__use_cmdline_argv = true
+
+[loader.env]
+LD_LIBRARY_PATH = "/gramine_lib:/blender_lib:/usr//lib/x86_64-linux-gnu:/lib/x86_64-linux-gnu"
+HOME = "/home/user"
+PWD = ""
+
+[loader.entrypoint]
+uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/libsysdb.so"
+sha256 = "ed66fe85361c8dc5f83540f91fc5c1ba867e7e8c07a1fc6d81b598799e41b34b"
+
+[[fs.mounts]]
+path = "/gramine_lib"
+uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/runtime/glibc"
+
+[[fs.mounts]]
+path = "/blender_lib"
+uri = "file:/home/dev/Documents/gramine/CI-Examples/blender/blender_dir/lib"
+
+[[fs.mounts]]
+path = "/lib/x86_64-linux-gnu"
+uri = "file:/lib/x86_64-linux-gnu"
+
+[[fs.mounts]]
+path = "/usr//lib/x86_64-linux-gnu"
+uri = "file:/usr//lib/x86_64-linux-gnu"
+
+[[fs.mounts]]
+path = "/data"
+uri = "file:/home/dev/Documents/gramine/CI-Examples/blender/data"
+
+[[fs.mounts]]
+path = "/blender"
+uri = "file:/home/dev/Documents/gramine/CI-Examples/blender/blender_dir"
+
+[sgx]
+debug = true
+edmm_enable = false
+enclave_size = "2048M"
+max_threads = 64
+allowed_files = [
+    "file:/home/dev/Documents/gramine/CI-Examples/blender/blender_dir/2.82/",
+    "file:/home/dev/Documents/gramine/CI-Examples/blender/data/scenes/",
+    "file:/home/dev/Documents/gramine/CI-Examples/blender/data/images/",
+]
+isvprodid = 0
+isvsvn = 0
+remote_attestation = "none"
+enable_stats = false
+use_exinfo = false
+
+[[sgx.trusted_files]]
+uri = "file:/home/dev/Documents/gramine/CI-Examples/blender/blender_dir/blender"
+
+[[sgx.trusted_files]]
+uri = "file:/home/dev/Documents/gramine/CI-Examples/blender/blender_dir/lib/"
+
+[[sgx.trusted_files]]
+uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/runtime/glibc/"
+
+[[sgx.trusted_files]]
+uri = "file:/lib/x86_64-linux-gnu/"
+
+[[sgx.trusted_files]]
+uri = "file:/usr//lib/x86_64-linux-gnu/"
+
+[[sgx.trusted_files]]
+uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/libsysdb.so"
+
+[sgx.cpu_features]
+avx = "unspecified"
+avx512 = "unspecified"
+amx = "unspecified"
+mpx = "disabled"
+pkru = "disabled"
+
+[sys.stack]
+size = "8M"

CI-Examples/hellocpp/.gitignore

@@ -0,0 +1,3 @@
+/helloworld
+/*.o
+/OUTPUT

CI-Examples/hellocpp/Makefile

@@ -0,0 +1,70 @@
+# Copyright (C) 2023 Gramine contributors
+# SPDX-License-Identifier: BSD-3-Clause
+
+CFLAGS = -Wall -Wextra
+
+ifeq ($(DEBUG),1)
+GRAMINE_LOG_LEVEL = debug
+CFLAGS += -g
+else
+GRAMINE_LOG_LEVEL = error
+CFLAGS += -O3
+endif
+
+.PHONY: all
+all: helloworld helloworld.manifest
+ifeq ($(SGX),1)
+all: helloworld.manifest.sgx helloworld.sig
+endif
+
+helloworld:
+	g++ -o helloworld hellowrold.cpp
+
+
+helloworld.manifest: helloworld.manifest.template
+	gramine-manifest \
+		-Dlog_level=$(GRAMINE_LOG_LEVEL) \
+		$< $@
+	gramine-manifest-check $@
+
+# gramine-sgx-sign generates both a .sig file and a .manifest.sgx file. This is somewhat
+# hard to express properly in Make. The simple solution would be to use
+# "Rules with Grouped Targets" (`&:`), however make on Ubuntu <= 20.04 doesn't support it.
+#
+# Simply using a normal rule with "two targets" is equivalent to creating separate rules
+# for each of the targets, and when using `make -j`, this might cause two instances
+# of gramine-sgx-sign to get launched simultaneously, potentially breaking the build.
+#
+# As a workaround, we use a dummy intermediate target, and mark both files as depending on it, to
+# get the dependency graph we want. We mark this dummy target as .INTERMEDIATE, which means
+# that make will consider the source tree up-to-date even if the sgx_sign file doesn't exist,
+# as long as the other dependencies check out. This is in contrast to .PHONY, which would
+# be rebuilt on every invocation of make.
+helloworld.sig helloworld.manifest.sgx: sgx_sign
+	@:
+
+.INTERMEDIATE: sgx_sign
+sgx_sign: helloworld.manifest helloworld
+	gramine-sgx-sign \
+		--manifest $< \
+		--output $<.sgx
+	gramine-manifest-check $<.sgx
+
+ifeq ($(SGX),)
+GRAMINE = gramine-direct
+else
+GRAMINE = gramine-sgx
+endif
+
+.PHONY: check
+check: all
+	$(GRAMINE) helloworld > OUTPUT
+	echo "Hello, world" | diff OUTPUT -
+	@echo "[ Success ]"
+
+.PHONY: clean
+clean:
+	$(RM) *.token *.sig *.manifest.sgx *.manifest helloworld.o helloworld OUTPUT
+
+.PHONY: distclean
+distclean: clean

CI-Examples/hellocpp/README.md

@@ -0,0 +1,27 @@
+# Hello World
+
+This directory contains a Makefile and a manifest template for running a simple
+"Hello World" program in Gramine. It can be used as a sanity test for your
+Gramine installation.
+
+# Building
+
+## Building for Linux
+
+Run `make` (non-debug) or `make DEBUG=1` (debug) in the directory.
+
+## Building for SGX
+
+Run `make SGX=1` (non-debug) or `make SGX=1 DEBUG=1` (debug) in the directory.
+
+# Run Hello World with Gramine
+
+Without SGX:
+```sh
+gramine-direct helloworld
+```
+
+With SGX:
+```sh
+gramine-sgx helloworld
+```

CI-Examples/hellocpp/helloworld.cpp

@@ -0,0 +1,6 @@
+#include <iostream>
+
+int main(void) {
+    std::cout << "Hello from CPP" << std::endl;
+    return 0;
+}

CI-Examples/hellocpp/helloworld.manifest.template

@@ -0,0 +1,22 @@
+# Copyright (C) 2023 Gramine contributors
+# SPDX-License-Identifier: BSD-3-Clause
+
+# Hello World manifest file example
+
+libos.entrypoint = "/helloworld"
+loader.log_level = "{{ log_level }}"
+
+loader.env.LD_LIBRARY_PATH = "/lib"
+
+fs.mounts = [
+  { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
+  { path = "/helloworld", uri = "file:helloworld" },
+]
+
+sgx.debug = true
+sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
+
+sgx.trusted_files = [
+  "file:helloworld",
+  "file:{{ gramine.runtimedir() }}/",
+]

CI-Examples/hellocpp/helloworld.manifest.working

@@ -0,0 +1,45 @@
+[libos]
+entrypoint = "/helloworld"
+
+[loader]
+log_level = "error"
+
+[loader.env]
+LD_LIBRARY_PATH = "/lib:/"
+
+[loader.entrypoint]
+uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/libsysdb.so"
+sha256 = "ed66fe85361c8dc5f83540f91fc5c1ba867e7e8c07a1fc6d81b598799e41b34b"
+
+[fs]
+mounts = [
+    { path = "/lib", uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/runtime/glibc" },
+    { path = "/libstdc++.so.6", uri="file:/lib/x86_64-linux-gnu/libstdc++.so.6"},
+    { path = "/libgcc_s.so.1", uri = "file:/lib/x86_64-linux-gnu/libgcc_s.so.1"},
+    { path = "/helloworld", uri = "file:helloworld" },
+]
+
+[sgx]
+debug = true
+edmm_enable = false
+trusted_files = [
+    { uri = "file:helloworld" },
+    { uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/runtime/glibc/" },
+    { uri = "file:/lib/x86_64-linux-gnu/libstdc++.so.6"},
+    { uri = "file:/lib/x86_64-linux-gnu/libgcc_s.so.1"},
+    { uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/libsysdb.so" },
+]
+max_threads = 4
+isvprodid = 0
+isvsvn = 0
+remote_attestation = "none"
+enable_stats = false
+enclave_size = "256M"
+use_exinfo = false
+
+[sgx.cpu_features]
+avx = "unspecified"
+avx512 = "unspecified"
+amx = "unspecified"
+mpx = "disabled"
+pkru = "disabled"

CI-Examples/lighttpd/lighttpd.manifest.tyche

@@ -0,0 +1,58 @@
+[libos]
+entrypoint = "/lighttpd/sbin/lighttpd"
+
+[loader]
+log_level = "error"
+argv = [
+    "lighttpd",
+    "-D",
+    "-m",
+    "/lighttpd/lib",
+    "-f",
+    "lighttpd.conf",
+]
+
+[loader.env]
+LD_LIBRARY_PATH = "/lib:/lib/x86_64-linux-gnu:/lighttpd/lib"
+
+[loader.entrypoint]
+uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/libsysdb.so"
+sha256 = "ed66fe85361c8dc5f83540f91fc5c1ba867e7e8c07a1fc6d81b598799e41b34b"
+
+[sys]
+enable_sigterm_injection = true
+
+[fs]
+mounts = [
+    { path = "/lib", uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/runtime/glibc" },
+    { path = "/lib/x86_64-linux-gnu", uri = "file:/lib/x86_64-linux-gnu" },
+    { path = "/lighttpd", uri = "file:/lighttpd" },
+    { type = "tmpfs", path = "/var/tmp" },
+]
+
+[sgx]
+debug = true
+edmm_enable = false
+enclave_size = "256M"
+max_threads = 4
+trusted_files = [
+    { uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/runtime/glibc/" },
+    { uri = "file:/lighttpd/" },
+    { uri = "file:/lib/x86_64-linux-gnu/" },
+    { uri = "file:lighttpd.conf" },
+    { uri = "file:lighttpd-generic.conf" },
+    { uri = "file:lighttpd-server.conf" },
+    { uri = "file:/gramine-install/lib/x86_64-linux-gnu/gramine/libsysdb.so" },
+]
+isvprodid = 0
+isvsvn = 0
+remote_attestation = "none"
+enable_stats = false
+use_exinfo = false
+
+[sgx.cpu_features]
+avx = "unspecified"
+avx512 = "unspecified"
+amx = "unspecified"
+mpx = "disabled"
+pkru = "disabled"

CI-Examples/llama/.gitignore

@@ -0,0 +1,2 @@
+llama.cpp
+llama-cli

CI-Examples/llama/Makefile

@@ -0,0 +1,21 @@
+all: llama
+
+LLAMA_REPO = https://github.com/ggerganov/llama.cpp
+LLAMA_COMMIT = 90db8146d56d83a605f2c475eca39bcda29cf16d
+LLAMA_TARGET = llama.cpp
+LLAMA_TEMPLATE = llama-cli.manifest.template
+
+.PHONY: llama
+llama:
+	if [ ! -e $(LLAMA_TARGET) ]; then \
+		git clone $(LLAMA_REPO) $(LLAMA_TARGET) ; \
+		cd $(LLAMA_TARGET) && git checkout $(LLAMA_COMMIT) ; \
+	fi ;
+	make -C $(LLAMA_TARGET)
+	cp $(LLAMA_TARGET)/llama-cli .
+	cp $(LLAMA_TEMPLATE) llama-cli.manifest
+
+
+.PHONY: clean
+clean:
+	rm llama-cli llama-cli.manifest

CI-Examples/llama/README.md

@@ -0,0 +1,35 @@
+# LLama port to gramine (for Tyche)
+
+Do a `make`, it will clone llama-cpp here and checkout a commit I have worked with and tested.
+It will build llama.cpp and extract the binary we want (llama-cli).
+
+The make command also generate the necessary manifest (it's just a cp of the .template).
+I prefilled everything with the configuration that works.
+
+
+When running, use the following command:
+
+```
+/gramine/gramine-tyche llama-cli -m /llama-small.gguf --log-disable -n 100 -t 1 --no-mmap --ctx-size 256 --prompt "Your prompt goes here"
+```
+
+This will only output the model's reply.
+If you want to have the logging, remove the `--log-disable` variable.
+Llama will then output the token stats at the end of the computation.
+
+
+
+We expect gramine to be installed at `gramine` and your model to be at `/model/llama-small.gguf`.
+The model I used can be downloaded here:
+
+```
+https://huggingface.co/hugging-quants/Llama-3.2-1B-Instruct-Q4_K_M-GGUF/resolve/main/llama-3.2-1b-instruct-q4_k_m.gguf?download=true
+```
+
+The main page is here:
+
+```
+https://huggingface.co/hugging-quants/Llama-3.2-1B-Instruct-Q4_K_M-GGUF/tree/main
+```
+
+If you are running as part of `tyche-bench`, the justfile should take care of downloading the model for you and putting it inside the to-copy folder.