linux-azure: Update SGX version and udev rules

Bug #1867820 reported by Marcelo Cerri on 2020-03-17
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Status tracked in Focal
Trusty
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned
linux-base (Ubuntu)
Status tracked in Focal
Trusty
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned

Bug Description

[Impact]

We will use the official Intel's DCAP git repository to keep SGX up-to-date. We need to update the driver included to the linux-azure kernels to the version located at:

https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/LD_1.22/driver/linux

Including the provided udev rules.

[Test Case]

The driver should continue to work normally. The main difference should be the permissions and groups for the /dev/sgx (0666) and /dev/sgx_prv (0660 with sgx_prc group).

[Regression Potential]

The regression potential is low since the functional changes are not meaningful and the permissions are less restrictive.

Marcelo Cerri (mhcerri) on 2020-03-17
Changed in linux-azure (Ubuntu Trusty):
status: New → Invalid
no longer affects: linux-azure (Ubuntu Disco)
no longer affects: linux-base (Ubuntu Disco)
Changed in linux-azure (Ubuntu Bionic):
status: New → In Progress
Changed in linux-base (Ubuntu Bionic):
status: New → In Progress
Marcelo Cerri (mhcerri) wrote :
Marcelo Cerri (mhcerri) wrote :
tags: added: patch
Timo Aaltonen (tjaalton) wrote :

linux-base should be rebased with latest archive version (is at 4.5ubuntu2 now), and the version fixed for the backports

Timo Aaltonen (tjaalton) wrote :

I mean for eoan/focal it needs to be rebased, bionic would use 4.5ubuntu1.1, eoan 4.5ubuntu2.1..

Marcelo Cerri (mhcerri) wrote :

Linux

Marcelo Cerri (mhcerri) wrote :

Hello Marcelo, or anyone else affected,

Accepted linux-base into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in linux-base (Ubuntu Eoan):
status: New → Fix Committed
Changed in linux-base (Ubuntu Bionic):
status: In Progress → Fix Committed
Andy Whitcroft (apw) wrote :

Hello Marcelo, or anyone else affected,

Accepted linux-base into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-base - 4.5ubuntu3

---------------
linux-base (4.5ubuntu3) focal; urgency=medium

  * Add linux-base-sgx package with SGX udev rules (LP: #1867820).

 -- Timo Aaltonen <email address hidden> Wed, 18 Mar 2020 13:05:24 +0200

Changed in linux-base (Ubuntu Focal):
status: New → Fix Released
Andy Whitcroft (apw) wrote :

Hello Marcelo, or anyone else affected,

Accepted linux-base into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu1.1~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in linux-base (Ubuntu Xenial):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 5.3.0-1016.17

---------------
linux-azure (5.3.0-1016.17) eoan; urgency=medium

  * eoan/linux-azure: 5.3.0-1016.17 -proposed tracker (LP: #1867852)

  * linux-azure: Update SGX version and udev rules (LP: #1867820)
    - SAUCE: linux-azure: Update SGX to version LD_1.22
    - [Packaging] linux-azure: Add dependency to linux-base-sgx

 -- Marcelo Henrique Cerri <email address hidden> Wed, 18 Mar 2020 13:51:06 -0300

Changed in linux-azure (Ubuntu Eoan):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 5.0.0-1035.37

---------------
linux-azure (5.0.0-1035.37) bionic; urgency=medium

  * bionic/linux-azure: 5.0.0-1035.37 -proposed tracker (LP: #1867856)

  * linux-azure: Update SGX version and udev rules (LP: #1867820)
    - SAUCE: linux-azure: Update SGX to version LD_1.22
    - [Packaging] linux-azure: Add dependency to linux-base-sgx

 -- Marcelo Henrique Cerri <email address hidden> Wed, 18 Mar 2020 00:38:02 -0300

Changed in linux-azure (Ubuntu Bionic):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 4.15.0-1075.80

---------------
linux-azure (4.15.0-1075.80) xenial; urgency=medium

  * xenial/linux-azure: 4.15.0-1075.80 -proposed tracker (LP: #1867860)

  * linux-azure: Update SGX version and udev rules (LP: #1867820)
    - SAUCE: linux-azure: Update SGX to version LD_1.22
    - [Packaging] linux-azure: Add dependency to linux-base-sgx

 -- Marcelo Henrique Cerri <email address hidden> Wed, 18 Mar 2020 09:06:32 -0300

Changed in linux-azure (Ubuntu Xenial):
status: New → Fix Released
Marcelo Cerri (mhcerri) on 2020-03-24
Changed in linux-base (Ubuntu Trusty):
status: New → Invalid
Marcelo Cerri (mhcerri) wrote :

I already tested the following linux-base versions with linux-azure on an ACC instance:

- xenial: 4.5ubuntu1.1~16.04.1
- bionic: 4.5ubuntu1.1
- eoan: 4.5ubuntu2.1

ACC instances can be created via:

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoft-azure-compute.confidentialcompute?tab=Overview

tags: added: verification-done verification-done-bionic verification-done-eoan verification-done-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-base - 4.5ubuntu2.1

---------------
linux-base (4.5ubuntu2.1) eoan; urgency=medium

  * Add linux-base-sgx package with SGX udev rules (LP: #1867820).

 -- Timo Aaltonen <email address hidden> Wed, 18 Mar 2020 13:05:24 +0200

Changed in linux-base (Ubuntu Eoan):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-base - 4.5ubuntu1.1

---------------
linux-base (4.5ubuntu1.1) bionic; urgency=medium

  * Add linux-base-sgx package with SGX udev rules (LP: #1867820).

 -- Marcelo Henrique Cerri <email address hidden> Tue, 17 Mar 2020 16:17:43 -0300

Changed in linux-base (Ubuntu Bionic):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-base - 4.5ubuntu1.1~16.04.1

---------------
linux-base (4.5ubuntu1.1~16.04.1) xenial; urgency=medium

  * Add linux-base-sgx package with SGX udev rules (LP: #1867820).

 -- Marcelo Henrique Cerri <email address hidden> Wed, 18 Mar 2020 08:32:20 -0300

Changed in linux-base (Ubuntu Xenial):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers