Michał Kowalczyk
e587869e13
Supporting these options complicates the design of Graphene and loading
logic significantly, providing little useful functionality:
- loader.exec:
- the main user of it were our tests
- worked only for the first process spawned inside Graphene, as it
was a unidirectional manifest->binary mapping, so the child
process didn't know about the corresponding manifest.
- sgx.sigfile:
- probably all existing usages of it were completely redundant
- was resolved relatively to CWD instead of the executable location,
which made it mostly useless
From now on, the correct location of the files is:
- either place the manifest and sigfile next to the binary, with a
matching name, or
- create a symlink to the binary in the folder where manifests are
stored and launch it through this symlink
Apache
This directory contains the Makefile and the template manifest for the most recent version of Apache web server (as of this writing, version 2.4.41). This was tested on a machine with SGX v1 and Ubuntu 16.04.
The Makefile and the template manifest contain extensive comments. Please review them to understand the requirements for Apache running under Graphene-SGX.
We build Apache from the source code instead of using an existing installation. On Ubuntu 16.04, please make sure that the following packages are installed:
sudo apt-get install -y build-essential flex libapr1-dev libaprutil1-dev libpcre2-dev \
apache2-utils libssl-dev
Quick Start
# build Apache and the final manifest
make SGX=1
# run original Apache against HTTP and HTTPS benchmarks (benchmark-http.sh, uses ab)
make start-native-server &
./benchmark-http.sh 127.0.0.1:8001
./benchmark-http.sh https://127.0.0.1:8443
kill -SIGINT %%
# run Apache in non-SGX Graphene against HTTP and HTTPS benchmarks
make start-graphene-server &
./benchmark-http.sh 127.0.0.1:8001
./benchmark-http.sh https://127.0.0.1:8443
kill -SIGINT %%
# run Apache in Graphene-SGX against HTTP and HTTPS benchmarks
SGX=1 make start-graphene-server &
./benchmark-http.sh 127.0.0.1:8001
./benchmark-http.sh https://127.0.0.1:8443
kill -SIGINT %%
# you can also test the server using other utilities like wget
wget http://127.0.0.1:8001/random/10K.1.html
wget https://127.0.0.1:8443/random/10K.1.html
Running Apache with Different MPMs
The Apache server can run with several different multi-processing modules (MPMs). The two popular ones are Prefork and Worker MPMs. The Prefork MPM uses multiple child processes with one thread each, and each process handles one connection at a time. The Worker MPM uses multiple child processes with many threads each, and each thread handles one connection at a time.
The supplied Makefile allows to run Apache in both configurations:
make start-native-server # run with Prefork MPM
make start-graphene-server # run with Prefork MPM
make start-native-multithreaded-server # run with Worker MPM
make start-graphene-multithreaded-server # run with Worker MPM