Fix to use the latest Islet SDK

[bitboom]

This PR addresses build errors in the Islet SDK. (Fixed #244)

Issues and Resolutions:

1. Issue: Compatibility issues due to the upgrade of a third-party library used by the Islet SDK.
   Fixing: Upgraded to a compatible version and enforced explicit versioning to prevent automatic upgrades of the third-party library. (Add Cargo.lock for dependency consistency islet-project/islet#315)

2. Issue: Upgrade of the MRENCLAVE value for the simulated version of Islet SDK targeting x86_64.
   Fixing: Updated to the upgraded value and added comments on how to obtain it. Although a shell script should ideally be written to fetch the actual value systematically, frequent changes are not anticipated, so only a description has been added for now.

[gapisback]

Thanks for pulling this forward, @bitboom !

I see that CI tests ran clean with your 1st commit, but then when you tried to re-enable the failing (previously commented) ISLET build-and-test tests, they failed in this build.

I took a quick look and the failiure is here:

 /home/runner/work/certifier-framework-for-confidential-computing/certifier-framework-for-confidential-computing/sample_apps/simple_app_under_islet/islet_example_app.exe --data_dir=./app2_data/ --operation=get-certified --measurement_file=example_app.measurement --policy_store_file=policy_store '' '' --print_all=true
Simulated attestation operation on x86_64.
certify_domain():1735: enclave_type_ = 'islet-enclave', purpose_ = 'authentication'
islet_Attest(): rv=0
certify_domain() error, line: 2024, Certification failed, status='failed'

Response:
Status                 :  failed
++ cleanup
Requesting enclave     :  requesting-enclave
++ set +x
Providing  enclave     :  providing-enclave
certify_primary_domain() error, line 1477, can't certify primary domain
main() error, line 447, certification failed
run_example.sh: Failed command, "$@", at line 626 ./run_example.sh while executing function run_app_by_name_as_server_talk_to_Cert_Service
cleanup.sh: Cleanup stale processes (parent_pid=17455) ...

It was not immediately obvious to me if this is a failure due to (a) Islet-APIs changing or (b) if it's an error with driver run_example.sh script.

If it is (b), let me know. I can look at it later.

I was hoping to get the previous PR #243 integrated first, where failing tests are commented out. Then, you can layer your fix on top of that. Am waiting for Ye & you to sign-off on my PR which basically comments out failing tests.

[bitboom]

It was not immediately obvious to me if this is a failure due to (a) Islet-APIs changing or (b) if it's an error with driver run_example.sh script.

It is assumed that there might be a problem with the openssl certificate depending on the environment.

Because Islet API was successful on CI and my environment too.

islet_Attest(): rv=0

The certificate error did not occur in my environment but occurred in the CI as you said.

run_example.sh: simple_app_under_islet: Running run_app_by_name_as_client_make_trusted_request

Running App as client
Client peer id is Measured-6190eb90b293886c172ec644dafb7e33ee2cea6541abe15300d96380df525bf9
SSL client read: Hi from your secret server
`

[gapisback]

Hi, @bitboom,

Re: It is assumed that there might be a problem with the openssl certificate depending on the environment.

... The CI build.yml is doing standard install of openssl libraries:

 17     - name: dependencies
 18       run: |
 19         sudo apt update -y
 20         sudo apt install -y clang-format-11 libgtest-dev libgflags-dev openssl libssl-dev protobuf-compiler proto    c-gen-go golang-go cmake

We will need to debug this in CI's env and on your machine, to compare the OpenSSL library versions.

That is a bit of painful effort.

What you will need to do is to edit out all the test-methods (after install) in .github/workflows/build.yml and just keep this these test-methods active.

Check-in this to your dev-branch so that the CI-roundtrip is shortened to just this set of ISLET related failing test-methods.

155     #! -------------------------------------------------------------------------
156     - name: test-ISLET-SDK-shim_test
157       run: |
158         ./CI/scripts/test.sh test-ISLET-SDK-shim_test
159
160     #! -------------------------------------------------------------------------
161     - name: test-run_example-simple_app_under_islet-using-shim

And add some commands in the name: dependencies step to report the openssl version.

I don't know what / how to report the OpenSSL version string. But if you can add that, we can compare the version string that CI installs v/s what's on your dev-box.

Once we find out what the differences are ... we can tweak the sudo apt install openssl command to specify a particular version string.

I think this troubleshooting / debugging will be a slow exercise.

I'll leave it up to you to figure out if this is the best way to troubleshoot, or you have any better ideas to figure out what the OpenSSL version issue is (or might be).

[gapisback]

Thanks for getting this clean-up done, @bitboom .

Summary seems to be that the failures are not related to Ubuntu latest v22.xx upgrade but something else related to build / infra-config around Islet.

For future reference, I suggest you please explain the source of the failure and the fix, and point out in your commit message this is not an Ubuntu-upgrade related issue.

[gapisback]

@bitboom -- This Islet-cleanup change is good. You can go in first, if you wish ... but you won't be able to merge as the simulated-SEV related tests are still failing.

But my PR #243 is still waiting for approval from @yelvmw .

I will need to check-in above PR before you can merge. Ye said he will finish the review by today.

Let's wait.

[gapisback]

@bitboom -- I just merged the PR #243 which comments out failing test-cases.

You should now be able to integrate your work to re-enable ISLET-related failing tests. FYI.

[jinbpark]

Nice work, @bitboom !