confidential-containers · jyao1 · Sep 1, 2023 · Aug 30, 2023 · Aug 30, 2023 · Aug 30, 2023
diff --git a/.github/workflows/devtools.yml b/.github/workflows/devtools.yml
@@ -12,7 +12,7 @@ name: Devtools
 env:
   AS: nasm
   STABLE_RUST_TOOLCHAIN: 1.66.0
-  NIGHTLY_RUST_TOOLCHAIN: nightly-2022-11-15
+  NIGHTLY_RUST_TOOLCHAIN: nightly-2023-08-28
   TOOLCHAIN_PROFILE: minimal
 
 jobs:

diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
@@ -31,7 +31,7 @@ jobs:
         uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: nightly-2022-11-15
+          toolchain: nightly-2023-08-28
           override: true
           components: clippy
 
@@ -65,7 +65,7 @@ jobs:
         uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: nightly-2022-11-15
+          toolchain: nightly-2023-08-28
           override: true
           components: rustfmt
 

diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
@@ -13,7 +13,7 @@ env:
   AS: nasm
   AR_x86_64_unknown_none: llvm-ar
   CC_x86_64_unknown_none: clang
-  RUST_TOOLCHAIN: nightly-2022-11-15
+  RUST_TOOLCHAIN: nightly-2023-08-28
   TOOLCHAIN_PROFILE: minimal
 
 jobs:
@@ -50,7 +50,7 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: install
-          args: afl
+          args: cargo-afl
         if: runner.os == 'Linux'
 
       - name: Install Cargo-Fuzz (Linux)

diff --git a/.github/workflows/integration-tdx.yml b/.github/workflows/integration-tdx.yml
@@ -11,7 +11,7 @@ name: Integration Test on TDX Server
 
 env:
   AS: nasm
-  RUST_TOOLCHAIN: nightly-2022-11-15
+  RUST_TOOLCHAIN: nightly-2023-08-28
   TOOLCHAIN_PROFILE: minimal
 
 jobs:
@@ -60,7 +60,8 @@ jobs:
           bash sh_script/integration_tdx.sh -c 2 -m 4G -f target/release/final-boot-kernel.bin
           bash sh_script/integration_tdx.sh -c 4 -m 8G -f target/release/final-boot-kernel.bin
           bash sh_script/integration_tdx.sh -c 8 -m 16G -f target/release/final-boot-kernel.bin
-          bash sh_script/integration_tdx.sh -c 16 -m 32G -f target/release/final-boot-kernel.bin
+          bash sh_script/integration_tdx.sh -c 16 -m 16G -f target/release/final-boot-kernel.bin
+          # bash sh_script/integration_tdx.sh -c 16 -m 32G -f target/release/final-boot-kernel.bin
 
       - name: Build ELF format payload with test TD payload
         run: bash sh_script/build_final.sh elf_test

diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -11,7 +11,7 @@ name: Integration Test
 
 env:
   AS: nasm
-  RUST_TOOLCHAIN: nightly-2022-11-15
+  RUST_TOOLCHAIN: nightly-2023-08-28
   TOOLCHAIN_PROFILE: minimal
 
 jobs:

diff --git a/.github/workflows/library.yml b/.github/workflows/library.yml
@@ -12,7 +12,7 @@ name: Library Crates
 env:
   AS: nasm
   STABLE_RUST_TOOLCHAIN: 1.66.0
-  NIGHTLY_RUST_TOOLCHAIN: nightly-2022-11-15
+  NIGHTLY_RUST_TOOLCHAIN: nightly-2023-08-28
   TOOLCHAIN_PROFILE: minimal
 
 jobs:

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -15,7 +15,7 @@ env:
   CC_x86_64_unknown_linux_gnu: clang
   AR_x86_64_unknown_none: llvm-ar
   CC_x86_64_unknown_none: clang
-  RUST_TOOLCHAIN: nightly-2022-11-15
+  RUST_TOOLCHAIN: nightly-2023-08-28
   TOOLCHAIN_PROFILE: minimal
 
 jobs:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -2,7 +2,7 @@ name: Release TD-shim
 on: create
 
 env:
-  RUST_TOOLCHAIN: nightly-2022-11-15
+  RUST_TOOLCHAIN: nightly-2023-08-28
   TOOLCHAIN_PROFILE: minimal
 
 jobs:

diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 export CARGO=cargo
 export STABLE_TOOLCHAIN:=1.66.0
-export NIGHTLY_TOOLCHAIN:=nightly-2022-11-15
+export NIGHTLY_TOOLCHAIN:=nightly-2023-08-28
 export BUILD_TYPE:=release
 export PREFIX:=/usr/local
 

diff --git a/README.md b/README.md
@@ -57,7 +57,7 @@ The threat model analysis is at [td-shim threat model](doc/threat_model.md).
 
 1. Install [RUST](https://www.rust-lang.org/)
 
-please use nightly-2022-11-15.
+please use nightly-2023-08-28.
 
 NOTE: We need install nightly version because we use cargo-xbuild.
 

diff --git a/devtools/dev_container/Dockerfile b/devtools/dev_container/Dockerfile
@@ -17,7 +17,7 @@ RUN apt-get update && \
     && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # Install rustup and a fixed version of Rust.
-RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain nightly-2022-11-15
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain nightly-2023-08-28
 RUN rustup toolchain install 1.66.0
 RUN rustup component add rust-src
 RUN rustup component add llvm-tools-preview
@@ -27,7 +27,7 @@ RUN cargo install cargo-xbuild
 # Install fuzzing tools
 # The rust version used now is nightly-2021-08-20, the latest cargo-fuzz needs to be upgraded to the rust version, and nightly-2021-08-20 can use cargo-fuzz 0.10.2 . 
 # For more information, please see doc/fuzzing.md.
-RUN cargo install afl
+RUN cargo install cargo-afl
 RUN cargo install cargo-fuzz --version 0.10.2
 
 # Install rudra

diff --git a/doc/fuzzing.md b/doc/fuzzing.md
@@ -14,11 +14,11 @@ American fuzzy lop (AFL) is a popular, effective, and modern fuzz testing tool.
 
 Afl.rs works on x86-64 Linux and x86-64 macOS.
 
-`$ cargo install afl`
+`$ cargo install cargo-afl`
 
 ### Upgrading
 
-`$ cargo install --force afl`
+`$ cargo install --force cargo-afl`
 
 ## Provide starting inputs
 

diff --git a/doc/static_analyzer.md b/doc/static_analyzer.md
@@ -5,7 +5,7 @@
 rudra description:
  > Rudra is tied to a specific Rust compiler version, and it can only analyze projects that compiles with this version of the compiler. master branch uses nightly-2021-08-20 version of Rust right now. 
 
-**The current rust version is nightly-2022-11-15, so now rudra can not run.**
+**The current rust version is nightly-2023-08-28, so now rudra can not run.**
 
 
 [rudra](https://github.com/sslab-gatech/Rudra) is a tool for Rust Memory Safety & Undefined Behavior Detection.

diff --git a/rust-toolchain b/rust-toolchain
@@ -1 +1 @@
-nightly-2022-11-15
+nightly-2023-08-28
diff --git a/sh_script/integration_tdx.sh b/sh_script/integration_tdx.sh
@@ -12,7 +12,7 @@ nohup_logfile="${temp_dir}/nohup.log"
 guest_image="/home/env/guest_img/td-guest.raw"
 kernel="/home/env/kernel_img/vmlinuz"
 cloud_hypervisor_tdx_path="/home/env/cloud-hypervisor/target/release/cloud-hypervisor"
-qemu_tdx_path="/usr/libexec/qemu-kvm"
+qemu_tdx_path="/usr/local/bin/qemu-system-x86_64"
 
 firmware=""
 type="pe"
@@ -112,12 +112,13 @@ check_result()  {
 
 launch_td_os() {
     echo "-- launch td os"
-    local time_out=60
+    local time_out=120
     local key_str1="login:"
     local key_str2="Guest initialized"
 
     nohup ${cloud_hypervisor_tdx_path} -v \
-                                       --tdx firmware=${firmware} \
+                                       --platform tdx=on \
+                                       --firmware ${firmware} \
                                        --memory size=${memory} \
                                        --cpus boot=${cpus} \
                                        --kernel ${kernel} \
@@ -138,17 +139,18 @@ launch_td_os() {
 
 launch_td_test_payload() {
     echo "-- launch td test payload"
-    local time_out=10
+    local time_out=120
     local key_str="0 failed"
 
     nohup ${qemu_tdx_path} -accel kvm \
         -name process=rust-td,debug-threads=on \
         -smp ${cpus},sockets=${cpus} \
         -object tdx-guest,id=tdx,debug=on \
-        -machine q35,kvm-type=tdx,pic=no,kernel_irqchip=split,confidential-guest-support=tdx \
+        -object memory-backend-memfd-private,id=ram1,size=${memory} \
+        -machine q35,memory-backend=ram1,kernel_irqchip=split,confidential-guest-support=tdx \
         -no-hpet \
         -cpu host,pmu=off,-kvm-steal-time \
-        -device loader,file=${firmware},id=fd0 \
+        -bios ${firmware} \
         -m ${memory} -nographic -vga none \
         -chardev stdio,id=mux,mux=on,signal=off \
         -device virtio-serial,romfile= \
@@ -169,17 +171,18 @@ launch_td_test_payload() {
 
 test_secure_boot() {
     echo "-- secure boot test"
-    local time_out=10
+    local time_out=120
     local key_str="Starting td-payload hob"
 
     nohup ${qemu_tdx_path} -accel kvm \
         -name process=rust-td,debug-threads=on \
         -smp ${cpus},sockets=${cpus} \
         -object tdx-guest,id=tdx,debug=on \
-        -machine q35,kvm-type=tdx,pic=no,kernel_irqchip=split,confidential-guest-support=tdx \
+        -object memory-backend-memfd-private,id=ram1,size=${memory} \
+        -machine q35,memory-backend=ram1,kernel_irqchip=split,confidential-guest-support=tdx \
         -no-hpet \
         -cpu host,pmu=off,-kvm-steal-time \
-        -device loader,file=${firmware},id=fd0 \
+        -bios ${firmware} \
         -m ${memory} -nographic -vga none \
         -chardev stdio,id=mux,mux=on,signal=off \
         -device virtio-serial,romfile= \