Implement support for Intel SGX

Notice(queuebot): Unapproved: linux-base (hirsute-proposed/main) [4.5ubuntu5.2 => 4.5ubuntu5.3]

Notice(queuebot): Unapproved: linux-base (focal-proposed/main) [4.5ubuntu3.5 => 4.5ubuntu3.6]

This bug was fixed in the package linux-base - 4.5ubuntu9

---------------
linux-base (4.5ubuntu9) impish; urgency=medium

  [ Tim Gardner ]
  * Add SGX support for Linux >= v5.11 (LP: #1932582)
    - Added a udev rule for v5.11 SGX device names,

  [ Tim Gardner & Dimitri John Ledkov ]
    - Add /etc/profile.d/linux-base-sgx.sh and
    /usr/lib/systemd/system-environment-generators/linux-base-sgx to
    export environmental variable for out-of-process attestation by
    default for: tty login sessions; ssh login sessions; systemd
    user services; systemd system services.

 -- Tim Gardner <email address hidden> Tue, 22 Jun 2021 07:38:37 -0600

Okay, I don't see any regression potential noted in the bug, but I also see that the change is rather safe in its own way so... let's get this accepted.

Hello Tim, or anyone else affected,

Accepted linux-base into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu5.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Tim, or anyone else affected,

Accepted linux-base into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu3.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted linux-base (4.5ubuntu3.6) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

linux-oem-5.10/5.10.0-1035.36 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#linux-base

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

1) Booted focal VM, installed linux-azure-edge (v5.11) based kernel, which installed linux-base-sgx as a dependency from -updates

$ dpkg-query -W linux-base-sgx
linux-base-sgx 4.5ubuntu3.5

No SGX variables present in env

2) Enabled proposed, and installed linux-base-sgx from proposed

$ dpkg-query -W linux-base-sgx
linux-base-sgx 4.5ubuntu3.6

Logged in via ttyS0:
ubuntu@cloudimg:~$ env | grep SGX
SGX_AESM_ADDR=1
ubuntu@cloudimg:~$ systemctl --user show-environment | grep SGX
SGX_AESM_ADDR=1
ubuntu@cloudimg:~$ systemctl --system show-environment | grep SGX
SGX_AESM_ADDR=1

Logged in via ssh
ubuntu@cloudimg:~$ ssh ubuntu@192.168.122.37
ubuntu@192.168.122.37's password:
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.11.0-1007-azure x86_64)
...
Last login: Mon Jul 5 13:38:22 2021 from 192.168.122.1
ubuntu@cloudimg:~$ env | grep SGX
SGX_AESM_ADDR=1

@ubuntu-sru-bot

Regresssions were retried, and have now been cleared.

1) Booted hirsute VM, installed linux-azure (v5.11) based kernel, which installed linux-base-sgx as a dependency, and rebooted

$ dpkg-query -W linux-base-sgx
linux-base-sgx 4.5ubuntu5.2

rebooted and no sgx variables were present.

2) installed linux-base-sgx from proposed

ubuntu@cloudimg:~$ dpkg-query -W linux-base-sgx
linux-base-sgx 4.5ubuntu5.3

And rebooted

Logged in via ttyS0

Last login: Mon Jul 5 14:08:10 UTC 2021 on ttyS0
ubuntu@cloudimg:~$ env | grep SGX
SGX_AESM_ADDR=1
ubuntu@cloudimg:~$ systemctl --user show-environment | grep SGX
SGX_AESM_ADDR=1
ubuntu@cloudimg:~$ systemctl --system show-environment | grep SGX
SGX_AESM_ADDR=1
ubuntu@cloudimg:~$ ssh ubuntu@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:LrAhr9h2R3VjerwIMLnzTl9QmzmAvu9J47/SYyiXgIo.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
ubuntu@localhost's password:
Welcome to Ubuntu 21.04 (GNU/Linux 5.11.0-1009-azure x86_64)
..
36 updates can be applied immediately.
To see these additional updates run: apt list --upgradable

Last login: Mon Jul 5 14:15:34 2021
ubuntu@cloudimg:~$ env | grep SGX
SGX_AESM_ADDR=1

The verification of the Stable Release Update for linux-base has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package linux-base - 4.5ubuntu5.3

---------------
linux-base (4.5ubuntu5.3) hirsute; urgency=medium

  [ Tim Gardner ]
  * Add SGX support for Linux >= v5.11 (LP: #1932582)
    - Added a udev rule for v5.11 SGX device names,

  [ Tim Gardner & Dimitri John Ledkov ]
    - Add /etc/profile.d/linux-base-sgx.sh and
    /usr/lib/systemd/system-environment-generators/linux-base-sgx to
    export environmental variable for out-of-process attestation by
    default for: tty login sessions; ssh login sessions; systemd
    user services; systemd system services.

 -- Dimitri John Ledkov <email address hidden> Wed, 23 Jun 2021 16:29:18 +0100

This bug was fixed in the package linux-base - 4.5ubuntu3.6

---------------
linux-base (4.5ubuntu3.6) focal; urgency=medium

  [ Tim Gardner ]
  * Add SGX support for Linux >= v5.11 (LP: #1932582)
    - Added a udev rule for v5.11 SGX device names,

  [ Tim Gardner & Dimitri John Ledkov ]
    - Add /etc/profile.d/linux-base-sgx.sh and
    /usr/lib/systemd/system-environment-generators/linux-base-sgx to
    export environmental variable for out-of-process attestation by
    default for: tty login sessions; ssh login sessions; systemd
    user services; systemd system services.

 -- Dimitri John Ledkov <email address hidden> Wed, 23 Jun 2021 16:39:54 +0100