Replace Graphene with Gramine everywhere

This includes using `github.com/gramineproject/gramine` link and
changing executables from e.g. `graphene-sgx` to `gramine-sgx`.

The name "Graphene" was deemed too common, could be impossible to
trademark, and collided with several other software projects. Thus,
a new name "Gramine" was chosen.

Signed-off-by: Dmitrii Kuvaiskii <[email protected]>

apache/Makefile

@@ -12,17 +12,17 @@ HTTPD_MIRRORS ?= \
     https://www-us.apache.org/dist/httpd \
     https://ftp.fau.de/apache/httpd \
     https://archive.apache.org/dist/httpd \
-    https://packages.grapheneproject.io/distfiles
+    https://packages.gramineproject.io/distfiles
 
 LISTEN_HOST ?= 127.0.0.1
 LISTEN_PORT ?= 8001
 
 SGX_SIGNER_KEY ?= ../../Pal/src/host/Linux-SGX/signer/enclave-key.pem
 
 ifeq ($(DEBUG),1)
-GRAPHENE_LOG_LEVEL = debug
+GRAMINE_LOG_LEVEL = debug
 else
-GRAPHENE_LOG_LEVEL = error
+GRAMINE_LOG_LEVEL = error
 endif
 
 .PHONY: all
@@ -61,41 +61,41 @@ httpd-modules: $(INSTALL_DIR)/conf/httpd.conf
 	@echo $(INSTALL_DIR)/modules/mod_ssl.so        >> $@
 
 httpd.manifest: httpd.manifest.template
-	graphene-manifest \
-		-Dlog_level=$(GRAPHENE_LOG_LEVEL) \
+	gramine-manifest \
+		-Dlog_level=$(GRAMINE_LOG_LEVEL) \
 		-Dinstall_dir=$(INSTALL_DIR) \
 		-Dinstall_dir_abspath=$(abspath $(INSTALL_DIR)) \
 		-Darch_libdir=$(ARCH_LIBDIR) \
 		$< > $@
 
 httpd.manifest.sgx: httpd.manifest $(INSTALL_DIR)/bin/httpd \
-		$(INSTALL_DIR)/conf/httpd-graphene.conf \
-		$(INSTALL_DIR)/conf/extra/httpd-ssl-graphene.conf \
+		$(INSTALL_DIR)/conf/httpd-gramine.conf \
+		$(INSTALL_DIR)/conf/extra/httpd-ssl-gramine.conf \
 		$(TEST_DATA) \
 		$(INSTALL_DIR)/conf/server.crt
 	@test -s $(SGX_SIGNER_KEY) || \
 	    { echo "SGX signer private key was not found, please specify SGX_SIGNER_KEY!"; exit 1; }
-	graphene-sgx-sign \
+	gramine-sgx-sign \
 		--key $(SGX_SIGNER_KEY) \
 		--manifest httpd.manifest \
 		--output $@
 
 httpd.sig: httpd.manifest.sgx
 
 httpd.token: httpd.sig
-	graphene-sgx-get-token --output $@ --sig $<
+	gramine-sgx-get-token --output $@ --sig $<
 
 .PHONY: config
-config: $(INSTALL_DIR)/conf/httpd-graphene.conf $(INSTALL_DIR)/conf/extra/httpd-ssl-graphene.conf
+config: $(INSTALL_DIR)/conf/httpd-gramine.conf $(INSTALL_DIR)/conf/extra/httpd-ssl-gramine.conf
 
-$(INSTALL_DIR)/conf/httpd-graphene.conf: $(INSTALL_DIR)/conf/httpd.conf
+$(INSTALL_DIR)/conf/httpd-gramine.conf: $(INSTALL_DIR)/conf/httpd.conf
 	sed \
 		-e "s|^Listen |#Listen |g" \
 		-e "s|^User |#User |g" \
 		-e "s|^Group |#Group |g" \
 		-e "s|^LoadModule mpm_prefork|#LoadModule mpm_prefork|g" \
 		-e "s|^#LoadModule ssl_module|LoadModule ssl_module|g" \
-		-e "s|^#Include conf/extra/httpd-ssl.conf|Include conf/extra/httpd-ssl-graphene.conf|g" \
+		-e "s|^#Include conf/extra/httpd-ssl.conf|Include conf/extra/httpd-ssl-gramine.conf|g" \
 		-e "s|#EnableMMAP off|EnableMMAP off|g" \
 		-e "s|#EnableSendfile on|EnableSendfile on|g" \
 	$< > $@
@@ -114,7 +114,7 @@ $(INSTALL_DIR)/conf/httpd-graphene.conf: $(INSTALL_DIR)/conf/httpd.conf
     ThreadsPerChild          25\n\
 </IfModule>\n" >> $@
 
-$(INSTALL_DIR)/conf/extra/httpd-ssl-graphene.conf: $(INSTALL_DIR)/conf/extra/httpd-ssl.conf
+$(INSTALL_DIR)/conf/extra/httpd-ssl-gramine.conf: $(INSTALL_DIR)/conf/extra/httpd-ssl.conf
 	sed \
 		-e "s|^Listen 443|Listen 127.0.0.1:8443|g" \
 		-e "s|^<VirtualHost _default_:443>|<VirtualHost 127.0.0.1:8443>|g" \
@@ -157,9 +157,9 @@ $(INSTALL_DIR)/conf/server.crt: ssl/ca_config.conf $(INSTALL_DIR)/bin/httpd
 ssldata: $(INSTALL_DIR)/conf/server.crt
 
 ifeq ($(SGX),)
-GRAPHENE = graphene-direct
+GRAMINE = gramine-direct
 else
-GRAPHENE = graphene-sgx
+GRAMINE = gramine-sgx
 endif
 
 .PHONY: clean-server
@@ -170,17 +170,17 @@ clean-server:
 start-native-server: all clean-server
 	@echo "Listen on $(LISTEN_HOST):$(LISTEN_PORT)"
 	$(INSTALL_DIR)/bin/httpd -D FOREGROUND \
-		-f conf/httpd-graphene.conf \
+		-f conf/httpd-gramine.conf \
 		-C "LoadModule mpm_prefork_module modules/mod_mpm_prefork.so" \
 		-C "Listen $(LISTEN_HOST):$(LISTEN_PORT)" \
 		-C "ServerName $(LISTEN_HOST)" \
 		-C "PidFile logs/httpd-$(LISTEN_HOST)-$(LISTEN_PORT).pid"
 
-.PHONY: start-graphene-server
-start-graphene-server: all clean-server
+.PHONY: start-gramine-server
+start-gramine-server: all clean-server
 	@echo "Listen on $(LISTEN_HOST):$(LISTEN_PORT)"
-	$(GRAPHENE) ./httpd -D FOREGROUND \
-		-f conf/httpd-graphene.conf \
+	$(GRAMINE) ./httpd -D FOREGROUND \
+		-f conf/httpd-gramine.conf \
 		-C "LoadModule mpm_prefork_module modules/mod_mpm_prefork.so" \
 		-C "Listen $(LISTEN_HOST):$(LISTEN_PORT)" \
 		-C "ServerName $(LISTEN_HOST)" \
@@ -190,17 +190,17 @@ start-graphene-server: all clean-server
 start-native-multithreaded-server: all clean-server
 	@echo "Listen on $(LISTEN_HOST):$(LISTEN_PORT)"
 	$(INSTALL_DIR)/bin/httpd -D FOREGROUND \
-		-f conf/httpd-graphene.conf \
+		-f conf/httpd-gramine.conf \
 		-C "LoadModule mpm_worker_module modules/mod_mpm_worker.so" \
 		-C "Listen $(LISTEN_HOST):$(LISTEN_PORT)" \
 		-C "ServerName $(LISTEN_HOST)" \
 		-C "PidFile logs/httpd-$(LISTEN_HOST)-$(LISTEN_PORT).pid"
 
-.PHONY: start-graphene-multithreaded-server
-start-graphene-multithreaded-server: all clean-server
+.PHONY: start-gramine-multithreaded-server
+start-gramine-multithreaded-server: all clean-server
 	@echo "Listen on $(LISTEN_HOST):$(LISTEN_PORT)"
-	$(GRAPHENE) ./httpd -D FOREGROUND \
-		-f conf/httpd-graphene.conf \
+	$(GRAMINE) ./httpd -D FOREGROUND \
+		-f conf/httpd-gramine.conf \
 		-C "LoadModule mpm_worker_module modules/mod_mpm_worker.so" \
 		-C "Listen $(LISTEN_HOST):$(LISTEN_PORT)" \
 		-C "ServerName $(LISTEN_HOST)" \

apache/README.md

@@ -22,14 +22,14 @@ make start-native-server &
 ../common_tools/benchmark-http.sh https://127.0.0.1:8443
 kill -SIGINT %%
 
-# run Apache in non-SGX Graphene against HTTP and HTTPS benchmarks
-make start-graphene-server &
+# run Apache in non-SGX Gramine against HTTP and HTTPS benchmarks
+make start-gramine-server &
 ../common_tools/benchmark-http.sh 127.0.0.1:8001
 ../common_tools/benchmark-http.sh https://127.0.0.1:8443
 kill -SIGINT %%
 
-# run Apache in Graphene-SGX against HTTP and HTTPS benchmarks
-SGX=1 make start-graphene-server &
+# run Apache in Gramine-SGX against HTTP and HTTPS benchmarks
+SGX=1 make start-gramine-server &
 ../common_tools/benchmark-http.sh 127.0.0.1:8001
 ../common_tools/benchmark-http.sh https://127.0.0.1:8443
 kill -SIGINT %%
@@ -50,8 +50,8 @@ with many threads each, and each thread handles one connection at a time.
 The supplied Makefile allows to run Apache in both configurations:
 ```sh
 make start-native-server                  # run with Prefork MPM
-make start-graphene-server                # run with Prefork MPM
+make start-gramine-server                # run with Prefork MPM
 
 make start-native-multithreaded-server    # run with Worker MPM
-make start-graphene-multithreaded-server  # run with Worker MPM
+make start-gramine-multithreaded-server  # run with Worker MPM
 ```

apache/httpd.manifest.template

@@ -1,6 +1,6 @@
 # Apache manifest example
 
-loader.preload = "file:{{ graphene.libos }}"
+loader.preload = "file:{{ gramine.libos }}"
 libos.entrypoint = "{{ install_dir }}/bin/httpd"
 loader.log_level = "{{ log_level }}"
 
@@ -12,7 +12,7 @@ sys.enable_sigterm_injection = true
 
 fs.mount.lib.type = "chroot"
 fs.mount.lib.path = "/lib"
-fs.mount.lib.uri = "file:{{ graphene.runtimedir() }}"
+fs.mount.lib.uri = "file:{{ gramine.runtimedir() }}"
 
 fs.mount.lib2.type = "chroot"
 fs.mount.lib2.path = "{{ arch_libdir }}"
@@ -35,7 +35,7 @@ sgx.enclave_size = "512M"
 sgx.thread_num = 32
 
 sgx.trusted_files.httpd = "file:{{ install_dir }}/bin/httpd"
-sgx.trusted_files.runtime = "file:{{ graphene.runtimedir() }}"
+sgx.trusted_files.runtime = "file:{{ gramine.runtimedir() }}"
 sgx.trusted_files.arch_libdir = "file:{{ arch_libdir }}/"
 sgx.trusted_files.usr_arch_libdir = "file:/usr/{{ arch_libdir }}/"
 sgx.trusted_files.conf = "file:{{ install_dir }}/conf"

curl/Makefile

@@ -6,9 +6,9 @@ ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine)
 SGX_SIGNER_KEY ?= ../../Pal/src/host/Linux-SGX/signer/enclave-key.pem
 
 ifeq ($(DEBUG),1)
-GRAPHENE_LOG_LEVEL = debug
+GRAMINE_LOG_LEVEL = debug
 else
-GRAPHENE_LOG_LEVEL = error
+GRAMINE_LOG_LEVEL = error
 endif
 
 .PHONY: all
@@ -18,8 +18,8 @@ all: curl.manifest.sgx curl.sig curl.token
 endif
 
 curl.manifest: curl.manifest.template
-	graphene-manifest \
-		-Dlog_level=$(GRAPHENE_LOG_LEVEL) \
+	gramine-manifest \
+		-Dlog_level=$(GRAMINE_LOG_LEVEL) \
 		-Dhome=$(HOME) \
 		-Darch_libdir=$(ARCH_LIBDIR) \
 		-Dcurl_dir=$(CURL_DIR) \
@@ -28,27 +28,27 @@ curl.manifest: curl.manifest.template
 curl.manifest.sgx: curl.manifest
 	@test -s $(SGX_SIGNER_KEY) || \
 	    { echo "SGX signer private key was not found, please specify SGX_SIGNER_KEY!"; exit 1; }
-	graphene-sgx-sign \
+	gramine-sgx-sign \
 		--key $(SGX_SIGNER_KEY) \
 		--manifest curl.manifest \
 		--output $@
 
 curl.sig: curl.manifest.sgx
 
 curl.token: curl.sig
-	graphene-sgx-get-token --output $@ --sig $^
+	gramine-sgx-get-token --output $@ --sig $^
 
 ifeq ($(SGX),)
-GRAPHENE = graphene-direct
+GRAMINE = gramine-direct
 else
-GRAPHENE = graphene-sgx
+GRAMINE = gramine-sgx
 endif
 
 .PHONY: check
 check: all
 	(cd test-docroot; exec python3 -m http.server -b 127.0.0.1 19111) & httpd_pid=$$!; \
 	../../Scripts/wait_for_server 5 127.0.0.1 19111; \
-	$(GRAPHENE) ./curl http://127.0.0.1:19111/ > OUTPUT; rc=$$?; \
+	$(GRAMINE) ./curl http://127.0.0.1:19111/ > OUTPUT; rc=$$?; \
 	kill $$httpd_pid; exit $$rc
 
 	@grep -q "Hello World" OUTPUT && echo "[ Success 1/1 ]"

curl/README.md

@@ -1,7 +1,7 @@
 # Curl
 
 This directory contains a Makefile and template manifest to run curl on
-Graphene. This example uses curl installed on the system instead of compiling
+Gramine. This example uses curl installed on the system instead of compiling
 from source as some of the other examples do.
 
 # Quick Start

curl/curl.manifest.template

@@ -1,6 +1,6 @@
 # Curl manifest file example
 
-loader.preload = "file:{{ graphene.libos }}"
+loader.preload = "file:{{ gramine.libos }}"
 libos.entrypoint = "{{ curl_dir }}/curl"
 loader.log_level = "{{ log_level }}"
 
@@ -11,7 +11,7 @@ loader.insecure__use_cmdline_argv = true
 
 fs.mount.lib.type = "chroot"
 fs.mount.lib.path = "/lib"
-fs.mount.lib.uri = "file:{{ graphene.runtimedir() }}"
+fs.mount.lib.uri = "file:{{ gramine.runtimedir() }}"
 
 fs.mount.lib2.type = "chroot"
 fs.mount.lib2.path = "{{ arch_libdir }}"
@@ -33,7 +33,7 @@ sgx.enclave_size = "256M"
 sgx.thread_num = 4
 
 sgx.trusted_files.curl = "file:{{ curl_dir }}/curl"
-sgx.trusted_files.runtime = "file:{{ graphene.runtimedir() }}"
+sgx.trusted_files.runtime = "file:{{ gramine.runtimedir() }}"
 sgx.trusted_files.arch_libdir = "file:{{ arch_libdir }}/"
 sgx.trusted_files.usr_arch_libdir = "file:/usr/{{ arch_libdir }}/"
 

gcc/Makefile

@@ -7,17 +7,17 @@ SGX_SIGNER_KEY ?= ../../Pal/src/host/Linux-SGX/signer/enclave-key.pem
 
 BZIP2_MIRRORS ?= \
 	https://people.csail.mit.edu/smcc/projects/single-file-programs/bzip2.c \
-	https://packages.grapheneproject.io/distfiles/single-file-programs/bzip2.c
+	https://packages.gramineproject.io/distfiles/single-file-programs/bzip2.c
 BZIP2_HASH ?= 89f331ce93cbf0ee7318802f440f1d7594bb78cf1a82069f2288e0459ec8d729
 GZIP_MIRRORS ?= \
 	https://people.csail.mit.edu/smcc/projects/single-file-programs/gzip.c \
-	https://packages.grapheneproject.io/distfiles/single-file-programs/gzip.c
+	https://packages.gramineproject.io/distfiles/single-file-programs/gzip.c
 GZIP_HASH ?= 7ec7d87822e6497648580064756f64e47dbd085727910ebbc52a7c240a88dc27
 
 ifeq ($(DEBUG),1)
-GRAPHENE_LOG_LEVEL = debug
+GRAMINE_LOG_LEVEL = debug
 else
-GRAPHENE_LOG_LEVEL = error
+GRAMINE_LOG_LEVEL = error
 endif
 
 # awk '{print $NF}' ...  print last field.
@@ -32,8 +32,8 @@ all: gcc.manifest.sgx gcc.sig gcc.token
 endif
 
 %.manifest: %.manifest.template
-	graphene-manifest \
-		-Dlog_level=$(GRAPHENE_LOG_LEVEL) \
+	gramine-manifest \
+		-Dlog_level=$(GRAMINE_LOG_LEVEL) \
 		-Darch_libdir=$(ARCH_LIBDIR) \
 		-Dgcc_lib_path=$(GCC_LIB_PATH) \
 		-Dgcc_major_version=$(GCC_MAJOR_VERSION) \
@@ -48,13 +48,13 @@ gcc.sig gcc.manifest.sgx: sgx_outputs
 sgx_outputs: gcc.manifest
 	@test -s $(SGX_SIGNER_KEY) || \
 	    { echo "SGX signer private key was not found, please specify SGX_SIGNER_KEY!"; exit 1; }
-	graphene-sgx-sign \
+	gramine-sgx-sign \
 		--key $(SGX_SIGNER_KEY) \
 		--manifest gcc.manifest \
 		--output gcc.manifest.sgx
 
 %.token: %.sig
-	graphene-sgx-get-token --output $@ --sig $<
+	gramine-sgx-get-token --output $@ --sig $<
 
 test_files/bzip2.c:
 	../common_tools/download --output $@ --sha256 $(BZIP2_HASH) $(foreach mirror,$(BZIP2_MIRRORS),--url $(mirror))
@@ -67,21 +67,21 @@ test_files/gzip.c: test_files/gzip_broken.c test_files/gzip.patch
 	patch test_files/gzip_broken.c -i test_files/gzip.patch -o $@
 
 ifeq ($(SGX),)
-GRAPHENE = graphene-direct
+GRAMINE = gramine-direct
 else
-GRAPHENE = graphene-sgx
+GRAMINE = gramine-sgx
 endif
 
 .PHONY: check
 check: all
 	@echo "\n\nCompiling hello.c..."
-	$(GRAPHENE) gcc test_files/helloworld.c -o test_files/hello
+	$(GRAMINE) gcc test_files/helloworld.c -o test_files/hello
 	@chmod 755 test_files/hello
 	-./test_files/hello
 	$(RM) test_files/hello
 
 	@echo "\n\nCompiling bzip2.c..."
-	$(GRAPHENE) gcc test_files/bzip2.c -o test_files/bzip2
+	$(GRAMINE) gcc test_files/bzip2.c -o test_files/bzip2
 	@chmod 755 test_files/bzip2
 	$(RM) bzip2.tmp
 	@cp -f test_files/bzip2 test_files/bzip2.copy
@@ -91,7 +91,7 @@ check: all
 	$(RM) test_files/bzip2 test_file/bzip2.copy
 
 	@echo "\n\nCompiling gzip.c..."
-	$(GRAPHENE) gcc test_files/gzip.c -o test_files/gzip
+	$(GRAMINE) gcc test_files/gzip.c -o test_files/gzip
 	@chmod 755 test_files/gzip
 	@cp -f test_files/gzip test_files/gzip.copy
 	./test_files/gzip test_files/gzip.copy

gcc/README.md

@@ -4,7 +4,7 @@
 the one from the system***
 
 This directory contains a Makefile and template manifests to run gcc and its
-related tools on Graphene. This example uses the package version of gcc and
+related tools on Gramine. This example uses the package version of gcc and
 related tools (as, cc1, collect2, ld) installed on the system instead of
 compiling them from source as some of the other examples do.
 
@@ -16,9 +16,9 @@ execute ```SGX=1 make check```. The regression tests build three sample programs
 
 # Note on OS distributions
 
-It is known that GCC relies on specific Glibc version/build. Because Graphene
+It is known that GCC relies on specific Glibc version/build. Because Gramine
 uses its own patched Glibc, this may lead to seemlingly inexplicable failures.
 In particular, this GCC example is known to work on Ubuntu 18.04/20.04 but fail
 on RHEL 8/CentOS 8. There is currently no fix for RHEL/CentOS.
 
-For details, see https://github.com/oscarlab/graphene/issues/2489.
+For details, see https://github.com/gramineproject/graphene/issues/2489.