ConfidentialComputing: Gramine on Azure

14 views
Skip to first unread message

Borello Enrico

unread,
Jul 8, 2022, 5:34:41 AMJul 8
to us...@gramineproject.io

Hello,

 

Looking for Confidential Computing solutions, we found Gramine and it looks like a very interesting solution for us. We tried to test it on Azure VM (Ubuntu 20.04) as suggested but apparently, there are some problems with kernel compatibility (right now upgrading the kernel seems to not be a solution).

 

·       Do you have any suggestions in order to avoid this problem?

 

Furthermore, I would like to ask you other two questions:

·       Could be possible to have a Teams meeting to go deeply into your solution?

·       Is your solution been used in a production environment based on Azure VMs?

 

I look forward to hearing from you.

 

Thank you.

 

Best Regards,

 

 

Logo LEONARDO colore small

Enrico Borello
Leonardo Cyber Security

Microservices & Logistic Applications Unit
UO Engineering


Torre Fiumara - Via R. Pieragostini, 80 – 16151 Genova – Italy
Mobile
+39 3666335918
enrico....@leonardo.com


HELICOPTERS / AERONAUTICS / ELECTRONICS, DEFENCE AND SECURITY SYSTEMS / SPACE

 

 


Company Restricted


Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge.
Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente.

The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information.
If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “
This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender

Dmitrii Kuvaiskii

unread,
Jul 8, 2022, 5:47:35 AMJul 8
to Borello Enrico, us...@gramineproject.io
Dear Enrico,

A very quick reply from me. (Regarding the Teams meeting: we could
invite you to the Zoom core meeting or we could schedule a separate MS
Teams meeting, but we'll first discuss this during the Monday core
meeting, see https://github.com/gramineproject/gramine/discussions/726.)

> We tried to test it on Azure VM (Ubuntu 20.04) as suggested but apparently, there are some problems with kernel compatibility (right now upgrading the kernel seems to not be a solution).

I routinely use Azure CC VMs with Ubuntu 20.04. The Linux kernel on
these CC VMs is Linux 5.13, which is perfect for Gramine.

I assume that you tried the normal Azure VM. Please try the CC
(Confidential Computing) option in Azure -- see
https://docs.microsoft.com/en-us/azure/confidential-computing/quick-create-portal

On Fri, Jul 8, 2022 at 11:34 AM 'Borello Enrico' via Gramine Users
<gramin...@googlegroups.com> wrote:
>
> Hello,
>
>
>
> Looking for Confidential Computing solutions, we found Gramine and it looks like a very interesting solution for us. We tried to test it on Azure VM (Ubuntu 20.04) as suggested but apparently, there are some problems with kernel compatibility (right now upgrading the kernel seems to not be a solution).
>
>
>
> · Do you have any suggestions in order to avoid this problem?
>
>
>
> Furthermore, I would like to ask you other two questions:
>
> · Could be possible to have a Teams meeting to go deeply into your solution?
>
> · Is your solution been used in a production environment based on Azure VMs?
>
>
>
> I look forward to hearing from you.
>
>
>
> Thank you.
>
>
>
> Best Regards,
>
>
>
>
>
>
>
> Enrico Borello
> Leonardo Cyber Security
>
> Microservices & Logistic Applications Unit
> UO Engineering
>
> Torre Fiumara - Via R. Pieragostini, 80 – 16151 Genova – Italy
> Mobile+39 3666335918
> enrico....@leonardo.com
>
> ________________________________
>
> HELICOPTERS / AERONAUTICS / ELECTRONICS, DEFENCE AND SECURITY SYSTEMS / SPACE
>
>
>
>
>
>
> Company Restricted
>
>
> Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge.
> Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente.
> ________________________________
> The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information.
> If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “
> This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender
>
> --
> You received this message because you are subscribed to the Google Groups "Gramine Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gramine-user...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gramine-users/ecc105d0487247da8a34da1db917328b%40leonardo.com.



--
Yours sincerely,
Dmitrii Kuvaiskii

Dmitrii Kuvaiskii

unread,
Jul 8, 2022, 6:42:19 AMJul 8
to Borello Enrico, us...@gramineproject.io
I'm typically using DCv2 or DCv3 machines, with Gen2:
https://docs.microsoft.com/en-us/azure/virtual-machines/dcv3-series

On Fri, Jul 8, 2022 at 12:20 PM Borello Enrico
<enrico....@leonardo.com> wrote:
>
> Hello,
>
> I'm in GMT+2 what is your time zone? If the meeting is on Monday (and the time is compatible) I absolutely would like to participate. Could you send me the invitation?
>
> Regarding the compatibility, I guess the problem is that we were using "DC8as_v5".
>
> Do you have any suggestions on the VM?
>
> I really appreciate your quick response.
>
> Thank you.
>
> Best Regards,
>
>
>
>
> Enrico Borello
> Leonardo Cyber Security
> Microservices & Logistic Applications Unit
> UO Engineering
>
> Torre Fiumara - Via R. Pieragostini, 80 – 16151 Genova – Italy
> Mobile+39 3666335918
> enrico....@leonardo.com
>
> HELICOPTERS / AERONAUTICS / ELECTRONICS, DEFENCE AND SECURITY SYSTEMS / SPACE
>
>
>
>
>
>
> Company Restricted
>
>
> Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge.
> Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente.
>
> The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information.
> If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “
> This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender
> -----Messaggio originale-----
> Da: Dmitrii Kuvaiskii [mailto:dmitrii....@gmail.com]
> Inviato: venerdì 8 luglio 2022 11:46
> A: Borello Enrico <enrico....@leonardo.com>
> Cc: us...@gramineproject.io
> Oggetto: Re: ConfidentialComputing: Gramine on Azure

Borello Enrico

unread,
Jul 8, 2022, 9:17:30 AMJul 8
to Dmitrii Kuvaiskii, us...@gramineproject.io
Hello Dmitrii,

Thanks a lot for your support :-)

Please let me know about the zoom meeting (What I see from the email is an Appointment on Saturday at 8:00 without any link for the call)

Best regards,



Enrico Borello
Leonardo Cyber Security
Microservices & Logistic Applications Unit
UO Engineering

Torre Fiumara - Via R. Pieragostini, 80 – 16151 Genova – Italy
Mobile+39 3666335918
enrico....@leonardo.com

HELICOPTERS / AERONAUTICS / ELECTRONICS, DEFENCE AND SECURITY SYSTEMS / SPACE






Company Restricted


Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge.
Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente.

The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information.
If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “
This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender
-----Messaggio originale-----
Da: Dmitrii Kuvaiskii [mailto:dmitrii....@gmail.com]
Inviato: venerdì 8 luglio 2022 12:42

Borello Enrico

unread,
Jul 8, 2022, 9:17:30 AMJul 8
to Dmitrii Kuvaiskii, us...@gramineproject.io
Hello,

I'm in GMT+2 what is your time zone? If the meeting is on Monday (and the time is compatible) I absolutely would like to participate. Could you send me the invitation?

Regarding the compatibility, I guess the problem is that we were using "DC8as_v5".

Do you have any suggestions on the VM?

I really appreciate your quick response.

Thank you.

Best Regards,




Enrico Borello
Leonardo Cyber Security
Microservices & Logistic Applications Unit
UO Engineering

Torre Fiumara - Via R. Pieragostini, 80 – 16151 Genova – Italy
Mobile+39 3666335918
enrico....@leonardo.com

HELICOPTERS / AERONAUTICS / ELECTRONICS, DEFENCE AND SECURITY SYSTEMS / SPACE






Company Restricted


Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge.
Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente.

The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information.
If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “
This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender
-----Messaggio originale-----
Da: Dmitrii Kuvaiskii [mailto:dmitrii....@gmail.com]
Inviato: venerdì 8 luglio 2022 11:46
A: Borello Enrico <enrico....@leonardo.com>
Cc: us...@gramineproject.io
Oggetto: Re: ConfidentialComputing: Gramine on Azure

Borello Enrico

unread,
Jul 8, 2022, 9:30:17 AMJul 8
to Dmitrii Kuvaiskii, us...@gramineproject.io
Hello Dmitrii,

I'm sorry I forget that Monday our company is closed due to the Sant'Alberto holiday (https://en.wikipedia.org/wiki/Albert_of_Genoa), the patron of the city.

Let me know when will you be available!

Best regards,



Enrico Borello
Leonardo Cyber Security
Microservices & Logistic Applications Unit
UO Engineering

Torre Fiumara - Via R. Pieragostini, 80 – 16151 Genova – Italy
Mobile+39 3666335918
enrico....@leonardo.com

HELICOPTERS / AERONAUTICS / ELECTRONICS, DEFENCE AND SECURITY SYSTEMS / SPACE






Company Restricted


Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge.
Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente.

The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information.
If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “
This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender
-----Messaggio originale-----
Da: Borello Enrico
Inviato: venerdì 8 luglio 2022 13:48
A: 'Dmitrii Kuvaiskii' <dmitrii....@gmail.com>
Cc: us...@gramineproject.io
Oggetto: R: ConfidentialComputing: Gramine on Azure

Hello Dmitrii,

Thanks a lot for your support :-)

Please let me know about the zoom meeting (What I see from the email is an Appointment on Saturday at 8:00 without any link for the call)

Best regards,



Enrico Borello
Leonardo Cyber Security
Microservices & Logistic Applications Unit UO Engineering

Torre Fiumara - Via R. Pieragostini, 80 – 16151 Genova – Italy
Mobile+39 3666335918
enrico....@leonardo.com

HELICOPTERS / AERONAUTICS / ELECTRONICS, DEFENCE AND SECURITY SYSTEMS / SPACE






Company Restricted

-----Messaggio originale-----
Da: Dmitrii Kuvaiskii [mailto:dmitrii....@gmail.com]
Inviato: venerdì 8 luglio 2022 12:42

Dmitrii Kuvaiskii

unread,
Jul 12, 2022, 2:48:28 AMJul 12
to Borello Enrico, us...@gramineproject.io
Dear Enrico,

We had a Gramine core meeting this Monday, and we agreed to invite you
to our next meeting.

The next meeting happens on Monday, 18. July 2022, at 4pm CET (Central
European Time). I will send you a meeting invite separately. I suggest
you to prepare for a 30-min discussion -- you can present your
solution and your requirements and prepare questions on Gramine. Hope
this works for you.

On Fri, Jul 8, 2022 at 3:30 PM 'Borello Enrico' via Gramine Users
> To view this discussion on the web visit https://groups.google.com/d/msgid/gramine-users/bd5dbcb53018410f9eafc16f65248a1a%40leonardo.com.
Reply all
Reply to author
Forward
0 new messages