search

edgebitio / enclaver

Open source toolkit created to enable easy adoption of software enclaves
https://edgebit.io/enclaver
Apache License 2.0
124 stars 12 forks source link

Bump default memory for enclaves to 4096 #52

Closed robszumski closed 1 year ago

robszumski commented 1 year ago
  1. Bump default memory to the amount we know our demo app needs
  2. Fix minor UX issue of the ec2-user not being part of the docker and nitro enclaves groups
robszumski commented 1 year ago

Verified by manually launching the stack:

$ cat /etc/nitro_enclaves/allocator.yaml | grep memory
# How much memory to allocate for enclaves (in MiB).
memory_mib: 4096
robszumski commented 1 year ago

I did encounter what looks like a race condition testing the group change. When I first logged in, I did not see the groups updated, but a new shell a few mins later did have them applied. Maybe logind doesn't have cloud-init as a dependency?

Seconds after boot:

$ groups
ec2-user adm wheel systemd-journal

A few mins later:

$ groups
ec2-user adm wheel systemd-journal docker ne
robszumski commented 1 year ago

Another note: we don't have a facility for automatically updating the S3 bucket that contains this file. Once we're public, we can swap over to referencing the file on the website.