Feature: Reconstruct our Buildroot image to follow Google Hardened Image

[drasko]

Is your feature request related to a problem? Please describe.

No

Describe the feature you are requesting, as well as the possible use case(s) for it.

We should save RAM only for execution (as it is limited). All other artifacts (Linux files, algrotihm, Agent and other binaries, downloaded Docker images, Pytorch libraries, etc...) should live on disk.

Google proposes following: https://cloud.google.com/docs/security/confidential-space

1. Root FS - probably ext4 - OS artifacts on the disk, including Agent. This one should be immutable (read-only) - no one should ever change Agent or OS files.
2. Mutable (read-write) disk partition, but this one then must be encrypted, as it will contain downloaded Docker images or algorithm binaries and potentially also datasets. Result can be written there.
3. tmpfs - this is the one in which execution must be done, so that we guarantee that it is in RAM.

An additional research needs to be done on this, but those changes make sense in order to better optimize RAM usage and protect Agent and other artifacts further (immutable partition), protect downloaded algo (when not put in RAM - foroptimization - Docker image needs to we written in encrypted mutable partition) and result, and ensure execution in tmpfs without swap.

Indicate the importance of this feature to you.

Must-have

Anything else?

No response

[drasko]

@danko-miladinovic @SammyOina @rodneyosodo can you please verify this:

If this is true, and it is like this for Intel TDX also, then we do not have to disable swap. Moreover - we should enable swap and use it, in order to preserve RAM.

[danko-miladinovic]

Yes, based on the paper SEV-SNP formal security analysis the pages are encrypted when they are swapped to disk.

[dborovcanin]

@drasko What are the benefits of this approach? We need to put most of it into RAM to make it run anyway, and adding disk support is quite a significant change that requires disk encryption. @danko-miladinovic I don't think we are talking about process pages, but everything else that is not part of the process, but the system.

[drasko]

There are many benefits. For example swap. Then - Linux system can be on RO unencrypted (no jeed to put everything in RAM). And so on. Also big data files that can be treated one by one.

[dborovcanin]

Now that we are operating in the public cloud, the importance of this task is much more significant. @danko-miladinovic Please let's resolve this issue in sprint 23.

[dborovcanin]

@danko-miladinovic What's the status of this issue?

[dborovcanin]

@danko-miladinovic What's the status here?