nologies/cycles-quartz
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Move mtcs enclave into a sub-directory

Browse source
This commit is contained in:
hu55a1n1 2023-10-25 14:09:44 -07:00
parent 71da3981df
commit 4f2eec1f2a
5 changed files with 0 additions and 113 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
Dockerfile
View file

@ -1,32 +0,0 @@
FROM gramineproject/gramine:v1.5
RUN apt-get update && apt-get install -y jq build-essential
WORKDIR /workdir
RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
ENV PATH="/root/.cargo/bin:${PATH}"
RUN rustup toolchain install 1.72.0
RUN gramine-sgx-gen-private-key
# This should be associated with an acive IAS SPID in order for
# gramine tools like gramine-sgx-ias-request and gramine-sgx-ias-verify
ENV RA_CLIENT_SPID=51CAF5A48B450D624AEFE3286D314894
ENV RA_CLIENT_LINKABLE=1
# Copy the mtcs directory and build
COPY mtcs ./mtcs
WORKDIR /workdir/mtcs
RUN cargo build --release
WORKDIR /workdir
COPY mtcs.manifest.template ./
COPY data/micro-set-offs.csv mtcs/data
# Make and sign the gramine manifest
RUN gramine-manifest -Dlog_level="error" -Dhome=${HOME} -Darch_libdir="/lib/$(gcc -dumpmachine)" -Dmtcs_dir="$(pwd)/mtcs" -Dtestname="micro-set-offs" mtcs.manifest.template mtcs.manifest
RUN gramine-sgx-sign --manifest mtcs.manifest --output mtcs.manifest.sgx
CMD [ "gramine-sgx-sigstruct-view mtcs.sig" ]

40
README.md
View file

@ -1,40 +0,0 @@
## Gramine experiments using MTCS
This is a Dockerfile for replaying the mtcs experiment in gramine, starting from the manifest file from https://github.com/informalsystems/cofi-private/issues/104
The starting point for the Dockerfile is the Gramine-based from Revm Relay hackathon. https://github.com/amiller/gramine-sgx-revm/
The point of this is to emphasize the verification process that can be completed even without SGX, by reproducing the MRENCLAVE and inspecting remote attestation quotes.
## Init the git submodules
This repo references mtcs as a submodule, but the Dockerfile simply copies mtcs from the current directory.
So don't forget to have git apply the submodules when cloning the repo
```bash
git submodule update --init --recursive
```
## Replicating the MRENCLAVE build (no SGX required
The following will build mtcs, then freeze all dependencies from the docker environment into the gramine manifest, and finally display the resulting MRENCLAVE
```bash
docker build . --tag mtcs
docker run mtcs
```
Let's see how long this remains reproducible:
```
mr_enclave: fa9149158c693b09e83480b48c2e7344c941aadca6d5829834f2af9f2690435e
```
## Execution on an SGX machine
This is tested on a local SGX machine, not Azure
```bash
docker run -it --device /dev/sgx_enclave \
-v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \
-v ./data:/workdir/data \
mtcs bash
is-sgx-available
gramine-sgx ./mtcs
cat mtcs/data/micro-set-offs.out
```

5
data/micro-set-offs.csv
View file

@ -1,5 +0,0 @@
id,debtor,creditor,amount,set_off,remainder
1,10,20,100,100,0
2,20,30,100,100,0
3,30,10,200,100,100
4,40,30,100,0,100
1 id debtor creditor amount set_off remainder
2 1 10 20 100 100 0
3 2 20 30 100 100 0
4 3 30 10 200 100 100
5 4 40 30 100 0 100

1
mtcs

@ -1 +0,0 @@
Subproject commit 3f13e5c0fd0623a9dc7f4b4227be4678fa947531

35
mtcs.manifest.template
View file

@ -1,35 +0,0 @@
# MTCS manifest file example
loader.entrypoint = "file:{{ gramine.libos }}"
libos.entrypoint = "{{ mtcs_dir }}/target/release/mtcs-cli"
loader.log_level = "{{ log_level }}"
loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
loader.env.HOME = "{{ home }}"
loader.argv = ["-v", "-i", "{{ mtcs_dir }}/data/{{ testname }}.csv", "-o", "{{ mtcs_dir }}/data/{{ testname }}.out"]
fs.mounts = [
{ uri = "file:{{ gramine.runtimedir() }}", path = "/lib" },
{ uri = "file:{{ arch_libdir }}", path = "{{ arch_libdir }}" },
{ uri = "file:/usr/{{ arch_libdir }}", path = "/usr{{ arch_libdir }}" },
{ uri = "file:{{ mtcs_dir }}", path = "{{ mtcs_dir }}" },
]
sgx.enclave_size = "512M"
sgx.max_threads = 4
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.trusted_files = [
"file:{{ gramine.libos }}",
"file:{{ mtcs_dir }}/target/release/mtcs-cli",
"file:{{ mtcs_dir }}/data/{{ testname }}.csv",
"file:{{ gramine.runtimedir() }}/",
"file:{{ arch_libdir }}/",
"file:/usr/{{ arch_libdir }}/",
]
sgx.allowed_files = [
"file:{{ mtcs_dir }}/data/{{ testname }}.out",
]