From 4f2eec1f2a3f8c35a565840cf20d5bbc049b6817 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Wed, 25 Oct 2023 14:09:44 -0700 Subject: [PATCH] Move mtcs enclave into a sub-directory --- Dockerfile | 32 -------------------------------- README.md | 40 ---------------------------------------- data/micro-set-offs.csv | 5 ----- mtcs | 1 - mtcs.manifest.template | 35 ----------------------------------- 5 files changed, 113 deletions(-) delete mode 100644 Dockerfile delete mode 100644 README.md delete mode 100644 data/micro-set-offs.csv delete mode 160000 mtcs delete mode 100644 mtcs.manifest.template diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 4012028..0000000 --- a/Dockerfile +++ /dev/null @@ -1,32 +0,0 @@ -FROM gramineproject/gramine:v1.5 - -RUN apt-get update && apt-get install -y jq build-essential - -WORKDIR /workdir - -RUN curl https://sh.rustup.rs -sSf | bash -s -- -y -ENV PATH="/root/.cargo/bin:${PATH}" -RUN rustup toolchain install 1.72.0 - -RUN gramine-sgx-gen-private-key - -# This should be associated with an acive IAS SPID in order for -# gramine tools like gramine-sgx-ias-request and gramine-sgx-ias-verify -ENV RA_CLIENT_SPID=51CAF5A48B450D624AEFE3286D314894 -ENV RA_CLIENT_LINKABLE=1 - -# Copy the mtcs directory and build -COPY mtcs ./mtcs -WORKDIR /workdir/mtcs -RUN cargo build --release - -WORKDIR /workdir -COPY mtcs.manifest.template ./ - -COPY data/micro-set-offs.csv mtcs/data - -# Make and sign the gramine manifest -RUN gramine-manifest -Dlog_level="error" -Dhome=${HOME} -Darch_libdir="/lib/$(gcc -dumpmachine)" -Dmtcs_dir="$(pwd)/mtcs" -Dtestname="micro-set-offs" mtcs.manifest.template mtcs.manifest -RUN gramine-sgx-sign --manifest mtcs.manifest --output mtcs.manifest.sgx - -CMD [ "gramine-sgx-sigstruct-view mtcs.sig" ] diff --git a/README.md b/README.md deleted file mode 100644 index 63c2b44..0000000 --- a/README.md +++ /dev/null @@ -1,40 +0,0 @@ -## Gramine experiments using MTCS - -This is a Dockerfile for replaying the mtcs experiment in gramine, starting from the manifest file from https://github.com/informalsystems/cofi-private/issues/104 -The starting point for the Dockerfile is the Gramine-based from Revm Relay hackathon. https://github.com/amiller/gramine-sgx-revm/ - -The point of this is to emphasize the verification process that can be completed even without SGX, by reproducing the MRENCLAVE and inspecting remote attestation quotes. - -## Init the git submodules - -This repo references mtcs as a submodule, but the Dockerfile simply copies mtcs from the current directory. -So don't forget to have git apply the submodules when cloning the repo -```bash -git submodule update --init --recursive -``` -## Replicating the MRENCLAVE build (no SGX required - -The following will build mtcs, then freeze all dependencies from the docker environment into the gramine manifest, and finally display the resulting MRENCLAVE -```bash -docker build . --tag mtcs -docker run mtcs -``` - -Let's see how long this remains reproducible: -``` - mr_enclave: fa9149158c693b09e83480b48c2e7344c941aadca6d5829834f2af9f2690435e -``` - -## Execution on an SGX machine - -This is tested on a local SGX machine, not Azure - -```bash -docker run -it --device /dev/sgx_enclave \ - -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \ - -v ./data:/workdir/data \ - mtcs bash -is-sgx-available -gramine-sgx ./mtcs -cat mtcs/data/micro-set-offs.out -``` \ No newline at end of file diff --git a/data/micro-set-offs.csv b/data/micro-set-offs.csv deleted file mode 100644 index e0274cc..0000000 --- a/data/micro-set-offs.csv +++ /dev/null @@ -1,5 +0,0 @@ -id,debtor,creditor,amount,set_off,remainder -1,10,20,100,100,0 -2,20,30,100,100,0 -3,30,10,200,100,100 -4,40,30,100,0,100 diff --git a/mtcs b/mtcs deleted file mode 160000 index 3f13e5c..0000000 --- a/mtcs +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 3f13e5c0fd0623a9dc7f4b4227be4678fa947531 diff --git a/mtcs.manifest.template b/mtcs.manifest.template deleted file mode 100644 index 1bbf5a1..0000000 --- a/mtcs.manifest.template +++ /dev/null @@ -1,35 +0,0 @@ -# MTCS manifest file example - -loader.entrypoint = "file:{{ gramine.libos }}" -libos.entrypoint = "{{ mtcs_dir }}/target/release/mtcs-cli" - -loader.log_level = "{{ log_level }}" - -loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}" -loader.env.HOME = "{{ home }}" - -loader.argv = ["-v", "-i", "{{ mtcs_dir }}/data/{{ testname }}.csv", "-o", "{{ mtcs_dir }}/data/{{ testname }}.out"] - -fs.mounts = [ - { uri = "file:{{ gramine.runtimedir() }}", path = "/lib" }, - { uri = "file:{{ arch_libdir }}", path = "{{ arch_libdir }}" }, - { uri = "file:/usr/{{ arch_libdir }}", path = "/usr{{ arch_libdir }}" }, - { uri = "file:{{ mtcs_dir }}", path = "{{ mtcs_dir }}" }, -] - -sgx.enclave_size = "512M" -sgx.max_threads = 4 -sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} - -sgx.trusted_files = [ - "file:{{ gramine.libos }}", - "file:{{ mtcs_dir }}/target/release/mtcs-cli", - "file:{{ mtcs_dir }}/data/{{ testname }}.csv", - "file:{{ gramine.runtimedir() }}/", - "file:{{ arch_libdir }}/", - "file:/usr/{{ arch_libdir }}/", -] - -sgx.allowed_files = [ - "file:{{ mtcs_dir }}/data/{{ testname }}.out", -]