nologies/cycles-quartz
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Tendermint light client enclave (#8)

Browse source
This commit is contained in:
Shoaib Ahmed 2023-11-23 11:45:32 +01:00 committed by GitHub
commit b8b231d546
5 changed files with 6 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
Dockerfile
View file

@ -1,32 +0,0 @@
FROM gramineproject/gramine:v1.5
RUN apt-get update && apt-get install -y jq build-essential
WORKDIR /workdir
RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
ENV PATH="/root/.cargo/bin:${PATH}"
RUN rustup toolchain install 1.72.0
RUN gramine-sgx-gen-private-key
# This should be associated with an acive IAS SPID in order for
# gramine tools like gramine-sgx-ias-request and gramine-sgx-ias-verify
ENV RA_CLIENT_SPID=51CAF5A48B450D624AEFE3286D314894
ENV RA_CLIENT_LINKABLE=1
# Copy the mtcs directory and build
COPY mtcs ./mtcs
WORKDIR /workdir/mtcs
RUN cargo build --release
WORKDIR /workdir
COPY mtcs.manifest.template ./
COPY data/micro-set-offs.csv mtcs/data
# Make and sign the gramine manifest
RUN gramine-manifest -Dlog_level="error" -Dhome=${HOME} -Darch_libdir="/lib/$(gcc -dumpmachine)" -Dmtcs_dir="$(pwd)/mtcs" -Dtestname="micro-set-offs" mtcs.manifest.template mtcs.manifest
RUN gramine-sgx-sign --manifest mtcs.manifest --output mtcs.manifest.sgx
CMD [ "gramine-sgx-sigstruct-view mtcs.sig" ]

42
README.md
View file

@ -1,40 +1,10 @@
## Gramine experiments using MTCS
# tee-mtcs
This is a Dockerfile for replaying the mtcs experiment in gramine, starting from the manifest file from https://github.com/informalsystems/cofi-private/issues/104
The starting point for the Dockerfile is the Gramine-based from Revm Relay hackathon. https://github.com/amiller/gramine-sgx-revm/
Collection of tools and utilities to help run MTCS on TEEs.
The point of this is to emphasize the verification process that can be completed even without SGX, by reproducing the MRENCLAVE and inspecting remote attestation quotes.
## Enclaves
## Init the git submodules
Gramine applications and accompanying Dockerfiles for ease-of-usage.
This repo references mtcs as a submodule, but the Dockerfile simply copies mtcs from the current directory.
So don't forget to have git apply the submodules when cloning the repo
```bash
git submodule update --init --recursive
```
## Replicating the MRENCLAVE build (no SGX required
The following will build mtcs, then freeze all dependencies from the docker environment into the gramine manifest, and finally display the resulting MRENCLAVE
```bash
docker build . --tag mtcs
docker run mtcs
```
Let's see how long this remains reproducible:
```
mr_enclave: fa9149158c693b09e83480b48c2e7344c941aadca6d5829834f2af9f2690435e
```
## Execution on an SGX machine
This is tested on a local SGX machine, not Azure
```bash
docker run -it --device /dev/sgx_enclave \
-v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \
-v ./data:/workdir/data \
mtcs bash
is-sgx-available
gramine-sgx ./mtcs
cat mtcs/data/micro-set-offs.out
```
* [enclaves/mtcs](enclaves/mtcs) - Runs MTCS on a given set of obligations specified as an input file.
* [enclaves/tm](enclaves/tm) - Runs (stateless) Tendermint light client verification on a given block.

5
data/micro-set-offs.csv
View file

@ -1,5 +0,0 @@
id,debtor,creditor,amount,set_off,remainder
1,10,20,100,100,0
2,20,30,100,100,0
3,30,10,200,100,100
4,40,30,100,0,100
1 id debtor creditor amount set_off remainder
2 1 10 20 100 100 0
3 2 20 30 100 100 0
4 3 30 10 200 100 100
5 4 40 30 100 0 100

1
mtcs

@ -1 +0,0 @@
Subproject commit 3f13e5c0fd0623a9dc7f4b4227be4678fa947531

35
mtcs.manifest.template
View file

@ -1,35 +0,0 @@
# MTCS manifest file example
loader.entrypoint = "file:{{ gramine.libos }}"
libos.entrypoint = "{{ mtcs_dir }}/target/release/mtcs-cli"
loader.log_level = "{{ log_level }}"
loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
loader.env.HOME = "{{ home }}"
loader.argv = ["-v", "-i", "{{ mtcs_dir }}/data/{{ testname }}.csv", "-o", "{{ mtcs_dir }}/data/{{ testname }}.out"]
fs.mounts = [
{ uri = "file:{{ gramine.runtimedir() }}", path = "/lib" },
{ uri = "file:{{ arch_libdir }}", path = "{{ arch_libdir }}" },
{ uri = "file:/usr/{{ arch_libdir }}", path = "/usr{{ arch_libdir }}" },
{ uri = "file:{{ mtcs_dir }}", path = "{{ mtcs_dir }}" },
]
sgx.enclave_size = "512M"
sgx.max_threads = 4
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.trusted_files = [
"file:{{ gramine.libos }}",
"file:{{ mtcs_dir }}/target/release/mtcs-cli",
"file:{{ mtcs_dir }}/data/{{ testname }}.csv",
"file:{{ gramine.runtimedir() }}/",
"file:{{ arch_libdir }}/",
"file:/usr/{{ arch_libdir }}/",
]
sgx.allowed_files = [
"file:{{ mtcs_dir }}/data/{{ testname }}.out",
]