nologies/cycles-quartz
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Get tonic-rs to run inside SGX

Browse source
This commit is contained in:
hu55a1n1 2024-02-20 04:40:02 -08:00
parent 665e7571bf
commit c15d67fe71
4 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
enclaves/quartz/Dockerfile
View file

@ -1,12 +1,13 @@
FROM gramineproject/gramine:v1.5 FROM gramineproject/gramine:v1.5
RUN apt-get update && apt-get install -y jq build-essential RUN apt-get update && apt-get install -y jq build-essential protobuf-compiler libprotobuf-dev
WORKDIR /workdir WORKDIR /workdir
RUN curl https://sh.rustup.rs -sSf | bash -s -- -y RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
ENV PATH="/root/.cargo/bin:${PATH}" ENV PATH="/root/.cargo/bin:${PATH}"
RUN rustup toolchain install 1.72.0 RUN rustup toolchain install 1.72.0
#ENV RUST_BACKTRACE=1
RUN gramine-sgx-gen-private-key RUN gramine-sgx-gen-private-key

12
enclaves/quartz/README.md
View file

@ -1 +1,13 @@
## Quartz enclave ## Quartz enclave
```bash
docker build . --tag quartz
docker run -it \
--device /dev/sgx_enclave \
--device /dev/sgx_provision \
-v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \
-v ./data:/workdir/data \
quartz bash
is-sgx-available
gramine-sgx ./quartz
```

3
enclaves/quartz/quartz.manifest.template
View file

@ -28,6 +28,7 @@ fs.mounts = [
{ uri = "file:{{ quartz_dir }}", path = "{{ quartz_dir }}" }, { uri = "file:{{ quartz_dir }}", path = "{{ quartz_dir }}" },
] ]
# sgx.debug = true
sgx.enclave_size = "512M" sgx.enclave_size = "512M"
sgx.max_threads = 4 sgx.max_threads = 4
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
@ -48,3 +49,5 @@ sgx.allowed_files = [
"file:{{ quartz_dir }}/exchange.sk", "file:{{ quartz_dir }}/exchange.sk",
"file:{{ quartz_dir }}/request.json", "file:{{ quartz_dir }}/request.json",
] ]
sys.insecure__allow_eventfd = true

2
enclaves/quartz/src/main.rs
View file

@ -23,7 +23,7 @@ use crate::{proto::quartz::core_server::CoreServer, server::CoreService};
#[tokio::main] #[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> { async fn main() -> Result<(), Box<dyn std::error::Error>> {
let addr = "[::1]:50051".parse()?; let addr = "127.0.0.1:9090".parse()?;
let core_service = CoreService::default(); let core_service = CoreService::default();
Server::builder() Server::builder()