Get tonic-rs to run inside SGX

2024-02-20 04:40:02 -08:00 · 2024-02-20 04:40:02 -08:00 · c15d67fe71
commit c15d67fe71
parent 665e7571bf
4 changed files with 18 additions and 2 deletions
--- a/enclaves/quartz/Dockerfile
+++ b/enclaves/quartz/Dockerfile
@ -1,12 +1,13 @@
 FROM gramineproject/gramine:v1.5

-RUN apt-get update && apt-get install -y jq build-essential
+RUN apt-get update && apt-get install -y jq build-essential protobuf-compiler libprotobuf-dev

 WORKDIR /workdir

 RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
 ENV PATH="/root/.cargo/bin:${PATH}"
 RUN rustup toolchain install 1.72.0
+#ENV RUST_BACKTRACE=1

 RUN gramine-sgx-gen-private-key

--- a/enclaves/quartz/README.md
+++ b/enclaves/quartz/README.md
@ -1 +1,13 @@
 ## Quartz enclave
+
+```bash
+docker build . --tag quartz
+docker run -it \
+      --device /dev/sgx_enclave \
+      --device /dev/sgx_provision \
+       -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \
+       -v ./data:/workdir/data \
+       quartz bash
+is-sgx-available
+gramine-sgx ./quartz
+```
--- a/enclaves/quartz/quartz.manifest.template
+++ b/enclaves/quartz/quartz.manifest.template
@ -28,6 +28,7 @@ fs.mounts = [
  { uri = "file:{{ quartz_dir }}", path = "{{ quartz_dir }}" },
 ]

+# sgx.debug = true
 sgx.enclave_size = "512M"
 sgx.max_threads = 4
 sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
@ -48,3 +49,5 @@ sgx.allowed_files = [
  "file:{{ quartz_dir }}/exchange.sk",
  "file:{{ quartz_dir }}/request.json",
 ]
+
+sys.insecure__allow_eventfd = true
--- a/enclaves/quartz/src/main.rs
+++ b/enclaves/quartz/src/main.rs
@ -23,7 +23,7 @@ use crate::{proto::quartz::core_server::CoreServer, server::CoreService};

 #[tokio::main]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
-    let addr = "[::1]:50051".parse()?;
+    let addr = "127.0.0.1:9090".parse()?;
    let core_service = CoreService::default();

    Server::builder()