## Gramine experiments using MTCS This is a Dockerfile for replaying the mtcs experiment in gramine, starting from the manifest file from https://github.com/informalsystems/cofi-private/issues/104 The starting point for the Dockerfile is the Gramine-based from Revm Relay hackathon. https://github.com/amiller/gramine-sgx-revm/ The point of this is to emphasize the verification process that can be completed even without SGX, by reproducing the MRENCLAVE and inspecting remote attestation quotes. ## Init the git submodules This repo references mtcs as a submodule, but the Dockerfile simply copies mtcs from the current directory. So don't forget to have git apply the submodules when cloning the repo ```bash git submodule update --init --recursive ``` ## Replicating the MRENCLAVE build (no SGX required The following will build mtcs, then freeze all dependencies from the docker environment into the gramine manifest, and finally display the resulting MRENCLAVE ```bash docker build . --tag mtcs docker run mtcs ``` Let's see how long this remains reproducible: ``` mr_enclave: fa9149158c693b09e83480b48c2e7344c941aadca6d5829834f2af9f2690435e ``` ## Execution on an SGX machine This is tested on a local SGX machine, not Azure ```bash docker run -it --device /dev/sgx_enclave \ -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \ -v ./data:/workdir/data \ mtcs bash is-sgx-available gramine-sgx ./mtcs cat mtcs/data/micro-set-offs.out ```