Skip to content

Latest commit

 

History

History
116 lines (93 loc) · 5.44 KB

README.md

File metadata and controls

116 lines (93 loc) · 5.44 KB

Automata SGX Scaffold

Automata SGX SDK

This is a scaffold for creating an SGX enclave with Rust. It shows how to build an enclave based on the Automata SGX SDK, which makes it easier for developers to get started with SGX. The project contains the basic guide for the following scenarios:

  • Call the code inside the enclave via ECALL
  • Call the code outside the enclave via OCALL
  • Use libraries inside the enclave
  • Generate DCAP attestation report

Project Structure

├── app: The main application
│ ├── sgx: Configurations for the enclave
│ │ ├── config.xml: Developer defined parameters of the enclave
│ │ ├── enclave.edl: Enclave Definition Language file defining the enclave interface
│ │ ├── enclave.lds: Linker script for the enclave
│ │ └── private.pem: Developer key used to sign the enclave, do not use this key to sign your enclave in production, please use your own key
│ ├── src/main.rs: Main entrypoint for the application
│ └── build.rs: Builder code used to build the application, you don't need change it
├── enclave: The SGX enclave implementation
│ └── lib.rs: Main library file for the enclave implementation
├── mock-lib: A mock library which is called by the enclave via OCALL
│ └── lib.rs: Main library file for the mock library implementation

Your First Enclave

Following the steps below to create your first enclave.

  1. Modify the enclave/src/lib.rs file to add your business logic. You can use other libraries just like writing a normal Rust program. Refer to the usage of serde_json as an example.
  2. Update the app/sgx/enclave.edl file if you need to change the ECALL interface or add new ECALLs.
  3. Refer to the usage mock-lib if you want to use libraries via OCALL. For example, you need to use a library that use instructions not allowed(such as CPUID or GETSEC) in enclave.

Refer to the Automata DCAP Attestation repo for more details about verification of the DCAP attestation.

Building the Enclave

Prerequisites

In order to build the enclave, you need to have a sgx-supported machine.

If you have a machine with SGX support, please check the version of your SGX and DCAP SDK. The latest version supported by Automata SGX SDK can be found here.

If you don't have a machine with SGX support, we recommend you to create a DCsv3 instance in Azure. Please refer to the docker folder for the list of supported systems and create the instance using one of these systems. You can either install the SGX and DCAP SDK manually by following the steps outlined in the Dockerfile, or alternatively, you can use Docker to build and run the enclave directly.

Build mannually

You need to have a sgx-supported machine with SGX and DCAP SDK installed to build the enclave manually.

Clone the repository

git clone https://github.com/automata-network/sgx-scaffold.git
cd sgx-scaffold

You can click the Use this template button to create a new repository.

Install cargo-sgx

cargo install cargo-sgx

Once you have installed cargo-sgx, you can check the help menu to see the available commands.

cargo sgx --help

Generate new signing key

cargo sgx gen-key app/sgx/private.pem

Build the Enclave

cargo sgx build

or you can run the enclave directly

cargo sgx run

You can find the executable file in ./target/debug or ./target/release directory.

Build with Docker

You need to have a sgx-supported machine to build the enclave with docker. Make sure you got the docker and docker-compose installed.

Build image for ubuntu 20.04

$ cd docker/ubuntu-20.04
$ docker compose build

Build image for ubuntu 22.04

$ cd docker/ubuntu-22.04
$ docker compose build

We also have the prebuilt docker image in here

Run with Docker

Run image for ubuntu 20.04

$ cd docker/ubuntu-20.04
$ docker compose run sgx-scaffold

Run image for ubuntu 22.04

$ cd docker/ubuntu-22.04
$ docker compose run sgx-scaffold