This is the Cipher ParaTime, an official Oasis Protocol Foundation's ParaTime for the Oasis Network built using the Oasis SDK.
- This ParaTime currently depends on an unreleased version of Oasis SDK.
- The code has not yet been audited.
The non-SGX variant is a regular ELF binary that can be used by Oasis nodes without SGX support to operate as client nodes.
This allows (non-SGX) Oasis nodes to interact with the Cipher ParaTime (e.g. perform non-confidential queries and validate transactions they send out) but they cannot participate in the execution of Cipher ParaTime's transactions and they cannot see its confidential state.
Ensure you have Rust and rustup installed on your system. For more details, see Oasis Core's Development Setup Prerequisites documentation, the Rust section.
The version of the Rust toolchain we use for the Cipher ParaTime is specified in the rust-toolchain file.
The rustup-installed versions of cargo
, rustc
and other tools will
automatically detect this file and use the appropriate version of the Rust
toolchain when invoked from the Cipher ParaTime git
checkout directory.
To install the appropriate version of the Rust toolchain, make sure you are in an Cipher ParaTime git checkout directory and run:
rustup show
This will automatically install the appropriate Rust toolchain (if not present) and output something similar to:
...
active toolchain
----------------
nightly-2021-08-17-x86_64-unknown-linux-gnu (overridden by '/code/rust-toolchain')
rustc 1.56.0-nightly (0035d9dce 2021-08-16)
Then add the Fortanix SGX Rust target to this version of the Rust toolchain by running:
rustup target add x86_64-fortanix-unknown-sgx
Building Cipher ParaTime requires the following system packages:
NOTE: On Ubuntu/Debian systems, compiling wasm3-rs crates when building the
SGX binary requires having the gcc-multilib
package installed.
On Fedora 35+, you can install the above with:
sudo dnf install gcc clang
On Ubuntu 20.04+, you can install the above with:
sudo apt install gcc gcc-multilib clang
Mock SGX allows a developer to run the Cipher ParaTime binary without performing the attestation and requiring actual SGX hardware. While you can't connect to a production Mainnet or Testnet with such a setup, it is useful for testing Cipher locally and/or testing dApps that require Cipher-specific features, for example in the CI environments.
To build the unsafe, mock SGX binary of the Cipher ParaTime for Localnet checkout the appropriate version and run:
export OASIS_UNSAFE_SKIP_AVR_VERIFY=1 OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES=1
cargo build --release --features debug-mock-sgx
The resulting ELF binary is located at target/release/cipher-paratime
.
NOTE: The mock SGX binary is dynamically linked so it may not be portable between machines with different versions of shared libraries.
To build the SGX binary of the Cipher ParaTime, checkout the appropriate version and run:
cargo build --release --target x86_64-fortanix-unknown-sgx
cargo elf2sgxs --release
The resulting SGX binary is located at
target/x86_64-fortanix-unknown-sgx/release/cipher-paratime.sgxs
.
NOTE: The SGX binary is always statically linked so it doesn't exhibit the portability issues the ELF binary has.