sealing script

2024-10-20 05:24:04 +03:00 · 2024-10-20 05:24:04 +03:00 · 966819d0e6
commit 966819d0e6
parent 8533a53f19
1 changed files with 35 additions and 0 deletions
--- a/build_sealing.sh
+++ b/build_sealing.sh
@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+SCRIPT=$0
+EXEC=$1
+
+occlum-cargo build --release --example sealing --features="occlum"
+strip target/x86_64-unknown-linux-musl/release/examples/sealing
+
+cat > sealing.yaml <<EOF
+includes:
+  - base.yaml
+targets:
+  - target: /bin
+    copy:
+      - files:
+        - ../target/x86_64-unknown-linux-musl/release/examples/sealing
+  - target: /lib
+    copy:
+      - files:
+        - /opt/occlum/toolchains/dcap_lib/musl/libocclum_dcap.so.0.1.0
+EOF
+
+rm -rf sealing_instance && mkdir sealing_instance && cd sealing_instance
+occlum init && rm -rf image
+cp ../Occlum.json ./
+copy_bom -f ../sealing.yaml --root image --include-dir /opt/occlum/etc/template
+# TODO: "--enable-edmm Y" must be only for platforms that support SGX2
+# TODO: make sure the bundle needs SGX2 to run since SGX1 is vulnerable to https://x.com/PratyushRT/status/1828183761055330373
+occlum build --sign-key ../examples/signing_key.pem
+occlum package sealing.tar.gz
+
+if [ "$EXEC" == "--run" ]; then
+    occlum run /bin/sealing
+fi