From f5cf3fff446a7f143e90674e64e643ec1a1c2878 Mon Sep 17 00:00:00 2001 From: Valentyn Faychuk Date: Sun, 8 Sep 2024 22:56:02 +0300 Subject: [PATCH] added steps to build on non-SGX host --- README.md | 47 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 898eb59..686fef2 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ and use the following command: 83E8A0C3ED045D9747ADE06C3BFC70FCA661A4A65FF79A800223621162A88B76 ``` -## Docker Occlum runtime +## Docker installation To run the project in Docker, you need to install the docker first. On Ubuntu, you can use the following commands: @@ -52,27 +52,46 @@ sudo usermod -aG docker $USER newgrp docker ``` -Next run the occlum image in the docker environment: +## Occlum docker instance + +### On the build host (without SGX) + +Run the occlum image in the docker environment: ```bash -docker run --rm -it --device /dev/sgx/enclave --device /dev/sgx/provision -v /path/to/occlum-ratls:/root/occlum-ratls occlum/occlum:latest-ubuntu20.04 - -# Inside the docker container do env preparation +# Notice that there is no SGX device mounted +docker run --rm -it -v /path/to/occlum-ratls:/root/occlum-ratls occlum/occlum:latest-ubuntu20.04 +# Inside the docker container do env preparation to build the image rustup install stable-x86_64-unknown-linux-gnu rustup default stable rustup target add x86_64-unknown-linux-musl -# edit /etc/sgx_default_qcnl.conf, so that the PCCS URL is set correctly -# "pccs_url": "https://api.trustedservices.intel.com/sgx/certification/v4/" -cd /root/occlum-ratls -./build_server.sh grpcs --run - -# In another terminal exec /bin/bash into the same container -cd /root/occlum-ratls -./build_client.sh grpcs --run +# Build the server and the client +cd occlum-ratls +./build_server.sh grpcs +./build_client.sh grpcs ``` -## Running Examples +This will produce 2 signed bundles, `server_instance/server.tar.gz` and `client_instance/client.tar.gz`. + +### On the run host (with SGX) + +```bash +docker run --rm -it --device /dev/sgx/enclave --device /dev/sgx/provision -v /path/to/tars:/root/run occlum/occlum:latest-ubuntu20.04 +# IMPORTANT, edit /etc/sgx_default_qcnl.conf, so that the PCCS URL is set correctly +# "pccs_url": "https://api.trustedservices.intel.com/sgx/certification/v4/" + +# Unpack the server and the client +cd run +tar -xzvf server.tar.gz +tar -xzvf client.tar.gz + +# Run the server and the client (in two different terminals) +cd server && occlum run /bin/mratls_grpcs_server +cd client && occlum run /bin/mratls_grpcs_client +``` + +## Running Examples on the SGX host (locally) Before running make sure you have installed the Occlum and the SGX driver. You should also have the Occlum Rust toolchain installed to get `occlum-cargo`.