diff --git a/book.toml b/book.toml index a153fdc..f1f89b8 100644 --- a/book.toml +++ b/book.toml @@ -3,7 +3,7 @@ authors = ["Valentyn Faychuk"] language = "en" multilingual = false src = "src" -title = "DeTEE Public Documentation" +title = "DeTEE Documentation" [output.html] smart-punctuation = true diff --git a/src/README.md b/src/README.md index f7ca074..e47ae2e 100644 --- a/src/README.md +++ b/src/README.md @@ -2,22 +2,28 @@ --- -Welcome to the DeTEE's documentation. DeTEE is a decentralized confidential cloud. It is designed to make deploying Confidential VMs and Containers quick and easy, with the ability to scale up to the complex setups. +Welcome to the DeTEE's documentation. DeTEE is a decentralized confidential cloud. +It is designed to make deploying Confidential VMs and Containers quick and easy, +with the ability to scale up to the complex setups. -Get started with [Installation](./todo.md) and then get an overview with the [Quickstart](./todo.md).\ -There is also a [Hacker Challenge](./hacker_challenge/README.md) if you want to try breaking DeTEE for a reward!\ -DeTEE depends on the [Occlum](https://occlum.readthedocs.io) library for working with Intel SGX, and the [Rust sev crate](https://crates.io/crates/sev) for working with AMD SEV. +Get started with [Installation](./todo.md) and then get an overview with the +[Quickstart](./todo.md).\ +There is also a [Hacker Challenge](./hacker_challenge/README.md) if you want to +try breaking DeTEE for a reward!\ +DeTEE depends on the [Occlum](https://occlum.readthedocs.io) library for working +with Intel SGX, and the [Rust sev crate](https://crates.io/crates/sev) for working +with AMD SEV.
--- The documentation is under active development.\ -If you see any issue, feel free to contact . +If you see any issue, feel free to contact . - [x] Prepare the first version of docs - [x] Add Hacker Challenge - [x] Add docs Autodeploy +- [x] Add contributors - [ ] Add installation steps -- [ ] Add contributors - [ ] Add license - [ ] ... diff --git a/src/hacker_challenge/README.md b/src/hacker_challenge/README.md index dbcecc3..59ad3ed 100644 --- a/src/hacker_challenge/README.md +++ b/src/hacker_challenge/README.md @@ -2,9 +2,10 @@ --- -Hack the wallet 2yKf...Yxpb to unlock the DeTEE prize! Wallet keys are -secured inside every node of the Hacker Challenge cluster, which anybody -can join! No rules - hack the node, seize the keys, win the prize! +Hack the wallet `2znBcwcGnJ7Yo9XtNKZtzpKcdoFwc6rLLaSjosDW6k9N` to unlock the +DeTEE prize! Wallet keys are secured inside every node of the Hacker Challenge +cluster, which anybody can join! No rules - hack the node, seize the keys, win +the prize! ### The main rules of the hacker challenge: - Don't ever send to the hacker challenge wallet what you don't want to lose diff --git a/src/hacker_challenge/hacking.md b/src/hacker_challenge/hacking.md index 1d030ed..d59f6a4 100644 --- a/src/hacker_challenge/hacking.md +++ b/src/hacker_challenge/hacking.md @@ -1,22 +1,24 @@ # How it all works? -This node is part of the DeTEE hacker-challenge, a decentralized wallet that mints the HCT Token. -The private key of the mint authority was generated within the network. The challenge is easy: -Hack the network to get the private key, and all the SOL is yours. We also offer other rewards, including: +The node that you can run is part of the DeTEE hacker-challenge, in other words a +decentralized wallet that mints the DTHC Token. The private key of the mint authority +was generated within the network. The challenge is easy: Hack the network to get the +private key, and all the SOL is yours. We also offer other rewards, including: - a unique NFT - token rewards at after release of the DeTEE token - a seat on the Advisory Board of DeTEE - possible employment at DeTEE -The mint address of the token is: TOKEN_ADDRESS -The mint authority is: MINT_AUTHORITY +The mint address of the token is: `GgzbpwLzFPaNUT2KVBy63XWaWy6uD9JELL9bpbAaJ9aa`\ +The mint authority is: `2znBcwcGnJ7Yo9XtNKZtzpKcdoFwc6rLLaSjosDW6k9N` -In order to mint, the mint authority will need some SOL. Before sending SOL, take into consideration that -DeTEE REPRESENTATIVES DON'T KNOW HOW TO GET THE SOL OUT OF THE NETWORK! +In order to mint, the mint authority will need some SOL. Before sending SOL, take +into consideration that DeTEE REPRESENTATIVES DON'T KNOW HOW TO GET THE SOL OUT OF +THE NETWORK! You can make following requests: -- `/nodes ` <= information about nodes and counters of network activity -- `/mint?address=
` <= mint HCT tokens to the address; the wallet needs SOL for this operation +- `/nodes` <= information about hacker challenge nodes and activity +- `/mint?address=
` <= mints 1 DTHC to a given address -If you were able to get the SOL out of the wallet, please contact , -The code of the challenge can be found at https://gitea.detee.cloud/general/hacker-challenge +If you were able to get the SOL out of the wallet, please contact .\ +The code of the challenge can be found at diff --git a/src/hacker_challenge/how_it_works.md b/src/hacker_challenge/how_it_works.md deleted file mode 100644 index 4ed8307..0000000 --- a/src/hacker_challenge/how_it_works.md +++ /dev/null @@ -1 +0,0 @@ -# How it works? diff --git a/src/hacker_challenge/network.md b/src/hacker_challenge/network.md index 5ddc1d7..a12e17b 100644 --- a/src/hacker_challenge/network.md +++ b/src/hacker_challenge/network.md @@ -1,11 +1,22 @@ # More about the network -Each node in the network runs inside an enclave. The enclave is a program that operates in a trusted execution environment (TEE). Memory of programs within the enclave can not be inspected from outside the enclave. Programs within the enclave have access to sources of entropy that cannot be predicted from outside. Programs can also access reproducible secrets that they can use to seal[^1] persistent data. Each enclave has a certain set of measurements, consisting of all the data required for the program to run (instructions, configuration, etc.). A running program can generate a quote that can be used to verify the measurements and legitimacy of the hardware it's running on. +Each node in the network runs inside an enclave. The enclave is a program that operates +in a trusted execution environment (TEE). Memory of programs within the enclave can +not be inspected from outside the enclave. Programs within the enclave have access +to sources of entropy that cannot be predicted from outside. Programs can also access +reproducible secrets that they can use to seal[^1] persistent data. Each enclave has +a certain set of measurements, consisting of all the data required for the program to +run (instructions, configuration, etc.). A running program can generate a quote that +can be used to verify the measurements and legitimacy of the hardware it's running on. -Assuming there are no vulnerabilities in any of the mentioned hardware features, and our node implementation has none either, it should be practically impossible to steal the SOL from the network wallet because: +Assuming there are no vulnerabilities in any of the mentioned hardware features, and +our node implementation has none either, it should be practically impossible to steal +the SOL from the network wallet because: - wallet key is generated with the enclave's source of entropy - nobody can inspect the memory that contains the key -- nodes verify the quote of each peer and refuse connections if quote measurements don't match their own +- nodes verify the quote of each peer and refuse connections if quote measurements + don't match their own - node seals[^1] all persistent data saved to disk with the enclave's key -[^1]: uses symmetric encryption to encrypt some data before exposing it to untrusted environment to later recover the data by decrypting +[^1]: uses symmetric encryption to encrypt some data before exposing it to untrusted +environment to later recover the data by decrypting. diff --git a/src/hacker_challenge/prerequisites.md b/src/hacker_challenge/prerequisites.md index e80fd80..836a430 100644 --- a/src/hacker_challenge/prerequisites.md +++ b/src/hacker_challenge/prerequisites.md @@ -1,10 +1,13 @@ # Prerequisites -For running the Hacker Challenge you need a VM with Intel processor that supports SGX1/2, check [supported processors](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions-processors.html). You may also rent a VM, see [RedSwitches](redswitches.com) or [Hetzner](hetzner.com). Public IP is not mandatory to participate. +For running the Hacker Challenge you need a VM with Intel processor that supports +SGX1/2, check [supported processors](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions-processors.html). +You may also rent a VM, see [RedSwitches](redswitches.com) or [Hetzner](hetzner.com). +Public IP is not mandatory to participate. -Make sure you enabled SGX in BIOS. Just do `cpuid | grep -i sgx` to see if SGX is enabled. -Make sure you also have kernel above v5.13 to get a built-in SGX DCAP driver. -Final step is to add the symlinks for the sgx devices. +Make sure you enabled SGX in BIOS. Just do `cpuid | grep -i sgx` to see if SGX is enabled.\ +Make sure you also have kernel above v5.13 to get a built-in SGX DCAP driver.\ +Final step is to add the symlinks for the sgx devices: ```bash sudo mkdir -p /dev/sgx diff --git a/src/hacker_challenge/quick_start.md b/src/hacker_challenge/quick_start.md index f6ff2a4..56f230f 100644 --- a/src/hacker_challenge/quick_start.md +++ b/src/hacker_challenge/quick_start.md @@ -1,17 +1,19 @@ # Quick Start -Hacker challenge works as a cluster that anybody can join. -To join a cluster you need to run the DeTEE Hacker Challenge node (for simplicity we call it dthc): +Before proceeding, make sure you have met the [prerequisites](./prerequisites.md).\ +Hacker challenge works as a cluster that anybody can join. To join a cluster you need +to run the DeTEE Hacker Challenge node (for simplicity we call it dthc): ```bash docker run --device /dev/sgx/enclave --device /dev/sgx/provision --env INIT_NODES="212.95.45.139 46.165.199.12 184.107.183.210" -v /tmp/dthc:/challenge/main -p 80:31372 -p 31373:31373 -d --name dthc detee/hacker-challenge:latest ``` Note. -- devices are mandatory to give node the access to the SGX driver -- `INIT_NODES` are current nodes (we update them) so that your node can download Solana keys from cluster +- the devices are mandatory to give node the access to the SGX driver +- `INIT_NODES` are current nodes so that your node can interact with the cluster, + we keep them up to date - in the /tmp/dthc you will find the file where the node writes Solana keys, it's called `TRY_TO_HACK_THIS` - port 31373 is needed if you have a public IP and want other nodes to connect to you -- port 80 is the web interface of your node, it has `/nodes`, `/metrics` and `/mint
` endpoints +- port 80 is the web interface of your node, it has `/nodes`, `/metrics` and `/mint?address=...` endpoints After your node has started, feel free to start exploring logs in `docker logs ` and /tmp/dthc/logs