History

Tate, Hongliang Tian d77c21f98c Add a command-line interface tool named occlum 1. All generated, build files are now in a separate build directory; 2. The CLI tool supports three sub-commands: init, build, and run; 3. Refactor tests to use the new tool.		2019-08-28 06:05:12 +00:00
..
App	Add a command-line interface tool named occlum	2019-08-28 06:05:12 +00:00
Enclave	Add Occlum.json. No more configs hardcoded in code	2019-08-09 09:19:51 +00:00
.gitignore	Add Occlum.json. No more configs hardcoded in code	2019-08-09 09:19:51 +00:00
Makefile	Add Occlum.json. No more configs hardcoded in code	2019-08-09 09:19:51 +00:00
README.md	Add Occlum.json. No more configs hardcoded in code	2019-08-09 09:19:51 +00:00

README.md

protect-integrity

This is a command-line utility that protects the integrity of a file using the integrity-only mode of SGX Protected File System Library.

Prerequesite

This integrity-only mode is provided by Occlum's fork of Intel SGX SDK, not available on vanilla Intel SGX SDK. So make sure that you have Occlum's fork of Intel SGX SDK installed.

How to Build

To build the project, run the following command

make

To test the project, run the following command

make test

How to Use

To protect an ordinary file, run the following command

./protect-integrity protect <ordinary_file>

which will generate a protected file named <ordinary_file>.protected in the current working directory. The content of <ordinary_file>.protected is the same as <ordinary_file but associated with (a tree of) 128-bit MACs to protect its integrity.

To show the content of a protected file, run the following command

./protect-integrity show <protected_file>

To show the (root) MAC of a protected file, run the following command

./protect-integrity show-mac <protected_file>

Note

This utility is intended to be used in trusted development environment, not untrusted deployment environment.