History

LI Qing 1e24dcea6a Modify the protect-integrity tool to print result on file		2021-06-28 21:11:41 +08:00
..
App	Modify the protect-integrity tool to print result on file	2021-06-28 21:11:41 +08:00
Enclave	Modify the protect-integrity tool to print result on file	2021-06-28 21:11:41 +08:00
.gitignore	Add Occlum.json. No more configs hardcoded in code	2019-08-09 09:19:51 +00:00
Enclave.edl	Modify the protect-integrity tool to print result on file	2021-06-28 21:11:41 +08:00
Makefile	Add RPM installer for Occlum and C/C++ toolchains	2020-08-15 19:12:40 +08:00
README.md	Add Occlum.json. No more configs hardcoded in code	2019-08-09 09:19:51 +00:00

README.md

protect-integrity

This is a command-line utility that protects the integrity of a file using the integrity-only mode of SGX Protected File System Library.

Prerequesite

This integrity-only mode is provided by Occlum's fork of Intel SGX SDK, not available on vanilla Intel SGX SDK. So make sure that you have Occlum's fork of Intel SGX SDK installed.

How to Build

To build the project, run the following command

make

To test the project, run the following command

make test

How to Use

To protect an ordinary file, run the following command

./protect-integrity protect <ordinary_file>

which will generate a protected file named <ordinary_file>.protected in the current working directory. The content of <ordinary_file>.protected is the same as <ordinary_file but associated with (a tree of) 128-bit MACs to protect its integrity.

To show the content of a protected file, run the following command

./protect-integrity show <protected_file>

To show the (root) MAC of a protected file, run the following command

./protect-integrity show-mac <protected_file>

Note

This utility is intended to be used in trusted development environment, not untrusted deployment environment.