general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e75c10ba79
occlum/demos/remote_attestation/epid/README.md
He Sun ba630d3cae Move the EPID RA demo code to the epid folder 
Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
2021-07-20 11:17:09 +08:00

37 lines
1.3 KiB
Markdown
Raw Blame History

# SGX EPID Remote Attestation Demo
This project demonstrates how to do Intel SGX EPID (Enhanced Privacy ID) remote attestation on Occlum.
In a nutshell, Occlum provides SGX capabilities to user apps through ioctls on a special device (`/dev/sgx`).
To hide the low-level details of ioctls from user apps, a user-friendly, remote attestation library is provided in this demo.
**Prerequisites.** This demo needs to access Intel Attestation Service (IAS). To do this,
a developer needs to contact Intel to obtain a Service Provider ID (SPID) and the associated
Access Key from [here](https://api.portal.trustedservices.intel.com/EPID-attestation).
After obtaining the SPID and Access Key, fill them in the config file `conf/ra_config.json` as shown below:
```
{
"ias_url": "https://api.trustedservices.intel.com/sgx/dev/attestation/v4",
"ias_access_key": "<YourAccessKey>",
"enclave_spid": "<YourSPID>"
}
```
**NOTE:** The URL, SPID and Access Key above vary depending whether it is for development or production
**Step 1.** Build this demo
Build the code in debug mode with "--debug", otherwise it's in Relese mode by default.
```
./download_and_build.sh [--debug]
```
**Step 2.** Run this demo on Occlum
Build the occlum image and run the RA test application. Log level is "off" by default.
```
./run_on_occlum.sh [off|trace]
```
Reference in New Issue View Git Blame Copy Permalink