86d11e9d44
This commits consists of three major changes: 1. Support a new interface to get the base64 quote only. This is useful in the case that application sends the quote to service provider server and get the final IAS report there. The application itself doesn't depend on IAS in this case. 2. Improve the C++ programming style. Now, we only provide C++ classes and limited C APIs(for configuration and sgx device). 3. Use the more general keywords as names prefix. Signed-off-by: Junxian Xiao <junxian.xjx@antfin.com>
37 lines
1.3 KiB
Markdown
37 lines
1.3 KiB
Markdown
# SGX Remote Attestation Demo
|
|
|
|
This project demonstrates how to do remote attestation on Occlum.
|
|
|
|
In a nutshell, Occlum provides SGX capabilities to user apps through ioctls on a special device (`/dev/sgx`).
|
|
To hide the low-level details of ioctls from user apps, a user-friendly, remote attestation library is provided in this demo.
|
|
|
|
**Prerequisites.** This demo needs to access Intel Attestation Service (IAS). To do this,
|
|
a developer needs to contact Intel to obtain a Service Provider ID (SPID) and the associated
|
|
Access Key from [here](https://api.portal.trustedservices.intel.com/EPID-attestation).
|
|
After obtaining the SPID and Access Key, fill them in the config file `conf/ra_config.json` as shown below:
|
|
|
|
```
|
|
{
|
|
"ias_url": "https://api.trustedservices.intel.com/sgx/dev/attestation/v4",
|
|
"ias_access_key": "<YourAccessKey>",
|
|
"enclave_spid": "<YourSPID>"
|
|
}
|
|
```
|
|
|
|
**NOTE:** The URL, SPID and Access Key above vary depending whether it is for development or production
|
|
|
|
**Step 1.** Build this demo
|
|
|
|
Build the code in debug mode with "--debug", otherwise it's in Relese mode by default.
|
|
```
|
|
./download_and_build.sh [--debug]
|
|
```
|
|
|
|
**Step 2.** Run this demo on Occlum
|
|
|
|
Build the occlum image and run the RA test application. Log level is "off" by default.
|
|
```
|
|
./run_on_occlum.sh [off|trace]
|
|
```
|
|
|