noormohammedb/hacker-challenge-sgx-general
1
0
Fork 0
forked from general/hacker-challenge
Code Pull Requests Activity
855e9ab28b
hacker-challenge-sgx-general/README.md

2.2 KiB
Raw Blame History

Welcome to the HACKER CHALLENGE

Building and packaging the challenge

The host can be without SGX support. To build and package the challenge you will need the docker environment. Do the following steps to build the challenge:

# Notice that there is no SGX device mounted, run inside rewrite directory
docker run --rm --name packager -it -v .:/root/rewrite occlum/occlum:latest-ubuntu20.04
# Inside the docker container run package.sh and follow its instructions
cd /root/rewrite && ./scripts/package.sh --prep
exit # Feel free to exit the container

Testing the challenge

To test the challenge you will need the SGX support.

# this will boot few containers containing servers that will replicate the private key generated by one of the nodes
./scripts/testnet.sh
# to interact with the servers list the ports
docker container list
# pick some node and
curl localhost:your-port
# node will respond with a homepage with more information

The node homepage source is also here.

Production build

./scripts/build-container.sh

Contributing to the challenge

Don't forget to run cargo clippy and cargo fmt before submitting a PR.

Known issues

  1. If you create a new node as a root and it will create the private key and save it to the disk, it will remain sealed and when the node will restart and try to join the rest of the network, it will still use the private key from the disk for minting and sharing.
  2. If you run the hacker challenge on the Out Of Life processors you may have a privilege to run certain attacks, for instance check (this article)[https://x.com/PratyushRT/status/1828183761055330373].
  3. The challenge is compiled using the HW mode, not HYPER so it may not work on some cloud providers, like Azure Intel SGX VMs (needs more testing).
  4. The performance and stability of the challenge is not at its theoretical peak as the challenge was done mostly as a poc and was not meant to be infinitely scalable or very performant.
  5. The challenge is not mutable once deployed, which means that it will remain secure for as long as the community will not find a new vulnerability in SGX.