From 0b72b7040993d24d89be179cff4ce5d82b75f996 Mon Sep 17 00:00:00 2001
From: ozwaldorf <self@ossian.dev>
Date: Wed, 13 Nov 2024 13:03:53 -0500
Subject: [PATCH 1/2] feat(sgxGramineContainer): expose maxLayers argument from
 image builder

---
 overlays/libTee/sgxGramineContainer.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/overlays/libTee/sgxGramineContainer.nix b/overlays/libTee/sgxGramineContainer.nix
index e275a66..fa308e7 100644
--- a/overlays/libTee/sgxGramineContainer.nix
+++ b/overlays/libTee/sgxGramineContainer.nix
@@ -22,6 +22,7 @@
 , sigFile ? null
 , extendedPackages ? [ ]
 , customRecursiveMerge ? null
+, maxLayers ? 100
 }:
 assert lib.assertMsg (!(isAzure && sgx_default_qcnl_conf != null)) "sgx_default_qcnl_conf can't be set for Azure";
 let
@@ -201,6 +202,7 @@ let
         inherit tag;
         inherit contents;
         inherit fromImage;
+        inherit maxLayers;
 
         includeStorePaths = false;
         extraCommands = (mkNixStore contents) + ''
@@ -231,6 +233,7 @@ let
           inherit config;
           inherit tag;
           inherit fromImage;
+          inherit maxLayers;
 
           includeStorePaths = false;
           extraCommands = ''
@@ -247,6 +250,7 @@ let
         inherit tag;
         inherit config;
         inherit fromImage;
+        inherit maxLayers;
         contents = extendedContents;
       };
 in

From 5a500fed47b98050079933b87c076e04fe254d69 Mon Sep 17 00:00:00 2001
From: ozwaldorf <self@ossian.dev>
Date: Thu, 14 Nov 2024 11:49:15 -0500
Subject: [PATCH 2/2] docs: add test enclave usage examples, move reference
 repos to their own subsection

---
 README.md | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 821da8a..76149b8 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # nixsgx
 
-This repository contains a Nix flake with up2date packages for the Intel SGX SDK and gramine.
+This repository contains a Nix flake with up-to-date packages for the Intel SGX SDK and gramine.
 
 Hopefully most of the packages will be upstreamed to nixpkgs at some point.
 
@@ -8,5 +8,29 @@ All package builds should be reproducible and therefore can be used to build rep
 
 ## Usage
 
-See: https://github.com/matter-labs/teepot
-and https://github.com/matter-labs/era-fee-withdrawer/tree/gramine-sgx
+### Test enclave
+
+A testing enclave container is provided and can be ran like so:
+
+```sh
+# Build the dcap (or azure) container variant
+nix build .#nixsgx-test-sgx-dcap
+
+# Load image into docker
+docker load < result
+
+# Run the enclave, binding the sgx devices
+docker run -i --init --rm \
+  --device /dev/sgx_enclave \
+  --device /dev/sgx_provision \
+  nixsgx-test-sgx-dcap:latest
+```
+
+> Note: An external aesmd instance can be provided by mounting the socket to the container: `-v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket`
+
+### Reference projects
+
+The following projects provide reproducible enclaves using nixsgx:
+
+- https://github.com/matter-labs/teepot
+- https://github.com/matter-labs/era-fee-withdrawer/tree/gramine-sgx