harald/nixsgx
1
0
Fork 0
mirror of https://github.com/matter-labs/nixsgx.git synced 2025-07-20 23:23:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into gramine-v1.8

Browse source
This commit is contained in:
Harald Hoyer 2024-11-19 23:08:47 +07:00 committed by GitHub
commit 86524f9b3b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 31 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

30
README.md
View file

@ -1,6 +1,6 @@
# nixsgx
This repository contains a Nix flake with up2date packages for the Intel SGX SDK and gramine.
This repository contains a Nix flake with up-to-date packages for the Intel SGX SDK and gramine.
Hopefully most of the packages will be upstreamed to nixpkgs at some point.
@ -8,5 +8,29 @@ All package builds should be reproducible and therefore can be used to build rep
## Usage
See: https://github.com/matter-labs/teepot
and https://github.com/matter-labs/era-fee-withdrawer/tree/gramine-sgx
### Test enclave
A testing enclave container is provided and can be ran like so:
```sh
# Build the dcap (or azure) container variant
nix build .#nixsgx-test-sgx-dcap
# Load image into docker
docker load < result
# Run the enclave, binding the sgx devices
docker run -i --init --rm \
--device /dev/sgx_enclave \
--device /dev/sgx_provision \
nixsgx-test-sgx-dcap:latest
```
> Note: An external aesmd instance can be provided by mounting the socket to the container: `-v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket`
### Reference projects
The following projects provide reproducible enclaves using nixsgx:
- https://github.com/matter-labs/teepot
- https://github.com/matter-labs/era-fee-withdrawer/tree/gramine-sgx

4
overlays/libTee/sgxGramineContainer.nix
View file

@ -22,6 +22,7 @@
, sigFile ? null
, extendedPackages ? [ ]
, customRecursiveMerge ? null
, maxLayers ? 100
}:
assert lib.assertMsg (!(isAzure && sgx_default_qcnl_conf != null)) "sgx_default_qcnl_conf can't be set for Azure";
let
@ -201,6 +202,7 @@ let
inherit tag;
inherit contents;
inherit fromImage;
inherit maxLayers;
includeStorePaths = false;
extraCommands = (mkNixStore contents) + ''
@ -233,6 +235,7 @@ let
inherit config;
inherit tag;
inherit fromImage;
inherit maxLayers;
includeStorePaths = false;
extraCommands = ''
@ -249,6 +252,7 @@ let
inherit tag;
inherit config;
inherit fromImage;
inherit maxLayers;
contents = extendedContents;
};
in