harald/nixsgx
1
0
Fork 0
mirror of https://github.com/matter-labs/nixsgx.git synced 2025-07-20 23:23:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
Reproducible Nix packages for TEEs
99 commits 6 branches 0 tags 340 KiB
Find a file
Harald Hoyer 9a35ad60ad
fix: get rid of /dev/ in containers 
`enableFakechroot = true` somehow triggered the inclusion of `/dev`.

Some fake chroots included `/dev/kvm` with different permissions,
so the produced container was not the same.

As this fake chroot is not needed anymore with using `--chroot` for `gramine-sgx-sign`,
it can be turned off.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2024-07-02 12:12:22 +02:00
.github chore(deps): update trufflesecurity/trufflehog action to v3.79.0 2024-07-01 14:15:08 +00:00
overlays/nixsgxLib fix: get rid of /dev/ in containers 2024-07-02 12:12:22 +02:00
packages feat: use overlay to specify mkSGXContainer 2024-07-01 16:06:23 +02:00
.gitignore feat: add GRAMINE_DIRECT 2024-06-14 20:43:03 +02:00
COPYING feat: initial commit 2024-02-07 11:25:05 +01:00
flake.lock chore: Migrate from cachix to Attic in nix and github workflows 2024-07-01 14:00:14 +02:00
flake.nix chore: Migrate from cachix to Attic in nix and github workflows 2024-07-01 14:00:14 +02:00
README.md docs: add teepot link 2024-03-22 13:39:13 +01:00

README.md

nixsgx

This repository contains a Nix flake with up2date packages for the Intel SGX SDK and gramine.

Hopefully most of the packages will be upstreamed to nixpkgs at some point.

All package builds should be reproducible and therefore can be used to build reproducible enclave images.

Usage

See: https://github.com/matter-labs/teepot and https://github.com/haraldh/docker-era-fee-withdrawer