Merge pull request #250 from matter-labs/preexec-test

feat(tee-key-preexec): add test container for tee-key-preexec
2025-07-21 07:03:56 +02:00 · 2025-01-15 16:01:59 +01:00 · 2025-01-15 16:01:59 +01:00 · e5cca31ac0
commit e5cca31ac0
parent e649fdab87 99037ceb6c
1 changed files with 38 additions and 0 deletions
--- a/packages/container-tee-key-preexec-dcap/default.nix
+++ b/packages/container-tee-key-preexec-dcap/default.nix
@ -0,0 +1,38 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+{ teepot
+, pkgs
+, bash
+, coreutils
+, container-name ? "teepot-key-preexec-dcap"
+, tag ? null
+}: let
+  entrypoint = "${bash}/bin/bash";
+in
+pkgs.lib.tee.sgxGramineContainer {
+  name = container-name;
+  inherit tag entrypoint;
+
+  packages = [ teepot.teepot.tee_key_preexec coreutils bash ];
+
+  manifest = {
+    loader = {
+      argv = [
+        entrypoint
+        "-c"
+        ("${teepot.teepot.tee_key_preexec}/bin/tee-key-preexec -- bash -c "
+        + "'echo \"SIGNING_KEY=$SIGNING_KEY\"; echo \"TEE_TYPE=$TEE_TYPE\";exec base64 \"$ATTESTATION_QUOTE_FILE_PATH\";'")
+      ];
+
+      log_level = "error";
+      env = {
+        RUST_BACKTRACE = "1";
+        RUST_LOG = "trace";
+      };
+    };
+    sgx = {
+      edmm_enable = true;
+      max_threads = 2;
+    };
+  };
+}