# self-attestation-test Optionally build and load the containers (remove the `ghcr.io/matter-labs/` repo from the commands below then) ```bash $ nix build -L .#container-verify-attestation-sgx && docker load -i result $ nix build -L .#container-self-attestation-test-sgx-dcap && docker load -i result $ nix build -L .#container-self-attestation-test-sgx-azure && docker load -i result ``` ## Azure DCAP ```bash ❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave \ ghcr.io/matter-labs/teepot-self-attestation-test-sgx-azure:latest \ | base64 -d --ignore-garbage \ | docker run -i --rm ghcr.io/matter-labs/verify-attestation-sgx:latest - aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground. Gramine is starting. Parsing TOML manifest file, this may take some time... Verifying quote (4734 bytes)... Quote verification result: SwHardeningNeeded: Software hardening is needed Info: Advisory ID: INTEL-SA-00615 Quote verified successfully: SwHardeningNeeded: Software hardening is needed mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d mrenclave: 31a0d51ee410ed6db18ebfb181ba0b2fa0d2062a38d6b955b73b3e9cfb8336bd reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ``` ## Normal DCAP ```bash ❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave \ ghcr.io/matter-labs/teepot-self-attestation-test-sgx-dcap:latest \ | base64 -d --ignore-garbage \ | docker run -i --rm ghcr.io/matter-labs/verify-attestation-sgx:latest - aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground. Gramine is starting. Parsing TOML manifest file, this may take some time... Verifying quote (4730 bytes)... Quote verified successfully: Ok mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d mrenclave: 7ffe70789261a51769f50e129bfafb2aafe91a4e17c3f0d52839006777c652f6 reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ``` On an outdated machine, this might look like this: ```bash ❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave \ ghcr.io/matter-labs/teepot-self-attestation-test-sgx-dcap:latest \ | base64 -d --ignore-garbage \ | docker run -i --rm ghcr.io/matter-labs/verify-attestation-sgx:latest - aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground. Gramine is starting. Parsing TOML manifest file, this may take some time... Verifying quote (4600 bytes)... Quote verification result: OutOfDate: Firmware needs to be updated Info: Advisory ID: INTEL-SA-00614 Info: Advisory ID: INTEL-SA-00617 Info: Advisory ID: INTEL-SA-00289 Info: Advisory ID: INTEL-SA-00657 Info: Advisory ID: INTEL-SA-00767 Info: Advisory ID: INTEL-SA-00828 Info: Advisory ID: INTEL-SA-00615 Quote verified successfully: OutOfDate: Firmware needs to be updated mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d mrenclave: 7ffe70789261a51769f50e129bfafb2aafe91a4e17c3f0d52839006777c652f6 reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ``` ## podman ```bash ❯ podman run -i --rm --group-add=keep-groups -v /var/run/aesmd:/var/run/aesmd -v /dev/sgx_enclave:/dev/sgx_enclave \ ghcr.io/matter-labs/teepot-self-attestation-test-sgx-dcap:latest \ | base64 -d --ignore-garbage \ | podman run -i --rm --net host \ -v /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf \ ghcr.io/matter-labs/verify-attestation-sgx-dcap:latest ```