harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 23:23:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
teepot/bin/tee-self-attestation-test/README.md
Harald Hoyer 3257f316b5
feat(ci): switch to GitHub Container Registry for images 
Updated the workflow to push container images to GitHub Container Registry instead of Docker Hub. Added a login step for GHCR and updated image tagging and pushing commands accordingly.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-04-02 17:10:20 +02:00

81 lines
3.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# self-attestation-test
Optionally build and load the containers (remove the `ghcr.io/matter-labs/` repo from the commands below then)
```bash
$ nix build -L .#container-verify-attestation-sgx && docker load -i result
$ nix build -L .#container-self-attestation-test-sgx-dcap && docker load -i result
$ nix build -L .#container-self-attestation-test-sgx-azure && docker load -i result
```
## Azure DCAP
```bash
docker run -i --init --rm --privileged --device /dev/sgx_enclave \
ghcr.io/matter-labs/teepot-self-attestation-test-sgx-azure:latest \
| base64 -d --ignore-garbage \
| docker run -i --rm ghcr.io/matter-labs/verify-attestation-sgx:latest -
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
Gramine is starting. Parsing TOML manifest file, this may take some time...
Verifying quote (4734 bytes)...
Quote verification result: SwHardeningNeeded: Software hardening is needed
Info: Advisory ID: INTEL-SA-00615
Quote verified successfully: SwHardeningNeeded: Software hardening is needed
mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
mrenclave: 31a0d51ee410ed6db18ebfb181ba0b2fa0d2062a38d6b955b73b3e9cfb8336bd
reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
```
## Normal DCAP
```bash
docker run -i --init --rm --privileged --device /dev/sgx_enclave \
ghcr.io/matter-labs/teepot-self-attestation-test-sgx-dcap:latest \
| base64 -d --ignore-garbage \
| docker run -i --rm ghcr.io/matter-labs/verify-attestation-sgx:latest -
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
Gramine is starting. Parsing TOML manifest file, this may take some time...
Verifying quote (4730 bytes)...
Quote verified successfully: Ok
mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
mrenclave: 7ffe70789261a51769f50e129bfafb2aafe91a4e17c3f0d52839006777c652f6
reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
```
On an outdated machine, this might look like this:
```bash
docker run -i --init --rm --privileged --device /dev/sgx_enclave \
ghcr.io/matter-labs/teepot-self-attestation-test-sgx-dcap:latest \
| base64 -d --ignore-garbage \
| docker run -i --rm ghcr.io/matter-labs/verify-attestation-sgx:latest -
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
Gramine is starting. Parsing TOML manifest file, this may take some time...
Verifying quote (4600 bytes)...
Quote verification result: OutOfDate: Firmware needs to be updated
Info: Advisory ID: INTEL-SA-00614
Info: Advisory ID: INTEL-SA-00617
Info: Advisory ID: INTEL-SA-00289
Info: Advisory ID: INTEL-SA-00657
Info: Advisory ID: INTEL-SA-00767
Info: Advisory ID: INTEL-SA-00828
Info: Advisory ID: INTEL-SA-00615
Quote verified successfully: OutOfDate: Firmware needs to be updated
mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
mrenclave: 7ffe70789261a51769f50e129bfafb2aafe91a4e17c3f0d52839006777c652f6
reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
```
## podman
```bash
podman run -i --rm --group-add=keep-groups -v /var/run/aesmd:/var/run/aesmd -v /dev/sgx_enclave:/dev/sgx_enclave \
ghcr.io/matter-labs/teepot-self-attestation-test-sgx-dcap:latest \
| base64 -d --ignore-garbage \
| podman run -i --rm --net host \
-v /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf \
ghcr.io/matter-labs/verify-attestation-sgx-dcap:latest
```
Reference in a new issue View git blame Copy permalink