mirror of
https://github.com/matter-labs/teepot.git
synced 2025-07-21 23:23:57 +02:00
|
|
||
|---|---|---|
| .. | ||
| src | ||
| Cargo.toml | ||
| Dockerfile-azure | ||
| Dockerfile-intel | ||
| README.md | ||
| tee-self-attestation-test.template.toml | ||
self-attestation-test
Azure DCAP
❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave --net host \
matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \
| base64 -d --ignore-garbage \
| docker run -i --init --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
Gramine is starting. Parsing TOML manifest file, this may take some time...
Verifying quote (4734 bytes)...
Quote verification result: SwHardeningNeeded: Software hardening is needed
Info: Advisory ID: INTEL-SA-00615
Quote verified successfully: SwHardeningNeeded: Software hardening is needed
mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
mrenclave: 23267adf8144a195ede71425c50529ac8fd1aa896fe91786c28406854f246ab9
reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
PCCS DCAP
Install iptables rules to forward traffic to 127.0.0.1:8081 to the PCCS server.
❯ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
❯ sudo iptables -t nat -A OUTPUT -p tcp --dport 8081 -j DNAT --to-destination 192.168.122.1:8081
❯ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave --net host \
matterlabsrobot/teepot-self-attestation-test-sgx-dcap:latest \
| base64 -d --ignore-garbage \
| docker run -i --init --rm --net host \
-v /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf \
matterlabsrobot/verify-attestation-sgx-dcap:latest
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
Gramine is starting. Parsing TOML manifest file, this may take some time...
Verifying quote (4730 bytes)...
Quote verified successfully: Ok
mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
mrenclave: 10cfeee8e2a65c31795104d041647415c01dc3ae4b004e05e26107f6ede82677
reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
On an outdated machine, this might look like this:
❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave --net host \
matterlabsrobot/teepot-self-attestation-test-sgx-dcap:latest \
| base64 -d --ignore-garbage \
| docker run -i --init --rm --net host \
-v /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf \
matterlabsrobot/verify-attestation-sgx-dcap:latest
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
Gramine is starting. Parsing TOML manifest file, this may take some time...
Verifying quote (4600 bytes)...
Quote verification result: OutOfDate: Firmware needs to be updated
Info: Advisory ID: INTEL-SA-00614
Info: Advisory ID: INTEL-SA-00617
Info: Advisory ID: INTEL-SA-00289
Info: Advisory ID: INTEL-SA-00657
Info: Advisory ID: INTEL-SA-00767
Info: Advisory ID: INTEL-SA-00828
Info: Advisory ID: INTEL-SA-00615
Quote verified successfully: OutOfDate: Firmware needs to be updated
mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
mrenclave: 10cfeee8e2a65c31795104d041647415c01dc3ae4b004e05e26107f6ede82677
reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000