mirror of
https://github.com/matter-labs/teepot.git
synced 2025-07-22 15:34:48 +02:00
d0c5950c0e
It refactors the way the SGX containers are built. This removes all `Dockerfile` and gramine manifest files. It also enables a single recipe for azure and non-azure variants. Additionally the `teepot-crate.nix` is now the inherited recipe to build the rust `teepot` crate. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
70 lines
3.3 KiB
Markdown
70 lines
3.3 KiB
Markdown
# self-attestation-test
|
||
|
||
Optionally build and load the containers (remove the `matterlabsrobot/` repo from the commands below then)
|
||
|
||
```bash
|
||
$ nix build -L .#container-verify-attestation-sgx && docker load -i result
|
||
$ nix build -L .#container-self-attestation-test-sgx-dcap && docker load -i result
|
||
$ nix build -L .#container-self-attestation-test-sgx-azure && docker load -i result
|
||
```
|
||
|
||
## Azure DCAP
|
||
|
||
```bash
|
||
❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave \
|
||
matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \
|
||
| base64 -d --ignore-garbage \
|
||
| docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest
|
||
|
||
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
|
||
Gramine is starting. Parsing TOML manifest file, this may take some time...
|
||
Verifying quote (4734 bytes)...
|
||
Quote verification result: SwHardeningNeeded: Software hardening is needed
|
||
Info: Advisory ID: INTEL-SA-00615
|
||
Quote verified successfully: SwHardeningNeeded: Software hardening is needed
|
||
mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
|
||
mrenclave: 31a0d51ee410ed6db18ebfb181ba0b2fa0d2062a38d6b955b73b3e9cfb8336bd
|
||
reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
|
||
```
|
||
|
||
## Normal DCAP
|
||
|
||
```bash
|
||
❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave \
|
||
matterlabsrobot/teepot-self-attestation-test-sgx-dcap:latest \
|
||
| base64 -d --ignore-garbage \
|
||
| docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest
|
||
|
||
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
|
||
Gramine is starting. Parsing TOML manifest file, this may take some time...
|
||
Verifying quote (4730 bytes)...
|
||
Quote verified successfully: Ok
|
||
mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
|
||
mrenclave: 7ffe70789261a51769f50e129bfafb2aafe91a4e17c3f0d52839006777c652f6
|
||
reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
|
||
```
|
||
|
||
On an outdated machine, this might look like this:
|
||
|
||
```bash
|
||
❯ docker run -i --init --rm --privileged --device /dev/sgx_enclave \
|
||
matterlabsrobot/teepot-self-attestation-test-sgx-dcap:latest \
|
||
| base64 -d --ignore-garbage \
|
||
| docker run -i --rm matterlabsrobot/verify-attestation-sgx:latest
|
||
|
||
aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
|
||
Gramine is starting. Parsing TOML manifest file, this may take some time...
|
||
Verifying quote (4600 bytes)...
|
||
Quote verification result: OutOfDate: Firmware needs to be updated
|
||
Info: Advisory ID: INTEL-SA-00614
|
||
Info: Advisory ID: INTEL-SA-00617
|
||
Info: Advisory ID: INTEL-SA-00289
|
||
Info: Advisory ID: INTEL-SA-00657
|
||
Info: Advisory ID: INTEL-SA-00767
|
||
Info: Advisory ID: INTEL-SA-00828
|
||
Info: Advisory ID: INTEL-SA-00615
|
||
Quote verified successfully: OutOfDate: Firmware needs to be updated
|
||
mrsigner: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
|
||
mrenclave: 7ffe70789261a51769f50e129bfafb2aafe91a4e17c3f0d52839006777c652f6
|
||
reportdata: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
|
||
```
|