https://github.com/bengreenier/sgx-lkl-turtles
Docker-in-docker SGX-LKL sample of a Node hello world app. 🧙📦⚡
https://github.com/bengreenier/sgx-lkl-turtles
enclave nodejs sample sgx-lkl tee
Last synced: about 1 year ago
JSON representation
Docker-in-docker SGX-LKL sample of a Node hello world app. 🧙📦⚡
- Host: GitHub
- URL: https://github.com/bengreenier/sgx-lkl-turtles
- Owner: bengreenier
- Created: 2019-09-23T15:20:49.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2019-10-03T17:10:19.000Z (over 6 years ago)
- Last Synced: 2025-01-23T08:20:05.811Z (over 1 year ago)
- Topics: enclave, nodejs, sample, sgx-lkl, tee
- Language: Dockerfile
- Homepage:
- Size: 61.5 KB
- Stars: 2
- Watchers: 5
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# SGX-LKL-Turtles
> 🚨 This project is an unsupported experiment.
Docker-in-docker [SGX-LKL](https://github.com/lsds/sgx-lkl) sample of a Node [hello world app](./src). 🧙📦⚡
I needed a sample to determine how Node apps might run inside SGX-LKL (in an enclave). I also wanted to try out
developing the release entirely inside a docker container. This requires docker-in-docker, to generate the SGX-LKL
image that will run on the enclave.
## Getting started
> Note: This is currently configured to run using simulated mode (not against real enclave hardware). To modify it, specify `--build-arg MAKE_TARGET=""` during docker build.
To run the sample on your own, just grab and run the runtime docker container from this repo's packages:
```
# Gets the container from github
# Runs it in privileged mode
# Forwards the docker daemon control socket
docker run -it --rm --privileged -v //var/run/docker.sock:/var/run/docker.sock bengreenier/sgx-lkl-turtles:latest-sim
```
You should see:
```
Creating ./app.img from Dockerfile ./src/Dockerfile...
Building Docker image...
Creating and exporting Docker container...
Creating disk image file...
Succesfully created ./app.img.
Cleaning up temporary files...
[ SGX-LKL ] No tap device specified, networking will not be available.
[ SGX-LKL ] Kernel command line: ""
[ SGX-LKL ] Adding entropy to entropy pool.
[ SGX-LKL ] wg0 has public key KNAL8UQFWViNDi1WtGNx4wqsH9BCQ9Xwv8UX7+Itw3Y=
[ SGX-LKL ] Set working directory /
[ SGX-LKL ] Calling application main
Hello world. I'm inside an enclave!
SGX-LKL ] Set working directory /
```
Note that we've limited the [v8 max-old-space-size](https://stackoverflow.com/a/48392705) to `512MB` and adjusted the [SGXLKL_HEAP](https://github.com/lsds/sgx-lkl/blob/master/src/main/sgxlkl_run.c#L232) to `640MB`. This limits the possibilities of this sample app, but helps keep the runtime quite small.
## Building yourself
This is super easy, and depends only on [Docker](https://hub.docker.com).
```
# This will take a while (~25m)
docker build -t sgx-lkl-turtles:dev .
```
### Configuration
You can modify the image during the build phase to target physical hardware, or simulated hardware (the default).
| Hardware | MAKE_TARGET |
| ----------- | ----------------- |
| Physical | `""` |
| Simulated | `"sim DEBUG=true"`|
For example:
```
docker build --build-arg MAKE_TARGET="" -t sgx-lkl-turtles:dev .
```
That's it! 🎉
## Credits
+ This wouldn't be possible without the awesome [SGX-LKL Project](https://github.com/lsds/sgx-lkl).
+ Icons made by [Pixel perfect](https://www.flaticon.com/authors/pixel-perfect) from [www.flaticon.com](https://www.flaticon.com/).