This project provides a build development environment in the form of Docker containers. You can use the following command to pull the build development environment image.
docker pull ghcr.io/inclavare-containers/rats-rs:masterOr you can build directly using the Dockerfile
git clone git@github.com:inclavare-containers/rats-rs.git
cd rats-rs
docker build --tag rats-rs:master .Then, depending on the TEE type, use the corresponding command to start the environment:
-
SGX instance:
docker run -it --privileged --device=/dev/sgx_enclave --device=/dev/sgx_provision rats-rs:master bash
-
TDX instance:
docker run -it --privileged --device=/dev/tdx_guest rats-rs:master bash
The following provides the dependency installation process on Ubuntu 22.04. The process on other distributions is similar and can be referenced from Intel_SGX_SW_Installation_Guide_for_Linux.pdf.
-
Install basic dependency libraries
echo "deb http://cn.archive.ubuntu.com/ubuntu bionic main" >> /etc/apt/sources.list apt-get update apt-get install -y libprotobuf10 make git vim clang-format-9 gcc \ pkg-config protobuf-compiler debhelper cmake \ wget net-tools curl file gnupg tree libcurl4-openssl-dev \ libbinutils libseccomp-dev libssl-dev binutils-dev libprotoc-dev \ clang jq
-
Install Rust toolchain
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path
Add the following statement to the end of
~/.bashrcexport PATH=/root/.cargo/bin:$PATH
(Optional) Install
llvm-tools-previewfor code coverage calculationrustup component add llvm-tools-preview -
This project uses the just tool to encapsulate the build, test, and run processes of this project, so just needs to be installed first.
cargo install just
-
Install Intel SGX LVI mitigated toolchain
wget https://download.01.org/intel-sgx/sgx-linux/$SGX_SDK_VERSION/as.ld.objdump.r4.tar.gz && \ tar -zxvf as.ld.objdump.r4.tar.gz && cp -rf external/toolset/ubuntu20.04/* /usr/local/bin/ && \ rm -rf external && rm -rf as.ld.objdump.r4.tar.gz
-
Install Intel SGX SDK
Depends on Intel SGX SDK version >= 2.23
SGX_SDK_VERSION=2.23 SGX_SDK_RELEASE_NUMBER=2.23.100.2 wget https://download.01.org/intel-sgx/sgx-linux/$SGX_SDK_VERSION/distro/ubuntu20.04-server/sgx_linux_x64_sdk_$SGX_SDK_RELEASE_NUMBER.bin && \ chmod +x sgx_linux_x64_sdk_$SGX_SDK_RELEASE_NUMBER.bin && \ echo -e 'no\n/opt/intel\n' | ./sgx_linux_x64_sdk_$SGX_SDK_RELEASE_NUMBER.bin
-
Install SGX DCAP software packages
Add Intel's official online apt repo
echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" | tee /etc/apt/sources.list.d/intel-sgx.list && \ wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - apt-get update -y
Install SGX DCAP software packages
SGX_SDK_VERSION=2.23 SGX_DCAP_VERSION=1.20 apt-get update -y && apt-get install -y libsgx-headers="$SGX_SDK_VERSION*" \ libsgx-uae-service="$SGX_SDK_VERSION*" \ libsgx-dcap-quote-verify-dev="$SGX_DCAP_VERSION*" \ libsgx-dcap-ql-dev="$SGX_DCAP_VERSION*" \ libsgx-dcap-default-qpl-dev="$SGX_DCAP_VERSION*"
-
Install occlum, used to run rats-rs sample programs in the occlum environment
echo 'deb [arch=amd64] https://occlum.io/occlum-package-repos/debian focal main' | tee /etc/apt/sources.list.d/occlum.list wget -qO - https://occlum.io/occlum-package-repos/debian/public.key | apt-key add - apt-get update apt-get install -y libfuse2 occlum occlum-toolchains-glibc
Add the following statement to the end of
~/.bashrcexport PATH="/opt/occlum/build/bin:${PATH}"
-
(For TDX instances) Install TDX Attestation library
SGX_DCAP_VERSION=1.20 apt-get install -y libtdx-attest-dev="$SGX_DCAP_VERSION*"
If you are preparing to build this project separately or simply try the sample programs provided in this project, you can use the following method to build the code:
-
Pull the source code
git clone git@github.com:inclavare-containers/rats-rs.git cd rats-rs -
Prepare
just prepare-repo
-
Build the project
cargo build
-
(Optional) Build sample programs
cargo build -p spdm
For how to run sample programs, please refer to the examples in the examples directory.