This user guide provides the steps to run inclavare-containers with pouch and Occlum.
Please refer to this guide to install pouch and refer to this guide to configure the runtime of pouchd.
Please refer to this guide to install rune
.
Please refer to this guide to install shim-rune
and refer to this guide to configure shim-rune
.
Please refer to this guide to build your Occlum container image.
Use the environment variable OCCLUM_RELEASE_ENCLAVE to specify your enclave type
- OCCLUM_RELEASE_ENCLAVE=0: debug enclave
- OCCLUM_RELEASE_ENCLAVE=1: product enclave
Then run pouch with Occlum container images refer to
pouch run -it --rm --runtime=rune \
-e ENCLAVE_TYPE=intelSgx \
-e ENCLAVE_RUNTIME_PATH=/opt/occlum/build/lib/libocclum-pal.so \
-e ENCLAVE_RUNTIME_ARGS=occlum_instance \
-e ENCLAVE_RUNTIME_LOGLEVEL=info \
-e OCCLUM_RELEASE_ENCLAVE=0 \
occlum-app
In addition, pouch supports to configure annotation
options to run container image. You can run pouch with annotations instead of environment variables.
pouch run -it --rm --runtime=rune \
--annotation "enclave.type=intelSgx" \
--annotation "enclave.runtime.path=/opt/occlum/build/lib/libocclum-pal.so" \
--annotation "enclave.runtime.args=occlum_instance" \
--annotation "enclave.runtime.loglevel=info" \
-e OCCLUM_RELEASE_ENCLAVE=0 \
occlum-app