Skip to content

Commit

Permalink
docs: Docker + Docker Attestation
Browse files Browse the repository at this point in the history
  • Loading branch information
binglekruger committed Nov 28, 2024
1 parent 2df262f commit 45bb6d5
Show file tree
Hide file tree
Showing 3 changed files with 124 additions and 0 deletions.
27 changes: 27 additions & 0 deletions docs/attestation/client-setup.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,4 +86,31 @@ make attest
Server is running
Connection closed by server after receiving data
```


## Docker Container Attestation

1. **Build Container and Get Signature**

Check [Docker Deployment Guide](installation/docker-deployment.md) for complete instructions on building and setting up the Docker environment.

```sh
cd sgx-mvp/docker
# Build container - this will also create docker-sgx-mvp.sig
./build.sh ubuntu20
```

2. **View Container Measurements**

```sh
# View signature details
gramine-sgx-sigstruct-view docker-sgx-mvp.sig
```

3. **Verify Container**

```sh
# Using measurements from docker container
./attest dcap <mrenclave> <mrsigner> <isv_prod_id> <isv_svn>
```
96 changes: 96 additions & 0 deletions docs/installation/docker-deployment.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
# **Docker Deployment Guide**

This guide explains how to build and run the Nautilus SGX MVP using Docker containers.

## Prerequisites

Before deploying the Nautilus MVP with Docker, ensure your system meets the following requirements:

### System Requirements

* Ubuntu 20.04
* Intel CPU with SGX support
* Docker installed
* Support for DCAP attestation

### Required Components

1. **Docker Environment**
- Docker Engine
- SGX device drivers mounted

```sh
# Verify Docker installation
docker --version

# Check SGX devices
ls /dev/sgx*
```

2. **Signing Key Setup**

Generate a development signing key:

```sh
gramine-sgx-gen-private-key /keys/enclave-key.pem
chmod 400 /keys/enclave-key.pem
```

!!! warning "Production Environment"
For production environments, use your production signing key instead of generating a new one.


### Build Instructions

1. **Navigate to Docker Directory**

```sh
cd sgx-mvp/docker
```

2. **Build Docker Image**

For Ubuntu 20.04:
```sh
sudo ./build.sh ubuntu20
```

3. **Run Container**

```sh
sudo docker run -p 8080:8081 \
--device=/dev/sgx_enclave \
--device=/dev/sgx_provision \
sgx-mvp:stable-focal
```

### Verification Steps

1. **Check Container Status**

```sh
docker ps
```

2. **Verify Service Health**

```sh
curl -k https://localhost:8080/health ; echo
```

3. **AESM Service**

The container automatically handles the AESM service startup through the `/restart_aesm.sh` script, so no manual verification is needed.


## Configuration

### Environment Variables

* `HOST`: Service host address (default: 127.0.0.1)
* `PORT`: Internal service port (default: 8080)

### Port Mappings

* Internal port: 8080
* External port: 8081 (configurable via Docker run command)
1 change: 1 addition & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ nav:
- Home: index.md
- Installation:
- SGX MVP Installation Guide: installation/sgx-mvp.md
- Docker Deployment: installation/docker-deployment.md
- API Documentation:
- Overview: api/overview.md
- Endpoints:
Expand Down

0 comments on commit 45bb6d5

Please sign in to comment.