A Python interface to the SGX SDK for Linux. Uses Graphene-SGX to execute Python in an enclave.
-
Initialize the submodules:
git submodule update --init -
Run the submodules' setup scripts:
cd linux-sgx-driver && ./setup.sh && cd .. cd linux-sgx && ./setup.sh && cd .. cd graphene && ./setup.sh && cd .. -
Adjust the paths in
config/config.py(or keep the default paths) -
Copy the public key of the SGX Remote Attestation Challenger to
/etc/python-sgx/challenger_public.key, or delete this line from theconfig/python3.manifest.templateif you don't want to use the remote attestation:sgx.trusted_files.challenger_public_key = file:$(CONFIG_DIR)/challenger_public.key
-
Run the setup script:
./setup.sh -
Add your user to the
sgxgroup:sudo usermod -a -G sgx $USERNote that this will only take effect after a new login.
-
Run the uninstallation script:
sudo ./uninstall.sh
python3-sgx tests/test_seal.py seal
python3-sgx tests/test_seal.py unseal
python3-sgx tests/test_sealing_wrapper.py
Note: You have to be in the repository's base directory to be able to run the tests.
Note: You need to install the challenger package on the challenging machine and store a copy of the challenger's public key in /etc/python-sgx/challenger_public.key. The SGX Remote Attestation Challenger package contains a script generate_key_pair.py which creates a key in the required format.
-
Run the Quoting Manager (handles communication with the Quoting Enclave):
quoting-manager -
Run the Remote Attestation Manager (handles communication with the challenger):
sgx-ra-manager -
Use the SGX Remote Attestation Challenger to connect to the Remote Attestation Manager:
sgx-ra-challenger -c 127.0.0.1 6789