登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

蛋蛋 / librats

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
分支 1
标签 0
贡献代码
同步代码
创建 Pull Request
了解更多
对比差异 通过 Pull Request 同步
同步更新到分支
通过 Pull Request 同步
将会在向当前分支创建一个 Pull
Request,合入后将完成同步
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
.github/workflows
api
attesters
cmake
core
crypto_wrappers
dist
docs/design
external/sgx-ssl
include
samples
tee
verifiers
wasm
.clang-format
.gitignore
CMakeLists.txt
MAINTAINERS
Makefile
README.md
VERSION
Loading...
README
BSD-3-Clause

Building

Build Requirements

  • git
  • make
  • autoconf
  • libtool
  • libcurl
  • gcc
  • g++
  • openssl-devel / libssl-dev
  • cargo (only needed in host mode)
  • python, bzip2 (only needed in wasm mode)
  • SGX driver, Intel SGX SDK & PSW: Please refer to this guide to install.
    • Requires Intel SGX SDK and PSW version >= 2.18
  • SGX DCAP: please download and install the packages from this page.
    • ubuntu 18.04: libsgx-dcap-quote-verify-dev, libsgx-dcap-ql-dev, libsgx-uae-service
    • Requires Intel DCAP version >= 1.15
  • For TDX, please see the README in TDX MVP Stack. You need to download the packages and following TDX_E2E_attestation_software_stack_Installation_README-dcap-2021XXXX.txt to do step 2 & step 3 to setup build and dependence libraries.

Build and Install

Please follow the command to build librats from the latested source code on your system.

  1. Download the latest source code of librats
mkdir -p "$WORKSPACE"
cd "$WORKSPACE"
git clone https://github.com/inclavare-containers/librats
  1. Build and install librats
cd librats
cmake -DBUILD_SAMPLES=on -H. -Bbuild
make -C build install

cert-app will be installed to /usr/share/librats/samples/cert-app on your system. All instances are placed in /usr/local/lib/librats/.

If you want to build instances related to sgx(sgx_ecdsa, sgx_ecdsa_qve, sgx_la), please type the following command.

cmake -DRATS_BUILD_MODE="sgx" -DBUILD_SAMPLES=on -H. -Bbuild
make -C build install

If you want to run instances on libos occlum, please type the following command.

cmake -DRATS_BUILD_MODE="occlum" -DBUILD_SAMPLES=on -H. -Bbuild
make -C build install

If you want to run TDX instances, please type the following command.

cmake -DRATS_BUILD_MODE="tdx" -DBUILD_SAMPLES=on -H. -Bbuild
make -C build install

Note that SGX LVI mitigation is enabled by default. You can set macro SGX_LVI_MITIGATION to 0 to disable SGX LVI mitigation.

  1. Wasm support

Librats provides support for WebAssembly, which enables it to run in the browser and WAMR.

If you want to run it in browser, please read this document.

If you want to run it in WAMR, please type the following command.

# install librats in host mode first
cmake -H. -Bbuild
make -C build install

# export librats APIs to wamr
cd wasm/wamr
cmake -H. -Bbuild
make -C build

# run the sample
cd build
./iwasm --native-lib=librats_wamr.so sample/test.wasm

RUN

Right now, Librats supports the following instance types:

Priority Attester instances Verifier instances
0 nullattester nullverifier
15 sgx_la sgx_la
20 csv csv
35 sev sev
42 sev_snp sev_snp
42 tdx_ecdsa tdx_ecdsa
52 sgx_ecdsa sgx_ecdsa
53 sgx_ecdsa sgx_ecdsa_qve

For instance priority, the higher, the stronger. By default, Librats will select the highest priority instance to use.

Notice: special prerequisites for TDX remote attestation in bios configuration and hardware capability.

Check msr 0x503, return value must be 0:

sudo rdmsr 0x503s

Note that if you want to run SEV-SNP remote attestation, please refer to link to set up the host and guest Linux kernel, qemu and ovmf bios used for launching SEV-SNP guest.

Notice: special prerequisites for SEV(-ES) remote attestation in software capability.

Notice: special prerequisites for CSV(2) remote attestation in software capability.

  • Kernel support CSV(2) runtime attestation, please manually apply theses patches.

Enable bootstrap debugging

In the early bootstrap of librats, the debug message is mute by default. In order to enable it, please explicitly set the environment variable RATS_GLOBAL_LOG_LEVEL=<log_level>, where <log_level> is same as the values of the option -l.

Third Party Dependencies

Direct Dependencies

Name Repo URL Licenses
linux-sgx https://github.com/intel/linux-sgx BSD-3-clause
SGXDataCenterAttestationPrimitives https://github.com/intel/SGXDataCenterAttestationPrimitives BSD-3-clause
GNU C library C library GNU General Public License version 3
# Building ## Build Requirements - git - make - autoconf - libtool - libcurl - gcc - g++ - openssl-devel / libssl-dev - cargo (only needed in host mode) - python, bzip2 (only needed in wasm mode) - SGX driver, Intel SGX SDK & PSW: Please refer to this [guide](https://download.01.org/intel-sgx/sgx-linux/2.18/docs/Intel_SGX_SW_Installation_Guide_for_Linux.pdf) to install. - Requires Intel SGX SDK and PSW version >= 2.18 - [SGX DCAP](https://github.com/intel/SGXDataCenterAttestationPrimitives): please download and install the packages from this [page](https://download.01.org/intel-sgx/sgx-dcap/#version#linux/distro). - ubuntu 18.04: `libsgx-dcap-quote-verify-dev`, `libsgx-dcap-ql-dev`, `libsgx-uae-service` - Requires Intel DCAP version >= 1.15 - For TDX, please see the README in TDX MVP Stack. You need to download the packages and following TDX_E2E_attestation_software_stack_Installation_README-dcap-2021XXXX.txt to do step 2 & step 3 to setup build and dependence libraries. ## Build and Install Please follow the command to build librats from the latested source code on your system. 1. Download the latest source code of librats ```shell mkdir -p "$WORKSPACE" cd "$WORKSPACE" git clone https://github.com/inclavare-containers/librats ``` 2. Build and install librats ```shell cd librats cmake -DBUILD_SAMPLES=on -H. -Bbuild make -C build install ``` `cert-app` will be installed to `/usr/share/librats/samples/cert-app` on your system. All instances are placed in `/usr/local/lib/librats/`. If you want to build instances related to sgx(sgx\_ecdsa, sgx\_ecdsa\_qve, sgx\_la), please type the following command. ```shell cmake -DRATS_BUILD_MODE="sgx" -DBUILD_SAMPLES=on -H. -Bbuild make -C build install ``` If you want to run instances on libos occlum, please type the following command. ```shell cmake -DRATS_BUILD_MODE="occlum" -DBUILD_SAMPLES=on -H. -Bbuild make -C build install ``` If you want to run TDX instances, please type the following command. ```shell cmake -DRATS_BUILD_MODE="tdx" -DBUILD_SAMPLES=on -H. -Bbuild make -C build install ``` Note that [SGX LVI mitigation](https://software.intel.com/security-software-guidance/advisory-guidance/load-value-injection) is enabled by default. You can set macro `SGX_LVI_MITIGATION` to `0` to disable SGX LVI mitigation. 3. Wasm support Librats provides support for [WebAssembly](https://webassembly.org), which enables it to run in the browser and [WAMR](https://github.com/bytecodealliance/wasm-micro-runtime). If you want to run it in browser, please read [this document](wasm/emscripten/README.md). If you want to run it in WAMR, please type the following command. ```shell # install librats in host mode first cmake -H. -Bbuild make -C build install # export librats APIs to wamr cd wasm/wamr cmake -H. -Bbuild make -C build # run the sample cd build ./iwasm --native-lib=librats_wamr.so sample/test.wasm ``` # RUN Right now, Librats supports the following instance types: | Priority | Attester instances | Verifier instances | | ---------- | -------------------------- | -------------------------- | | 0 | nullattester | nullverifier | | 15 | sgx\_la | sgx\_la | | 20 | csv | csv | | 35 | sev | sev | | 42 | sev\_snp | sev\_snp | | 42 | tdx\_ecdsa | tdx\_ecdsa | | 52 | sgx\_ecdsa | sgx\_ecdsa | | 53 | sgx\_ecdsa | sgx\_ecdsa\_qve | For instance priority, the higher, the stronger. By default, Librats will select the **highest priority** instance to use. **Notice: special prerequisites for TDX remote attestation in bios configuration and hardware capability.** Check msr 0x503, return value must be 0: ``` sudo rdmsr 0x503s ``` Note that if you want to run SEV-SNP remote attestation, please refer to [link](https://github.com/AMDESE/AMDSEV/tree/sev-snp-devel) to set up the host and guest Linux kernel, qemu and ovmf bios used for launching SEV-SNP guest. **Notice: special prerequisites for SEV(-ES) remote attestation in software capability.** - Kernel support SEV(-ES) runtime attestation, please manually apply [these patches](https://github.com/haosanzi/attestation-evidence-broker/tree/master/hack/README.md). - Start the [attestation evidence broker](https://github.com/haosanzi/attestation-evidence-broker/blob/master/README.md) service in host. **Notice: special prerequisites for CSV(2) remote attestation in software capability.** - Kernel support CSV(2) runtime attestation, please manually apply [theses patches](https://gitee.com/anolis/cloud-kernel/pulls/412). ## Enable bootstrap debugging In the early bootstrap of librats, the debug message is mute by default. In order to enable it, please explicitly set the environment variable `RATS_GLOBAL_LOG_LEVEL=<log_level>`, where \<log_level\> is same as the values of the option `-l`. # Third Party Dependencies Direct Dependencies | Name | Repo URL | Licenses | | :--: | :-------: | :-------: | | linux-sgx | https://github.com/intel/linux-sgx | BSD-3-clause | | SGXDataCenterAttestationPrimitives | https://github.com/intel/SGXDataCenterAttestationPrimitives | BSD-3-clause | | GNU C library | C library | GNU General Public License version 3 |
Starred
0
Star
0
Fork
0

简介

暂无描述 展开 收起
暂无标签
/snikeguo/librats
C 等 6 种语言
C
73.6%
CMake
15.2%
HTML
9.2%
Rust
0.7%
C++
0.6%
Other
0.7%
BSD-3-Clause
使用 BSD-3-Clause 开源许可协议
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
1
https://gitee.com/snikeguo/librats.git
git@gitee.com:snikeguo/librats.git
snikeguo
librats
librats
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部