Skip to content

Latest commit

 

History

History
96 lines (71 loc) · 3.42 KB

build.md

File metadata and controls

96 lines (71 loc) · 3.42 KB
Raw

Build

All binaries can be built with the go-compiler. For an explanation of the various flags run -help

Build and Run the Provisioning Server

cd est/estserver
go build
./estserver -help # For all commandline flags

Build and Run the CMC Daemon

The below commands show how to build and run the cmcd. At runtime, a client can provide the cmcd with root certificates that are to be used during the verification of the attestation report. If these are not provided, the cmcd uses the system's root certificates instead. Under Linux, these are commonly stored under /etc/ssl/certs. To temporarily add certificates, see the commands using SSL_CERT_FILE and SSL_CERT_DIR below.

cd cmcd
go build
./cmcd -help # For all command line options
# with added custom certificates
SSL_CERT_FILE=../example-setup/pki/ca/ca.pem ./cmcd -config <config-file>
SSL_CERT_DIR=../example-setup/pki/ca/ ./cmcd -config <config-file>

Build and Run the Test Tool

cd testtool
go build
./testtool -help # To display all commandline options

Customize Builds

Reduce General Size

The size of all binaries can be reduced via go linker flags:

go build ldflags="-s -w"

For more information see the go documentation.

Reduce Size by Disabling Features

The size of the binaries can further be reduced by a considerable amount through disabling unused features during build time. The go build command builds each binary with all features enabled. The project uses the go build system with build tags to disable features.

To disable all features, use the custom nodefaults tag. You can then enable the features you want to build via additional tags.

Currently supported tags for the cmcd and testtool are:

  • grpc Enables the gRPC API
  • coap Enables the CoAP API

To build all binaries with coap but without grpc support:

go build -tags nodefaults,coap

Note: disabling features during build-time but specifying to use them in the configuration files will lead to errors during runtime

Regenerate Protobuf gRPC Interface

see: https://grpc.io/docs/languages/go/quickstart/ for newer versions

sudo apt install -y protobuf-compiler
go install google.golang.org/protobuf/cmd/[email protected]
go install google.golang.org/grpc/cmd/[email protected]
cd grpcapi/
make

SGX Build

The SGX integration is build on top of the EGo Framework for the development of confidential apps in Go. Since SGX enclaves are designed to execute only one process inside an isolated environment, the libapi implementation has to be used for the generation and verification of attestation reports.

Once you have developed your application and integrated the cmc library following the instructions provided in the integration documentation, compile, sign and run it like this:

CGO_CFLAGS=-D_FORTIFY_SOURCE=0 ego-go build && ego sign ../example-setup/enclave.json # or create custom enclave.json
sudo ego run testtool -mode generate -config cmc-data/libapi-sgx-config.json # run generate example 
sudo ego run testtool -mode verify -config cmc-data/libapi-sgx-config.json # run verify example

Additional information for the enclave such as heapSize, mount points, security version (ISV SVN) and enclave product ID (ISV Prod ID) can be specified in the enclave.json file.

See https://docs.edgeless.systems/ego/reference/config for more information.