Skip to content

Development Docker image for the Veracruz privacy-preserving compute project. Veracruz is an adopted project of the Confidential Compute Consortium (CCC).

License

Notifications You must be signed in to change notification settings

dominic-mulligan-arm/veracruz-docker-image

 
 

Repository files navigation

Building Veracruz

This is the repository for the Docker container used for developing Veracruz. Veracruz is an open-source runtime for collaborative privacy-preserving compute. The main Veracruz repository can be found here.

Veracruz is an adopted project of the Confidential Compute Consortium (CCC).

Supported platforms

  • AWS Nitro Enclaves
  • Linux (no TEE technology used)

Requirements

  • Docker: We use Docker to provide a consistent build environment. Follow this guide to install Docker if necessary.
  • Enable Docker squash experimental feature: The tests are done on a linux machine. To enable docker experimental features on another OS. We use the squash docker experimental feature to help reduce the Veracruz docker image size, to enable this feature:
    • run:
      sudo service docker stop
    • copy the following in /etc/docker/daemon.json
      {
          "experimental": true
      }
    • run:
      sudo service docker start

Local build setup

Once all the necessary requirements are available, run the following commands:

  • Clone the Veracruz repository: This will pull the docker submodule

    git clone --recursive https://github.com/veracruz-project/veracruz.git 
    export VERACRUZ_ROOT=$PWD/veracruz
    
  • Once you have a local copy of the Veracruz source:

    cd veracruz/docker
    

The following instructions depend on the platform you're building for. (SGX, Arm TZ)

Note that building the Docker image will take a long time (we appreciate any suggestions on how this can be sped up!)

  • Build Instructions for AWS Nitro Enclaves

    make nitro-base
    
  • Build Instructions for Linux

    make linux-base
    
  • Starting the veracruz container

    For AWS Nitro Enclaves:

    make nitro-run
    

    Or, for Linux:

    make linux-run
    

There should be a Docker container running called "veracruz__". To verify that it's running, run: docker ps

You can now start a shell in the newly created container: For Nitro:

    make nitro-exec
For Linux:
    make linux-exec

Test Instructions for AWS Nitro Enclaves

Once inside the container, set up your local environment.

Now, to build the binaries:

cd workspaces/
make nitro

and to run the tests:

cd workspaces/nitro-host/
make test-server
make veracruz-test

Test Instructions for Linux

Once inside the container, build the binaries:

cd workspaces/
make linux

and to run the tests:

cd workspaces/linux-host/
make test-server
make veracruz-test

Cleaning a build

The Veracruz Makefile exposes a build target, clean, which recursively invokes cargo clean for each major subcomponent of the project. However, sometimes this is not enough to fix a broken build environment (note that this is common when using xargo to build e.g. the examples, or the rest of the SDK). In that case, it is useful to also delete the contents of the ~/.xargo directory, in addition to the standard clean build process described above.

Generating the certificates

Cryptographic certificates can be generated by using the following openssl invocation:

openssl req -new -x509 -key <key filename> -sha256 -nodes -days 3650 -out <certificate filename> -config cert.conf 

About

Development Docker image for the Veracruz privacy-preserving compute project. Veracruz is an adopted project of the Confidential Compute Consortium (CCC).

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Dockerfile 58.6%
  • Makefile 29.1%
  • Nix 6.1%
  • Shell 5.6%
  • Python 0.6%