add --init back for offline bootstrap, to avoid config-id-after-prove…

… issue.
pbeza · Apr 18, 2024 · 910bd9a · 910bd9a
1 parent bad7e0d
commit 910bd9a
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 26 deletions.
diff --git a/docker/config_sgx.sh b/docker/config_sgx.sh
@@ -15,7 +15,7 @@ echo "Ready to config container: $CONTAINER_ID"
 echo "Old config"
 docker exec $CONTAINER_ID cat /etc/raiko/config.sgx.json
 echo
-docker exec $CONTAINER_ID sed -i "s/456/$NEW_ID/" /etc/raiko/config.sgx.json
+docker exec $CONTAINER_ID sed -i "s/123456/$NEW_ID/" /etc/raiko/config.sgx.json
 # post-check update
 echo "New config"
 docker exec $CONTAINER_ID cat /etc/raiko/config.sgx.json
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -1,5 +1,24 @@
 version: "3.9"
 services:
+  init:
+    build:
+      context: ..
+      dockerfile: Dockerfile
+    image: gcr.io/evmchain/raiko:latest
+    container_name: raiko-init
+    command: --init
+    devices:
+      - "/dev/sgx_enclave:/dev/sgx_enclave"
+      - "/dev/sgx_provision:/dev/sgx_provision"
+    volumes:
+      - /var/log/raiko:/var/log/raiko
+      - ${HOME}/.config/gramine:/root/.config/gramine
+      - ${HOME}/.config/raiko:/root/.config/raiko
+    environment:
+      # you can use your own PCCS host
+      #- PCCS_HOST=host.docker.internal:8081
+    depends_on:
+      - pccs
   raiko:
     build:
       context: ..
@@ -19,9 +38,9 @@ services:
     environment:
       # Set to 0 (which is the default) to run on real hardware; use 1 for testing
       - SGX_DIRECT=${SGX_DIRECT}
+      - SGX_INSTANCE_ID=${SGX_INSTANCE_ID}
       # you can use your own PCCS host
       #- PCCS_HOST=host.docker.internal:8081
-
     # use the host's network to connect to the PCCS
     #extra_hosts:
     #  - "host.docker.internal:host-gateway"

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -7,14 +7,14 @@ RAIKO_DOCKER_VOLUME_PATH="/root/.config/raiko"
 RAIKO_DOCKER_VOLUME_CONFIG_PATH="$RAIKO_DOCKER_VOLUME_PATH/config"
 RAIKO_DOCKER_VOLUME_SECRETS_PATH="$RAIKO_DOCKER_VOLUME_PATH/secrets"
 RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH="$RAIKO_DOCKER_VOLUME_SECRETS_PATH/priv.key"
-RAIKO_GUEST_APP_DIR="/opt/raiko/provers/sgx"
+RAIKO_APP_DIR="/opt/raiko/bin"
 RAIKO_GUEST_APP_FILENAME="sgx-guest"
-RAIKO_INPUT_MANIFEST_FILENAME="$RAIKO_GUEST_APP_FILENAME.manifest"
+RAIKO_INPUT_MANIFEST_FILENAME="$RAIKO_GUEST_APP_FILENAME.docker.manifest.template"
 RAIKO_OUTPUT_MANIFEST_FILENAME="$RAIKO_GUEST_APP_FILENAME.manifest.sgx"
 RAIKO_SIGNED_MANIFEST_FILENAME="$RAIKO_GUEST_APP_FILENAME.sig"
 
 function sign_gramine_manifest() {
-    cd "$RAIKO_GUEST_APP_DIR"
+    cd "$RAIKO_APP_DIR"
     gramine-sgx-sign --manifest "$RAIKO_INPUT_MANIFEST_FILENAME" --output "$RAIKO_OUTPUT_MANIFEST_FILENAME"
     mkdir -p "$RAIKO_DOCKER_VOLUME_CONFIG_PATH"
     cp "$RAIKO_OUTPUT_MANIFEST_FILENAME" "$RAIKO_SIGNED_MANIFEST_FILENAME" "$RAIKO_DOCKER_VOLUME_CONFIG_PATH"
@@ -23,7 +23,7 @@ function sign_gramine_manifest() {
 
 function bootstrap() {
     mkdir -p "$RAIKO_DOCKER_VOLUME_SECRETS_PATH"
-    cd "$RAIKO_GUEST_APP_DIR"
+    cd "$RAIKO_APP_DIR"
     gramine-sgx "$RAIKO_GUEST_APP_FILENAME" bootstrap
     cd -
 }
@@ -35,24 +35,20 @@ else
 fi
 
 sed -i "s/https:\/\/localhost:8081/https:\/\/${MY_PCCS_HOST}/g" /etc/sgx_default_qcnl.conf
-
+sed -i "s/123456/${SGX_INSTANCE_ID}/" /etc/raiko/config.sgx.json
 /restart_aesm.sh
 
-/opt/raiko/bin/raiko-host "$@"
-
-# if [[ $# -eq 1 && $1 == "--init" ]]; then
-#     if [[ ! -f "$GRAMINE_PRIV_KEY" ]]; then
-#         gramine-sgx-gen-private-key
-#     fi
-#     sign_gramine_manifest
-#     bootstrap
-# else
-#     if [[ ! -f "$RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH" ]]; then
-#         echo "Application was not bootstrapped. "\
-#              "$RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH is missing. Bootstrap it first." >&2
-#         exit 1
-#     fi
-
-#     sign_gramine_manifest
-#     /opt/raiko/bin/raiko-host "$@"
-# fi
+echo $#
+if [[ $# -eq 1 && $1 == "--init" ]]; then
+    echo "start bootstrap"
+    bootstrap
+else
+    echo "start proving"
+    if [[ ! -f "$RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH" ]]; then
+        echo "Application was not bootstrapped. "\
+             "$RAIKO_DOCKER_VOLUME_PRIV_KEY_PATH is missing. Bootstrap it first." >&2
+        exit 1
+    fi
+
+    /opt/raiko/bin/raiko-host "$@"
+fi
diff --git a/host/config/config.sgx.json b/host/config/config.sgx.json
@@ -1,6 +1,6 @@
 {
     "network": "taiko_a7",
     "sgx": {
-        "instance_id": 456
+        "instance_id": 123456
     }
 }