CAS for Development
We explain how to start a SCONE CAS instance for development on your local machine. This CAS instance runs inside a debug enclave, i.e., do not use this in production. For setting up a production mode CAS, send us an email.
For running CAS in a Kubernetes Cluster, please set up CAS with helm.
Public CAS for development
We have setup a public CAS instance at domain scone-cas.cf
for testing and development. This instance runs in pre-release mode,
i.e., do not use this instance for production.
Pulling CAS Image
To start CAS, you first pull CAS Docker image to your local registry. To be able to do so, please ask us via email for access to CAS. We will give you access to a private Docker repository and we will send you the name of the private repository.
For this tutorial, please set the environment variable CAS
to the name of the Docker repository - typically this might look something like this:
export CAS=registry.scontain.com:5050/sconecuratedimages/services:cas
Pull the CAS image like this:
docker pull $CAS
If this fails, ensure that you are logged into docker (via docker login
) and that you set environment variable CAS
properly.
Determining the SGX device
Depending on the platform, the SGX device is named /dev/isgx
or /dev/sgx
. To write generic
software, you could use the bash function determine_sgx_device.
It sets environment variable SGXDEVICE
to the device that needs to be mounted.
Starting and Stopping CAS
The easiest way to start CAS is to use a simple Docker compose file. To do so, create a new directory for the Docker compose file:
mkdir -p CAS
cd CAS
Create a compose file that exposes the ports of CAS to the host:
determine_sgx_device
cat > docker-compose.yml <<EOF
version: '3.2'
services:
cas:
command: sh -c "SCONE_HEAP=1G cas -c /etc/cas/cas.toml"
environment:
- SCONE_LOG=7
- SCONE_MODE=HW
image: $CAS
volumes:
- "$SGXDEVICE:$SGXDEVICE"
ports:
- target: 8081
published: 8081
protocol: tcp
mode: host
- target: 18765
published: 18765
protocol: tcp
mode: host
EOF
Now start CAS in the background as follows:
docker-compose up -d cas
By executing
docker-compose logs cas
you will see the output of CAS.
You can check if CAS is still running by executing:
docker-compose up -d cas
This will result in an output like
cas_cas_1 is up-to-date
You can stop CAS by executing:
docker-compose stop cas