Skip to content

CAS for Development

We explain how to start a SCONE CAS instance for development on your local machine. This CAS instance runs inside a debug enclave, i.e., do not use this in production. For setting up a production mode CAS, send us an email.

For running CAS in a Kubernetes Cluster, please set up CAS with helm.

Public CAS for development

We have setup a public CAS instance at domain scone-cas.cf for testing and development. This instance runs in pre-release mode, i.e., do not use this instance for production.

Pulling CAS Image

To start CAS, you first pull CAS Docker image to your local registry. To be able to do so, please ask us via email for access to CAS. We will give you access to a private Docker repository and we will send you the name of the private repository.

For this tutorial, please set the environment variable CAS to the name of the Docker repository - typically this might look something like this:

export CAS=registry.scontain.com:5050/sconecuratedimages/services:cas

Pull the CAS image like this:

docker pull $CAS

If this fails, ensure that you are logged into docker (via docker login) and that you set environment variable CAS properly.

Determining the SGX device

Depending on the platform, the SGX device is named /dev/sgx_enclave, /dev/sgx/sgx_enclave (legacy), /dev/isgx (legacy) or /dev/sgx (legacy). To write generic software, you could use the bash function determine_sgx_device. It sets environment variable SGXDEVICE to the device that needs to be mounted.

Starting and Stopping CAS

The easiest way to start CAS is to use a simple Docker compose file. To do so, create a new directory for the Docker compose file:

mkdir -p CAS
cd CAS

Create a compose file that exposes the ports of CAS to the host:

determine_sgx_device
cat > docker-compose.yml <<EOF
version: '3.2'
services:
    cas:
        command: sh -c "SCONE_HEAP=1G cas -c /etc/cas/cas.toml"
        environment:
         - SCONE_LOG=7
         - SCONE_MODE=HW
        image: $CAS
        volumes:
          - "$SGXDEVICE:$SGXDEVICE"
        ports:
          - target: 8081
            published: 8081
            protocol: tcp
            mode: host
          - target: 18765
            published: 18765
            protocol: tcp
            mode: host
EOF

Now start CAS in the background as follows:

docker-compose up -d cas

By executing

docker-compose logs cas

you will see the output of CAS.

You can check if CAS is still running by executing:

docker-compose up -d cas

This will result in an output like

cas_cas_1 is up-to-date

You can stop CAS by executing:

docker-compose stop cas