SCONE Curated Images¶
We provide a set of curated SCONE container images on a (partially private) repositories on Docker hub:
|sconecuratedimages/crosscompilers||a container image with all the SCONE crosscompilers.|
|sconecuratedimages/crosscompilers:runtime||a container image that can run dynamically linked applications inside of an enclave.|
|sconecuratedimages/apps:python-3.7.3-alpine3.10||a container image including a python interpreter running inside of an enclave.|
|sconecuratedimages/apps:python-2.7-alpine3.6||a container image including a python interpreter running inside of an enclave.|
|sconecuratedimages/apps:mongodb-alpine||MongoDB container image.|
|sconecuratedimages/apps:scone-vault-latest||Vault 0.8.1 container image.|
|sconecuratedimages/apps:memcached-alpine||Memcached container image.|
|sconecuratedimages/apps:node-8.9-alpine||a container image for node running inside an enclave.|
|sconecuratedimages/apps:nginx-1.13-alpine||a container image for nginx running inside an enclave.|
|sconecuratedimages/apps:8-jdk-alpine||a container image for Java applications running inside an enclave.|
Please send us an email if you need a curated image of another application or a different/newer version of an application. Most of the time, we will be able to provide you an image on short notice.
Access to some SCONE images is restricted. First, create a new docker hub ID (- in case you do not yet have one). Second, get access to the private images for evaluation by sending email to scontain.com with your docker hub id and short statement what images you want to evaluate and what you plan to do with the images. Second, log into to docker hub via:
> docker login
before you will be able to pull any of the private curated images.
To run a local copy of the SCONE (cross-)compilers, just pull the appropriate image on your computer.
Even if you have no SGX CPU extension / no SGX driver installed on your computer, you can use a standard gcc compiler - as long as the requirements mentioned in SGX ToolChain are satisfied.
docker pull sconecuratedimages/muslgcc
Note that the binaries generated with the above image are just native binaries, i.e., they run outside of enclaves. To be able to run the binary inside of an enclave, you need to have installed the SCONE runtime library.
To run a dynamically-linked binary, one needs a special runtime environment. We provide this in form of a (private) container image:
docker pull sconecuratedimages/crosscompilers:runtime
To generate statically-linked secure binaries you need a cross compiler. You can pull this image from Docker hub (you need to be granted access rights for that):
docker pull sconecuratedimages/crosscompilers
Scone Hello World¶
You can pull the following (private) image. This image only runs in hardware mode:
docker pull sconecuratedimages/helloworld
If you installed the patched Docker engine, run the helloworld program inside of an enclave via
> docker run sconecuratedimages/helloworld Hello World
This command will fail in case you have the standard Docker engine installed:
docker run sconecuratedimages/helloworld
error opening sgx device: No such file or directory
You can run on the standard Docker engine - if you have the SGX driver installed:
> docker run --device=/dev/isgx sconecuratedimages/helloworld Hello World
If you do not have the SGX driver installed, you get an error message:
> docker run --device=/dev/isgx sconecuratedimages/helloworld docker: Error response from daemon: linux runtime spec devices: error gathering device information while adding custom device "/dev/isgx": no such file or directory.
In this case, install the SGX driver. This installation will fail in case you disabled SGX in the BIOS or your CPU is not SGX-enabled.