Skip to content

SCONE Curated Images

We provide a set of curated SCONE container images on a (partially private) repositories on Docker hub:

Private images:1

Image Name Description
registry.scontain.com:5050/sconecuratedimages/crosscompilers a container image with all the SCONE crosscompilers.
registry.scontain.com:5050/sconecuratedimages/crosscompilers:runtime a container image that can run dynamically linked applications inside of an enclave.
registry.scontain.com:5050/sconecuratedimages/apps:python-3.7.3-alpine3.10 a container image including a python interpreter running inside of an enclave.
registry.scontain.com:5050/sconecuratedimages/apps:python-2.7-alpine3.6 a container image including a python interpreter running inside of an enclave.
registry.scontain.com:5050/sconecuratedimages/apps:mongodb-alpine MongoDB container image.
registry.scontain.com:5050/sconecuratedimages/apps:scone-vault-latest Vault 0.8.1 container image.
registry.scontain.com:5050/sconecuratedimages/apps:memcached-alpine Memcached container image.
registry.scontain.com:5050/sconecuratedimages/apps:node-8.9-alpine a container image for node running inside an enclave.
registry.scontain.com:5050/sconecuratedimages/apps:nginx-1.13-alpine a container image for nginx running inside an enclave.
registry.scontain.com:5050/sconecuratedimages/apps:8-jdk-alpine a container image for Java applications running inside an enclave.

Please send us an email if you need a curated image of another application or a different/newer version of an application. Most of the time, we will be able to provide you an image on short notice.

Login in

Access to some SCONE images is restricted. First, register a free account on gitlab.scontain.com. Second, log into to our Scontain registry via:

docker login registry.scontain.com:5050

before you will be able to pull any of the private curated images.

Scone Compilers

To run a local copy of the SCONE (cross-)compilers, just pull the appropriate image on your computer.

Dynamically-Linked Binaries

Even if you have no SGX CPU extension / no SGX driver installed on your computer, you can use a standard gcc compiler - as long as the requirements mentioned in SGX ToolChain are satisfied.

docker pull registry.scontain.com:5050/sconecuratedimages/muslgcc

Note that the binaries generated with the above image are just native binaries, i.e., they run outside of enclaves. To be able to run the binary inside of an enclave, you need to have installed the SCONE runtime library.

To run a dynamically-linked binary, one needs a special runtime environment. We provide this in form of a (private) container image:

docker pull registry.scontain.com:5050/sconecuratedimages/crosscompilers:runtime

Statically-Linked Binaries

To generate statically-linked secure binaries you need a cross compiler. You can pull this image from Docker hub (you need to be granted access rights for that):

docker pull registry.scontain.com:5050/sconecuratedimages/crosscompilers

Scone Hello World

You can pull the following (private) image. This image only runs in hardware mode:

docker pull registry.scontain.com:5050/sconecuratedimages/helloworld

You can run on the standard Docker engine - if you have the SGX driver installed. We determine which SGX device to mount with function determine_sgx_device.

determine_sgx_device
> docker run $MOUNT_SGXDEVICE registry.scontain.com:5050/sconecuratedimages/helloworld
Hello World

If you do not have the SGX driver installed, you get an error message:

> docker run $MOUNT_SGXDEVICE registry.scontain.com:5050/sconecuratedimages/helloworld
docker: Error response from daemon: linux runtime spec devices: error gathering device information while adding custom device "/dev/isgx": no such file or directory.

In this case, install the SGX driver. This installation will fail in case you disabled SGX in the BIOS or your CPU is not SGX-enabled.

Screencast

asciicast


  1. Just register a free account on gitlab.scontain.com