Dockerfile Example
We show now how to create a container image that contains a very simple hello world program running inside an enclave. The program is given in C but could be any other compiled language that we support like Rust, C++ and Fortran.
Getting access
Just register a free account on gitlab.scontain.com
.
Building images without the SCONE tool chain
This example builds an image that contains the complete SCONE platform. Build your container images with a multi-stage build such that they only contain your binaries when you push your images to a public repository.
Here is the dockerfile:
cat > Dockerfile << EOF
FROM registry.scontain.com/sconecuratedimages/crosscompilers
RUN echo "#include <stdio.h>" > helloworld.c \
&& echo "int main() {" >> helloworld.c \
&& echo "printf(\"Hello World!\n\"); }" >> helloworld.c
RUN gcc -o helloworld helloworld.c
CMD bash -c "SCONE_VERSION=1 /helloworld"
EOF
Let's generate an image (helloworld) with this Dockerfile:
docker build --pull -t helloworld .
Determine which SGX device to mount with function determine_sgx_device. Let's run the image as follows:
determine_sgx_device
docker run $MOUNT_SGXDEVICE --rm helloworld
The output will look like this:
export SCONE_QUEUES=4
export SCONE_SLOTS=256
export SCONE_SIGPIPE=0
export SCONE_MMAP32BIT=0
export SCONE_SSPINS=100
export SCONE_SSLEEP=4000
export SCONE_KERNEL=0
export SCONE_HEAP=67108864
export SCONE_STACK=81920
export SCONE_CONFIG=/etc/sgx-musl.conf
export SCONE_MODE=hw
export SCONE_SGXBOUNDS=no
export SCONE_VARYS=no
export SCONE_ALLOW_DLOPEN=no
export SCONE_MPROTECT=no
Revision: 73cd5e415623f0947d635cad861d09bf364ce778 (Fri Jun 1 17:57:15 2018 +0200)
Branch: master
Configure options: --enable-shared --enable-debug --prefix=/mnt/ssd/franz/subtree-scone2/built/cross-compiler/x86_64-linux-musl
Enclave hash: 597cdef086651d46652cab78a89386b790ed058427ce1a5feacc3da7bc731902
Hello World!
Note
In case you do not have an SGX driver installed, the run will fail. Run the program in simulation mode by executing docker run --rm helloworld