Skip to content

Dockerfile Example

We show now how to create a container image that contains a very simple hello world program running inside an enclave. The program is given in C but could be any other compiled language that we support like Rust, C++ and Fortran.

SCONE Hardware Mode

Getting access

You need access to a private docker hub repository sconecuratedimages/crosscompilers to execute this example. Send us your docker hub ID to get access to this repository.

Building images without the SCONE tool chain

This example builds an image that contains the complete SCONE platform. Build your container images with a multi-stage build such that they only contain your binaries when you push your images to a public repository.

Here is the dockerfile:

cat > Dockerfile << EOF
FROM sconecuratedimages/crosscompilers

RUN echo  "#include <stdio.h>" > helloworld.c \
   && echo "int main() {" >> helloworld.c \
   && echo "printf(\"Hello World!\n\"); }" >> helloworld.c

RUN gcc -o helloworld helloworld.c

CMD bash -c "SCONE_VERSION=1 /helloworld"
EOF

Let's generate an image (helloworld) with this Dockerfile:

docker build --pull -t helloworld .

Let's run the image as follows:

docker run --device=/dev/isgx --rm helloworld

The output will look like this:

export SCONE_QUEUES=4
export SCONE_SLOTS=256
export SCONE_SIGPIPE=0
export SCONE_MMAP32BIT=0
export SCONE_SSPINS=100
export SCONE_SSLEEP=4000
export SCONE_KERNEL=0
export SCONE_HEAP=67108864
export SCONE_STACK=81920
export SCONE_CONFIG=/etc/sgx-musl.conf
export SCONE_MODE=hw
export SCONE_SGXBOUNDS=no
export SCONE_VARYS=no
export SCONE_ALLOW_DLOPEN=no
export SCONE_MPROTECT=no
Revision: 73cd5e415623f0947d635cad861d09bf364ce778 (Fri Jun 1 17:57:15 2018 +0200)
Branch: master
Configure options: --enable-shared --enable-debug --prefix=/mnt/ssd/franz/subtree-scone2/built/cross-compiler/x86_64-linux-musl

Enclave hash: 597cdef086651d46652cab78a89386b790ed058427ce1a5feacc3da7bc731902
Hello World!

Note

In case you do not have a SGX driver installed, the run will fail. Run the program in simulation mode by executing docker run --rm helloworld

© scontain.com, January 2019. Questions or Suggestions?