You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
librats provides attestation and verification capability of SGX and TDX.
367
+
It can support to get evidence in HW-TEE by API librats_collect_evidence and verify evidence
368
+
by API librats_verify_evidence. This implementation simplifies and shields the underlying
369
+
complex remote attestation flow of HW-TEE. Let user be easy to complete the attestation and verification
370
+
leveraging both APIs in libats.
371
+
The source code: [librats](https://github.com/inclavare-containers/librats)
372
+
373
+
### Architecture Overview
374
+
375
+
376
+
377
+
### Build Requirements
378
+
379
+
- git
380
+
- make
381
+
- autoconf
382
+
- libtool
383
+
- libcurl
384
+
- gcc
385
+
- g++
386
+
- openssl-devel / libssl-dev
387
+
- cargo (only needed in host mode)
388
+
- python, bzip2 (only needed in wasm mode)
389
+
- SGX driver, Intel SGX SDK & PSW: Please refer to this [guide](https://download.01.org/intel-sgx/sgx-linux/2.14/docs/Intel_SGX_SW_Installation_Guide_for_Linux.pdf) to install.
390
+
- [SGX DCAP](https://github.com/intel/SGXDataCenterAttestationPrimitives): please download and install the packages from this [page](https://download.01.org/intel-sgx/sgx-dcap/#version#linux/distro).
- For TDX, please see the README in TDX MVP Stack. You need to download the packages and following TDX_E2E_attestation_software_stack_Installation_README-dcap-2021XXXX.txt to do step 2 & step 3 to setup build and dependence libraries.
393
+
394
+
### Build and Install
395
+
396
+
Please follow the command to build librats from the latested source code on your system.
If you want to build instances related to sgx(sgx\_ecdsa, sgx\_ecdsa\_qve, sgx\_la), please type the following command.
409
+
410
+
```shell
411
+
cmake -DRATS_BUILD_MODE="sgx" -H. -Bbuild
412
+
make -C build install
413
+
```
414
+
415
+
If you want to run instances on libos occlum, please type the following command.
416
+
417
+
```shell
418
+
cmake -DRATS_BUILD_MODE="occlum" -H. -Bbuild
419
+
make -C build install
420
+
```
421
+
422
+
If you want to run TDX instances, please type the following command.
423
+
```shell
424
+
cmake -DRATS_BUILD_MODE="tdx" -H. -Bbuild
425
+
make -C build install
426
+
```
427
+
428
+
Note that [SGX LVI mitigation](https://software.intel.com/security-software-guidance/advisory-guidance/load-value-injection) is enabled by default. You can set macro `SGX_LVI_MITIGATION` to `0` to disable SGX LVI mitigation.
429
+
430
+
3. Wasm support
431
+
432
+
Librats provides support for [WebAssembly](https://webassembly.org), which enables it to run in the browser and [WAMR](https://github.com/bytecodealliance/wasm-micro-runtime).
433
+
434
+
If you want to run it in browser, please type the following command.
435
+
```shell
436
+
source wasm/emscripten/pre_build.sh
437
+
cmake -DRATS_BUILD_MODE="wasm" -H. -Bbuild
438
+
make -C build
439
+
```
440
+
441
+
When the compilation is finished, you can find the results in build/wasm.
442
+
443
+
If you want to run it in WAMR, please type the following command.
0 commit comments