Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md
build.ubuntu-1604.Dockerfile
build.ubuntu-1804.Dockerfile Upgrade to SGX SDK v1.1.0 (#184) Dec 19, 2019
docker-compose-ubuntu-1604.yml
docker-compose-ubuntu-1804.yml
fns-rt.ubuntu-1604.Dockerfile
fns-rt.ubuntu-1804.Dockerfile
kms-rt.ubuntu-1604.Dockerfile
kms-rt.ubuntu-1804.Dockerfile [docker] Fix docker building issue (#185) Dec 19, 2019
runtime.config.toml
tdfs-rt.ubuntu-1604.Dockerfile
tdfs-rt.ubuntu-1804.Dockerfile
tms-rt.ubuntu-1604.Dockerfile
tms-rt.ubuntu-1804.Dockerfile

README.md

MesaTEE Docker

This directory contains the docker infrastructure for build and runtime environment. Both Ubuntu 16.04 and 18.04 images are provided. Note that you must mount SGX device and ASEM domain socket into the container environment to use SGX feature.

Build

The build dockerfile (build.ubuntu-{1604,1804}.Dockerfile) only contains minimal dependencies to build and test the project. To use them, you can directly use pre-built docker images from Docker Hub with:

$ docker run --rm \
  --device=/dev/isgx \
  -v/var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \
  -v`pwd`:/mesatee \
  -w /mesatee \
  -it mesalocklinux/mesatee-build-ubuntu-1804

or you can also build the image by yourself with docker build:

$ docker build -t mesatee-build-ubuntu-1804 - < build.ubuntu-1804.Dockerfile

and run:

$ docker run --rm \
  --device=/dev/isgx \
  -v/var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \
  -v`pwd`:/mesatee \
  -w /mesatee \
  -it mesatee-build-ubuntu-1804

Runtime

MesaTEE contains many services, we have put each service, config and related resources into different docker image ({tms,tdfs,kms,fns}-rt.ubuntu-{1604,1804}.Dockerfile). To make the deployment simpler, we recommend to use docker-compose to manage all services. Since the remote attestation is required for all services, you should setup the Intel Attestation Service ID (SPID) and key before start the services. You can use env vars or set them in the docker-compose-ubuntu-{1604,1804}.yml file.

$ export IAS_SPID=xxxxxx
$ export IAS_KEY=xxxxxx
$ cd docker && docker-compose -f docker-compose-ubuntu-1804.yml up
Starting docker_mesatee-tms_1  ... done
Starting docker_mesatee-tdfs_1 ... done
Starting docker_mesatee-kms_1  ... done
Starting docker_mesatee-fns_1  ... done
Attaching to docker_mesatee-kms_1, docker_mesatee-tms_1, docker_mesatee-tdfs_1, docker_mesatee-fns_1
You can’t perform that action at this time.