A Python interface to the SGX SDK for Linux. Uses Graphene-SGX to execute Python in an enclave.
Not actively maintained as of August 2017.
Probably doesn't even build anymore.
You don't want to use this if you are not prepared to maintain it yourself.
The submodules are outdated. Don't file bug reports to the original authors if you use these forks.
-
Initialize the submodules:
git submodule update --init
-
Run the submodules' setup scripts:
cd linux-sgx-driver && ./setup.sh && cd .. cd linux-sgx && ./setup.sh && cd .. cd graphene && ./setup.sh && cd ..
-
Adjust the paths in
config/config.py
(or keep the default paths) -
Copy the public key of the SGX Remote Attestation Challenger to
/etc/python-sgx/challenger_public.key
, or delete this line from theconfig/python3.manifest.template
if you don't want to use the remote attestation:sgx.trusted_files.challenger_public_key = file:$(CONFIG_DIR)/challenger_public.key
-
Run the setup script:
./setup.sh
-
Add your user to the
sgx
group:sudo usermod -a -G sgx $USER
Note that this will only take effect after a new login.
-
Run the uninstallation script:
sudo ./uninstall.sh
python3-sgx tests/test_seal.py seal
python3-sgx tests/test_seal.py unseal
python3-sgx tests/test_sealing_wrapper.py
Note: You have to be in the repository's base directory to be able to run the tests.
Note: You need to install the challenger package on the challenging machine and store a copy of the challenger's public key in /etc/python-sgx/challenger_public.key
. The SGX Remote Attestation Challenger package contains a script generate_key_pair.py
which creates a key in the required format.
-
Run the Quoting Manager (handles communication with the Quoting Enclave):
quoting-manager
-
Run the Remote Attestation Manager (handles communication with the challenger):
sgx-ra-manager
-
Use the SGX Remote Attestation Challenger to connect to the Remote Attestation Manager:
sgx-ra-challenger -c 127.0.0.1 6789