This example shows how to run a Gramine application in MarbleRun. In essence, you have to add the premain process to the Gramine manifest. premain will contact the Coordinator, set up the environment, and run the actual application. See the commented hello.manifest.template for details.
First, install Gramine. You will need hardware with Intel SGX support.
Then, before you can run the example, make sure you got the prerequisites for ECDSA remote attestation installed on your system. You can collectively install them with the following command:
sudo apt install libsgx-quote-ex-devYou can build the example as follows:
openssl genrsa -3 -out enclave-key.pem 3072
makeThen get Measurement from the build output and set it as UniqueID in manifest.json.
Next, use the erthost command to start the Coordinator in a local enclave:
erthost ../../build/coordinator-enclave.signedThe Coordinator exposes two APIs, a client REST API (port 4433) and a mesh API (port 2001). While the Coordinator and your Marble communicate via the mesh API, you can administrate the Coordinator via the REST API.
Once the Coordinator instance is running, you can upload the manifest to the Coordinator's client API:
curl -k --data-binary @manifest.json https://localhost:4433/manifestThe type of the Marble is defined in the manifest.json. In this example, the manifest defines a single Marble, which is called "hello". To run the application, you need to set the EDG_MARBLE_TYPE environment variable to that name.
EDG_MARBLE_TYPE=hello gramine-sgx hello