Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Clean up verifier tool #77

Merged
merged 1 commit into from
Feb 24, 2025
Merged

fix: Clean up verifier tool #77

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions tools/pcr0-verifier/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ RUN amazon-linux-extras enable aws-nitro-enclaves-cli && \
yum clean all

COPY --from=op-enclave /app/bundle/rootfs/build/eif.bin /app/eif.bin
COPY extract-pcr0.sh /extract-pcr0.sh
RUN chmod +x /extract-pcr0.sh
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/extract-pcr0.sh"]
ENTRYPOINT ["/entrypoint.sh"]
10 changes: 5 additions & 5 deletions tools/pcr0-verifier/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# PCR0 Extractor
# PCR0 Verifier

This tool extracts the PCR0 measurement from an op-enclave EIF (Enclave Image Format) file. The PCR0 measurement is a cryptographic hash that represents the initial state of the enclave, which is crucial for attestation and verification purposes.

Expand All @@ -9,14 +9,14 @@ This tool extracts the PCR0 measurement from an op-enclave EIF (Enclave Image Fo

## Building and Running

1. Build the PCR0 extractor container:
1. Build the PCR0 verifier container:
```bash
docker build -t pcr0-extractor .
docker build -t pcr0-verifier .
```

2. Run the container to extract the PCR0:
```bash
docker run --rm pcr0-extractor
docker run --rm pcr0-verifier
```

The tool will:
Expand Down Expand Up @@ -48,4 +48,4 @@ The output will include both the raw PCR0 measurement and instructions for verif

## Note

The PCR0 measurement is specific to the version of the op-enclave EIF being examined. The current version being used is specified in the Dockerfile as `TAG=v0.0.1-rc5`.
The PCR0 measurement is specific to the version of the op-enclave EIF being examined. The current version being used is specified in the Dockerfile as `TAG=v0.0.1-rc5`. You can perform the same measurement on other EIF files by modifying the Dockerfile.
2 changes: 1 addition & 1 deletion tools/pcr0-verifier/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@ echo -e "\n# Then run these commands to verify:"
echo "# To register a new PCR0 (requires owner access):"
echo "cast send \$SYSTEM_CONFIG_GLOBAL_ADDRESS 'registerPCR0(bytes)' ${PCR0_WITH_PREFIX} --rpc-url \$RPC_URL"
echo -e "\n# To check if a PCR0 is valid:"
echo "cast call \$SYSTEM_CONFIG_GLOBAL_ADDRESS 'validPCR0s(bytes32)' 0x\$(cast keccak \${PCR0}) --rpc-url \$RPC_URL"
echo "cast call \$SYSTEM_CONFIG_GLOBAL_ADDRESS 'validPCR0s(bytes32)' \$(cast keccak ${PCR0_WITH_PREFIX}) --rpc-url \$RPC_URL"
Loading