Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oasis Docs Improvements #731

Closed
3xz1 opened this issue Feb 7, 2024 · 0 comments · Fixed by #915
Closed

Oasis Docs Improvements #731

3xz1 opened this issue Feb 7, 2024 · 0 comments · Fixed by #915
Assignees
@amela

Comments

@3xz1
Copy link

3xz1 commented Feb 7, 2024

SUMMARY

Summary for paratime-client-node.mdx

In paratime-client-node.mdx, the section "Configuring for Confidential States" has been added to guide users through the process of enabling access to confidential states on their ParaTime Client Node using SGX. This addition addresses the need for configuring the node to interact with sensitive data securely. Additionally, it points out that certain configurations were missing initially, ensuring users are aware of the specific settings required for proper functionality.

Requested updates

Configuring for Confidential States

To enable access to confidential states on your ParaTime Client Node using SGX, follow these steps:

  1. Update Runtime Configuration:
    Add the following configuration to your /node/etc/config.yml file:

    runtime:
    # Paths to ParaTime bundles for all of the supported ParaTimes.
    paths:
        - {{ runtime_orc_path }}
    environment: sgx
    config:
      {{ paratime_id }}:
          estimate_gas_by_simulating_contracts: true
          allowed_queries:
              - all_expensive: true 
    sgx_loader: /node/bin/oasis-core-runtime-loader

Before using this configuration you should collect the following information to replace the variables present in the configuration file:.

  • {{ paratime_id}}: RUNTIME_ID - See runtime identifiers on how to choose a runtime identifier.
  • {{ runtime_orc_path }}: Path to the ParaTime bundle of the form /node/runtimes/foo-paratime.orc.
    • You can find the current Oasis-supported ParaTimes in the Network Parameters page ([Mainnet], [Testnet]).

Summary for system-configuration.mdx

In system-configuration.mdx, the documentation highlights the importance of adding SGX permissions for running a ParaTime Node or a ParaTime Client Node with SGX support. It instructs users to add the oasis user to the sgx group to grant access to SGX resources and emphasizes the significance of this step for proper functioning of the nodes.

Requested updates

  1. Adding SGX Permissions for ParaTime Node/Client

If you intend to run a ParaTime Node or a ParaTime Client Node and want to enable SGX support, you'll need to ensure that the oasis user has the necessary permissions to access SGX resources.

  1. Add oasis User to sgx Group:
    Ensure that the oasis user is added to the sgx group to grant it access to SGX resources. You can do this by running:

    sudo usermod -aG sgx oasis

  2. Start your Oasis Node.

ISSUE TYPE
  • Documentation Improvements
COMPONENT NAME

oasis docs.
@kostko kostko transferred this issue from oasisprotocol/oasis-core Feb 11, 2024
@3xz1 3xz1 mentioned this issue Feb 19, 2024
Open
@amela amela linked a pull request Aug 28, 2024 that will close this issue
docs: Add instructions to configure TEE Paratime Client Node #915
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amela amela

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: Add instructions to configure TEE Paratime Client Node oasisprotocol/docs
2 participants
@amela @3xz1