From 8ea7c69d737632fc263adb260f61f248fdf0cf87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matev=C5=BE=20Jekovec?= Date: Fri, 23 Aug 2024 16:39:03 +0200 Subject: [PATCH] sapphire-runtime: Enable mock SGX --- .github/workflows/release.yaml | 3 ++- runtime/Cargo.toml | 4 ++++ runtime/Makefile | 2 +- runtime/README.md | 17 ++++++++++++----- runtime/src/lib.rs | 4 +++- 5 files changed, 22 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e35baa08..5015c543 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -25,8 +25,9 @@ jobs: pkg-dirs: runtime binaries: sapphire-paratime clean: no + features: debug-mock-sgx setup: | - export OASIS_UNSAFE_SKIP_AVR_VERIFY=1 OASIS_UNSAFE_SKIP_KM_POLICY=1 OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES=1 OASIS_UNSAFE_USE_LOCALNET_CHAINID=1 + export OASIS_UNSAFE_SKIP_AVR_VERIFY=1 OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES=1 OASIS_UNSAFE_USE_LOCALNET_CHAINID=1 - name: Create the debug Oasis Runtime Container run: | diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml index 4018898f..ff3b573d 100644 --- a/runtime/Cargo.toml +++ b/runtime/Cargo.toml @@ -30,3 +30,7 @@ once_cell = "1.8.0" [profile.release] codegen-units = 1 lto = "thin" + +[features] +# Enables mock SGX in test builds. +debug-mock-sgx = ["oasis-runtime-sdk/debug-mock-sgx"] diff --git a/runtime/Makefile b/runtime/Makefile index c2699850..c123de94 100644 --- a/runtime/Makefile +++ b/runtime/Makefile @@ -4,7 +4,7 @@ SAPPHIRE_DEV_DOCKER=ghcr.io/oasisprotocol/sapphire-localnet:latest all: build-debug: - OASIS_UNSAFE_SKIP_AVR_VERIFY=1 OASIS_UNSAFE_SKIP_KM_POLICY=1 OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES=1 OASIS_UNSAFE_USE_LOCALNET_CHAINID=1 cargo build + OASIS_UNSAFE_SKIP_AVR_VERIFY=1 OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES=1 OASIS_UNSAFE_USE_LOCALNET_CHAINID=1 cargo build --features debug-mock-sgx pull: docker pull $(SAPPHIRE_DEV_DOCKER) diff --git a/runtime/README.md b/runtime/README.md index 6ffcc16d..8cffcfdf 100644 --- a/runtime/README.md +++ b/runtime/README.md @@ -93,18 +93,25 @@ Add the Fortanix SGX tools by running: cargo install --locked fortanix-sgx-tools sgxs-tools ``` -### Non-SGX Binary +### Mock SGX Binary -To build the non-SGX binary of the Sapphire ParaTime, checkout the appropriate -version and run: +Mock SGX allows a developer to run the Sapphire ParaTime binary without +performing the attestation and requiring actual SGX hardware. While you can't +connect to a production Mainnet or Testnet with such a setup, it is useful for +testing Sapphire locally and/or testing dApps that require +Sapphire-specific features, for example in the CI environments. + +To build the unsafe, mock SGX binary of the Sapphire ParaTime for Localnet +checkout the appropriate version and run: ```shell -cargo build --release --locked +export OASIS_UNSAFE_SKIP_AVR_VERIFY=1 OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES=1 OASIS_UNSAFE_USE_LOCALNET_CHAINID=1 +cargo build --release --locked --features debug-mock-sgx ``` The resulting ELF binary is located at `target/release/sapphire-paratime`. -_NOTE: The non-SGX binary is dynamically linked so it may not be portable +_NOTE: The mock SGX binary is dynamically linked so it may not be portable between machines with different versions of shared libraries._ ### SGX Binary diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index 9edf14ad..d912e6dd 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -135,7 +135,9 @@ impl sdk::Runtime for Runtime { fn trusted_signers() -> Option { #[allow(clippy::partialeq_to_none)] - if option_env!("OASIS_UNSAFE_SKIP_KM_POLICY") == Some("1") { + if option_env!("OASIS_UNSAFE_SKIP_KM_POLICY") == Some("1") + || cfg!(feature = "debug-mock-sgx") + { return Some(TrustedSigners::default()); } let tps = keymanager::trusted_policy_signers();