|
@@ -31,13 +31,16 @@ The docker images download the following software:
|
|
|
|
|
|
docker/Dockerfile:
|
|
|
* Our own codebase for the [Decryptor](https://git-crysp.uwaterloo.ca/miti/Decryptor) enclave, the [Verifier](https://git-crysp.uwaterloo.ca/miti/verifier) enclave and the [PHP extension for the Apache web server](https://git-crysp.uwaterloo.ca/miti/Apache_PHP_extension).
|
|
|
- * We install [our repository for the Protobuf definitions](https://git-crysp.uwaterloo.ca/miti/dhmsgs_proto_defs.git) for passing messages between enclaves during and after local attestation.
|
|
|
- * The decryptor enclave requires the Linux SGX SDK as well as the [Intel SGX SSL library](https://github.com/intel/intel-sgx-ssl) for performing cryptography operations safely within an enclave.
|
|
|
- * The Intel SGX SSL repo essentially interfaces functions from the [OpenSSL library](https://github.com/openssl/openssl), and so we install a compatible version of that library.
|
|
|
- * To avoid code duplication, the verifier and the PHP extension use the same source code files for performing local attestation; these files are also made available in [our repo](https://git-crysp.uwaterloo.ca/miti/commonVerifierPHPfiles).
|
|
|
- * As Graphene-SGX does not support local attestation, we patched the SGX SDK libraries to run them on Graphene; the verifier uses [our patch](https://git-crysp.uwaterloo.ca/miti/linux-sgx-trts-modified) of these libraries.
|
|
|
- * We have tested the verifier with the [Pixy source code analysis tool](https://github.com/oliverklee/pixy) to perform the compliance check, however this code is commented out for now.
|
|
|
- * The PHP extension requires [PHP-CPP](https://github.com/CopernicaMarketingSoftware/PHP-CPP) to make the C++ functions of the extension available to the PHP pages. We provide manifests for the verifier and the PHP extension binaries in order to run them within Graphene-SGX. We use Graphene-SGX's Apache sample application for the Apache web server, with PHP version 7 installed from source.
|
|
|
+ * Our own helper repositories:
|
|
|
+ * [Protobuf definitions](https://git-crysp.uwaterloo.ca/miti/dhmsgs_proto_defs.git) for passing messages between enclaves during and after local attestation.
|
|
|
+ * [Common local attestation files](https://git-crysp.uwaterloo.ca/miti/commonVerifierPHPfiles) - To avoid code duplication, the verifier and the PHP extension use the same source code files for performing local attestation.
|
|
|
+ * Decryptor enclave dependencies:
|
|
|
+ * The decryptor enclave requires the [Intel SGX SSL library](https://github.com/intel/intel-sgx-ssl) for performing cryptography operations safely within an enclave.
|
|
|
+ * The Intel SGX SSL repo essentially interfaces functions from the [OpenSSL library](https://github.com/openssl/openssl), and so we install a compatible version of that library.
|
|
|
+ * Verifier dependencies:
|
|
|
+ * As Graphene-SGX does not support local attestation, we patched the SGX SDK libraries to run them on Graphene; the verifier uses [our patch](https://git-crysp.uwaterloo.ca/miti/linux-sgx-trts-modified) of these libraries.
|
|
|
+ * We have tested the verifier with the [Pixy source code analysis tool](https://github.com/oliverklee/pixy) to perform the compliance check, however this code is commented out for now.
|
|
|
+ * PHP extension dependency: The PHP extension requires [PHP-CPP](https://github.com/CopernicaMarketingSoftware/PHP-CPP) to make the C++ functions of the extension available to the PHP pages. We provide manifests for the verifier and the PHP extension binaries in order to run them within Graphene-SGX. We use Graphene-SGX's Apache sample application for the Apache web server, with PHP version 7 installed from source.
|
|
|
|
|
|
## Build steps
|
|
|
|