Skip to content

Latest commit

 

History

History
149 lines (105 loc) · 4.75 KB

README.md

File metadata and controls

149 lines (105 loc) · 4.75 KB

The Cipher ParaTime

CI lint status CI audit status

This is the Cipher ParaTime, an official Oasis Protocol Foundation's ParaTime for the Oasis Network built using the Oasis SDK.

Note

  • This ParaTime currently depends on an unreleased version of Oasis SDK.
  • The code has not yet been audited.

SGX and Non-SGX Variants of the Binary

The non-SGX variant is a regular ELF binary that can be used by Oasis nodes without SGX support to operate as client nodes.

This allows (non-SGX) Oasis nodes to interact with the Cipher ParaTime (e.g. perform non-confidential queries and validate transactions they send out) but they cannot participate in the execution of Cipher ParaTime's transactions and they cannot see its confidential state.

Building

Prerequisites

Rust

Ensure you have Rust and rustup installed on your system. For more details, see Oasis Core's Development Setup Prerequisites documentation, the Rust section.

The version of the Rust toolchain we use for the Cipher ParaTime is specified in the rust-toolchain file.

The rustup-installed versions of cargo, rustc and other tools will automatically detect this file and use the appropriate version of the Rust toolchain when invoked from the Cipher ParaTime git checkout directory.

To install the appropriate version of the Rust toolchain, make sure you are in an Cipher ParaTime git checkout directory and run:

rustup show

This will automatically install the appropriate Rust toolchain (if not present) and output something similar to:

...

active toolchain
----------------

nightly-2021-08-17-x86_64-unknown-linux-gnu (overridden by '/code/rust-toolchain')
rustc 1.56.0-nightly (0035d9dce 2021-08-16)

Then add the Fortanix SGX Rust target to this version of the Rust toolchain by running:

rustup target add x86_64-fortanix-unknown-sgx

System Packages

Building Cipher ParaTime requires the following system packages:

NOTE: On Ubuntu/Debian systems, compiling wasm3-rs crates when building the SGX binary requires having the gcc-multilib package installed.

On Fedora 35+, you can install the above with:

sudo dnf install gcc clang

On Ubuntu 20.04+, you can install the above with:

sudo apt install gcc gcc-multilib clang

Mock SGX Binary

Mock SGX allows a developer to run the Cipher ParaTime binary without performing the attestation and requiring actual SGX hardware. While you can't connect to a production Mainnet or Testnet with such a setup, it is useful for testing Cipher locally and/or testing dApps that require Cipher-specific features, for example in the CI environments.

To build the unsafe, mock SGX binary of the Cipher ParaTime for Localnet checkout the appropriate version and run:

export OASIS_UNSAFE_SKIP_AVR_VERIFY=1 OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES=1
cargo build --release --features debug-mock-sgx

The resulting ELF binary is located at target/release/cipher-paratime.

NOTE: The mock SGX binary is dynamically linked so it may not be portable between machines with different versions of shared libraries.

SGX Binary

To build the SGX binary of the Cipher ParaTime, checkout the appropriate version and run:

cargo build --release --target x86_64-fortanix-unknown-sgx
cargo elf2sgxs --release

The resulting SGX binary is located at target/x86_64-fortanix-unknown-sgx/release/cipher-paratime.sgxs.

NOTE: The SGX binary is always statically linked so it doesn't exhibit the portability issues the ELF binary has.