The example shows how to run teaclave builtin-functions in Occlum.
git clone https://github.com/apache/incubator-teaclave.git ./teaclave && cd ./teaclave
config/build.config.toml
and add the executable binary as accepted inbound service of scheduler. The following is an example that uses teaclave_execution_service_libos as the name of binary.scheduler = ["teaclave_execution_service", "teaclave_execution_service_libos"]
NOTE
The same name should be used inbuild.config.toml
andenclave_info.toml
.
${TEACLAVE_BIN_INSTALL_DIR}
. Work at teaclave project source directory.mkdir build && cd build cmake .. make
cmake/scripts/build_occlum_instance.sh
is a demo script to build an instance.NOTE
You should edit the attestation information and the advertised_address of scheduler inruntime.config.toml
required by teaclave_execution_service_libos before building the occlum instance.
sgx_sign dump -enclave ${TEACLAVE_BIN_INSTALL_DIR}/teaclave_instance/build/lib/libocclum-libos.signed.so \ -dumpfile ${TEACLAVE_OUT_DIR}/teaclave_execution_service_libos_enclave.meta.txt cat ${TEACLAVE_OUT_DIR}/teaclave_execution_service_libos_enclave.meta.txt | \ python ${MT_SCRIPT_DIR}/gen_enclave_info_toml.py teaclave_execution_service_libos \ > ${TEACLAVE_OUT_DIR}/teaclave_execution_service_libos_enclave_info.toml cd ${TEACLAVE_BUILD_ROOT} && make update_sig
Run teaclave services except teaclave_execution_serice and run teaclave_execution_service_libos on Occlum
# Required by teaclave services mkdir -p /tmp/fusiont_data cd ${TEACLAVE_SERVICE_INSTALL_DIR} # Before running services, you should check the information in runtime.config.toml. # For DCAP mode, start the teaclave_dcap_ref_as service first. ./teaclave_authentication_service & ./teaclave_storage_service & ./teaclave_management_service & ./teaclave_scheduler_service & ./teaclave_access_control_service & ./teaclave_frontend_service & cd $TEACLAVE_BIN_INSTALL_DIR/teaclave_instance && occlum run /bin/teaclave_execution_service_libos