- git
- make
- autoconf
- libtool
- libcurl
- gcc
- g++ (ubuntu 18.04)
- SGX driver, Intel SGX SDK & PSW: Please refer to this guide to install.
- SGX DCAP: please download and install the packages from this page.
- ubuntu 18.04:
libsgx-dcap-quote-verify-dev,libsgx-dcap-ql-dev,libsgx-uae-service
- ubuntu 18.04:
- For TDX, please see the README in TDX MVP Stack. You need to download the packages and following TDX_E2E_attestation_software_stack_Installation_README-dcap-2021XXXX.txt to do step 2 & step 3 to setup build and dependence libraries.
Please follow the command to build librats from the latested source code on your system.
- Download the latest source code of librats
mkdir -p "$WORKSPACE"
cd "$WORKSPACE"
git clone https://github.com/inclavare-containers/librats- Build and install librats
If you want to build instances related to sgx(sgx_ecdsa, sgx_ecdsa_qve, sgx_la), please type the following command.
cmake -DRATS_BUILD_MODE="sgx" -H. -Bbuild
make -C build installIf you want to run instances on libos occlum, please type the following command.
cmake -DRATS_BUILD_MODE="occlum" -H. -Bbuild
make -C build installIf you want to run TDX instances, please type the following command.
cmake -DRATS_BUILD_MODE="tdx" -H. -Bbuild
make -C build installNote that SGX LVI mitigation is enabled by default. You can set macro SGX_LVI_MITIGATION to 0 to disable SGX LVI mitigation.
- Wasm support
Librats provides support for WebAssembly, which enables it to run in the browser. To build it, please type the following command.
source wasm/pre_build.sh
cmake -DRATS_BUILD_MODE="wasm" -H. -Bbuild
make -C buildWhen the compilation is finished, you can find the results in build/wasm.
Right now, Librats supports the following instance types:
| Priority | Attester instances | Verifier instances |
|---|---|---|
| 0 | nullattester | nullverifier |
| 15 | sgx_la | sgx_la |
| 20 | csv | csv |
| 35 | sev | sev |
| 42 | sev_snp | sev_snp |
| 42 | tdx_ecdsa | tdx_ecdsa |
| 52 | sgx_ecdsa | sgx_ecdsa |
| 53 | sgx_ecdsa | sgx_ecdsa_qve |
For instance priority, the higher, the stronger. By default, Librats will select the highest priority instance to use.
Notice: special prerequisites for TDX remote attestation in bios configuration and hardware capability.
Check msr 0x503, return value must be 0:
sudo rdmsr 0x503s
Note that if you want to run SEV-SNP remote attestation, please refer to link to set up the host and guest Linux kernel, qemu and ovmf bios used for launching SEV-SNP guest.
Notice: special prerequisites for SEV(-ES) remote attestation in software capability.
- Kernel support SEV(-ES) runtime attestation, please manually apply these patches.
- Start the attestation evidence broker service in host.
Notice: special prerequisites for CSV(2) remote attestation in software capability.
- Kernel support CSV(2) runtime attestation, please manually apply theses patches.
In the early bootstrap of librats, the debug message is mute by default. In order to enable it, please explicitly set the environment variable RATS_GLOBAL_LOG_LEVEL=<log_level>, where <log_level> is same as the values of the option -l.
Direct Dependencies
| Name | Repo URL | Licenses |
|---|---|---|
| linux-sgx | https://github.com/intel/linux-sgx | BSD-3-clause |
| SGXDataCenterAttestationPrimitives | https://github.com/intel/SGXDataCenterAttestationPrimitives | BSD-3-clause |
| GNU C library | C library | GNU General Public License version 3 |