The geth-sgx-gramine from flashbots

verification failed because collateral is out of date

I ran Attest enclave but it failed

[ using our own SGX-measurement verification callback (via command line options) ]
  - ignoring ISV_PROD_ID
  - ignoring ISV_SVN

  . Seeding the random number generator... ok
  . Connecting to tcp/localhost/8552... ok
  . Setting up the SSL/TLS structure... ok
 ok
  . Installing RA-TLS callback ... ok
  . Performing the SSL/TLS handshake...WARNING: The ra_tls_verify_callback_der() API is deprecated in favor of the ra_tls_verify_callback_extended_der() version of API.
Azure Quote Provider: libdcap_quoteprov.so [ERROR]: Could not retrieve environment variable for 'AZDCAP_DEBUG_LOG_LEVEL'
WARNING: The collateral is out of date.
ra_tls_verify_callback: Quote: verification failed because collateral is out of date
 failed
  ! mbedtls_ssl_handshake returned -0x3000

Is it the same as the problem below?
"DCAP returns outdated collateral for Azure DCsv2/v3 machines"
microsoft/Azure-DCAP-Client#154

Explore slowness of Gramine encrypted FS mounts

1. modify geth-sgx-gramine to store DB in encrypted files

Gramine Documentation: https://gramine.readthedocs.io/en/stable/manifest-syntax.html#encrypted-files
Geth Manifest Template: https://github.com/flashbots/geth-sgx-gramine/blob/main/geth.manifest.template#L57

NOTE: geth wants to shring files during sync which is not yet supported by gramine encrypted mount points, a patch set exists: gramineproject/gramine#972
For now, use the copy database functionality to skip this problem.

2. Performance profiling

Gramine Documentation: https://gramine.readthedocs.io/en/stable/performance.html#profiling-with-perf
Example issue of how to work with Gramine team to investigate performance issues: gramineproject/gramine#853

Gramine Reproducible Builds

1. Can the TCB (trusted computing base) of a Gramine enclave be built deterministically?
2. What are Gramines build dependencies? Can these be built deterministically?

1. Gramine enclave TCB

1.1 Replicability

Create a containerized build environment for gramine based on the official debian docker image
Build gramine within this image and export all the runtime dependencies (meson install --no-rebuild --destdir/ ...)
create two consecutive builds from scratch and compare the destdirs with diffoscope
try this on different hardware

Reproducible builds terminology: ethereum/go-ethereum#18292 (comment)

Replicability (Different team, same experimental setup): The measurement can be obtained with stated precision by a different team using the same measurement procedure, the same measuring system, under the same operating conditions, in the same or a different location on multiple trials. For computational experiments, this means that an independent group can obtain the same result using the author's own artifacts.

Reproducibility (Different team, different experimental setup): The measurement can be obtained with stated precision by a different team, a different measuring system, in a different location on multiple trials. For computational experiments, this means that an independent group can obtain the same result using artifacts which they develop completely independently.

Upstream Issue: gramineproject/gramine#153

`docker build .` failing with an error

I tried to compile the project using by using Dockerfile that you provided but it is failing with:

W: Download is performed unsandboxed as root as file '/geth-sgx/ca-certificates_20210119_all.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
Fetched 3958 kB in 0s (11.6 MB/s)
Removing intermediate container 6578da39f9ab
 ---> 0f74932689cd
Step 10/26 : ADD Makefile geth_init.cpp gramine-compatibility /geth-sgx/
ADD failed: file not found in build context or excluded by .dockerignore: stat gramine-compatibility: file does not exist

Is that just me or is that Dockerfile a half-baked draft that is in progress? Why there is an apt-related error? (see: similar issue)
Where is gramine-compatibility file/dir coming from? Based on this and this I guess you've just forgot to rename gramine-compatibility with geth-patches (just a guess though).
Is it feasible/sane to run geth-sgx-gramine in Docker container, or should I rather prefer using virtual machines for whatever reason?

Full log:

$ docker build .
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            Install the buildx component to build images with BuildKit:
            https://docs.docker.com/go/buildx/

Sending build context to Docker daemon  281.1MB
Step 1/26 : ARG COMMIT=""
Step 2/26 : ARG VERSION=""
Step 3/26 : ARG BUILDNUM=""
Step 4/26 : FROM golang:1.18-bullseye as build-gramine
1.18-bullseye: Pulling from library/golang
bbeef03cda1f: Pull complete 
f049f75f014e: Pull complete 
56261d0e6b05: Pull complete 
9bd150679dbd: Pull complete 
bfcb68b5bd10: Pull complete 
06d0c5d18ef4: Pull complete 
cc7973a07a5b: Pull complete 
Digest: sha256:2cf761b45e5e3f150e332e60275cd092fb50b05fff4feec0a2856a09f9fe6b2b
Status: Downloaded newer image for golang:1.18-bullseye
 ---> c37a56a6d654
Step 5/26 : ARG GRAMINE_VERSION=gramine
 ---> Running in c72de544934d
Removing intermediate container c72de544934d
 ---> 8882dd61cb3f
Step 6/26 : RUN apt-get update &&     apt-get install -y libssl-dev gnupg software-properties-common build-essential ca-certificates git
 ---> Running in e5e3053484e6
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://deb.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Get:4 http://deb.debian.org/debian bullseye/main amd64 Packages [8183 kB]
Get:5 http://deb.debian.org/debian-security bullseye-security/main amd64 Packages [253 kB]
Get:6 http://deb.debian.org/debian bullseye-updates/main amd64 Packages [17.3 kB]
Fetched 8662 kB in 11s (774 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
ca-certificates is already the newest version (20210119).
gnupg is already the newest version (2.2.27-2+deb11u2).
The following additional packages will be installed:
  bzip2 dbus distro-info-data dmsetup dpkg-dev fakeroot gir1.2-glib-2.0
  gir1.2-packagekitglib-1.0 iso-codes libalgorithm-diff-perl
  libalgorithm-diff-xs-perl libalgorithm-merge-perl libapparmor1 libappstream4
  libargon2-1 libcap2 libcap2-bin libcryptsetup12 libdbus-1-3
  libdevmapper1.02.1 libdw1 libelf1 libfakeroot libgirepository-1.0-1
  libglib2.0-bin libglib2.0-data libgstreamer1.0-0 libicu67 libip4tc2
  libjson-c5 libkmod2 liblmdb0 libnss-systemd libpackagekit-glib2-18
  libpam-cap libpam-systemd libpolkit-agent-1-0 libpolkit-gobject-1-0
  libssl1.1 libstemmer0d libsystemd0 libunwind8 libxml2 libyaml-0-2
  lsb-release packagekit packagekit-tools patch policykit-1 python-apt-common
  python3-apt python3-dbus python3-distro-info python3-gi python3-pycurl
  python3-software-properties systemd systemd-sysv systemd-timesyncd
  unattended-upgrades xz-utils
Suggested packages:
  bzip2-doc default-dbus-session-bus | dbus-session-bus debian-keyring
  gettext-base git-daemon-run | git-daemon-sysvinit git-doc git-el git-email
  git-gui gitk gitweb git-cvs git-mediawiki git-svn isoquery
  gstreamer1.0-tools libssl-doc appstream ed diffutils-doc python3-apt-dbg
  python-apt-doc python-dbus-doc python3-dbus-dbg libcurl4-gnutls-dev
  python-pycurl-doc python3-pycurl-dbg systemd-container bsd-mailx default-mta
  | mail-transport-agent needrestart powermgmt-base
Recommended packages:
  less
The following NEW packages will be installed:
  build-essential bzip2 dbus distro-info-data dmsetup dpkg-dev fakeroot
  gir1.2-glib-2.0 gir1.2-packagekitglib-1.0 iso-codes libalgorithm-diff-perl
  libalgorithm-diff-xs-perl libalgorithm-merge-perl libapparmor1 libappstream4
  libargon2-1 libcap2 libcap2-bin libcryptsetup12 libdbus-1-3
  libdevmapper1.02.1 libdw1 libelf1 libfakeroot libgirepository-1.0-1
  libglib2.0-bin libglib2.0-data libgstreamer1.0-0 libicu67 libip4tc2
  libjson-c5 libkmod2 liblmdb0 libnss-systemd libpackagekit-glib2-18
  libpam-cap libpam-systemd libpolkit-agent-1-0 libpolkit-gobject-1-0
  libssl-dev libstemmer0d libunwind8 libxml2 libyaml-0-2 lsb-release
  packagekit packagekit-tools patch policykit-1 python-apt-common python3-apt
  python3-dbus python3-distro-info python3-gi python3-pycurl
  python3-software-properties software-properties-common systemd systemd-sysv
  systemd-timesyncd unattended-upgrades xz-utils
The following packages will be upgraded:
  git libssl1.1 libsystemd0
3 upgraded, 62 newly installed, 0 to remove and 23 not upgraded.
Need to get 37.4 MB of archives.
After this operation, 117 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye-updates/main amd64 libsystemd0 amd64 247.3-7+deb11u4 [376 kB]
Get:2 http://deb.debian.org/debian bullseye/main amd64 libapparmor1 amd64 2.13.6-10 [99.3 kB]
Get:3 http://deb.debian.org/debian bullseye/main amd64 libcap2 amd64 1:2.44-1 [23.6 kB]
Get:4 http://deb.debian.org/debian bullseye/main amd64 libargon2-1 amd64 0~20171227-0.2 [19.6 kB]
Get:5 http://deb.debian.org/debian bullseye/main amd64 dmsetup amd64 2:1.02.175-2.1 [92.1 kB]
Get:6 http://deb.debian.org/debian bullseye/main amd64 libdevmapper1.02.1 amd64 2:1.02.175-2.1 [143 kB]
Get:7 http://deb.debian.org/debian bullseye/main amd64 libjson-c5 amd64 0.15-2 [42.8 kB]
Get:8 http://deb.debian.org/debian-security bullseye-security/main amd64 libssl1.1 amd64 1.1.1n-0+deb11u5 [1559 kB]
Get:9 http://deb.debian.org/debian bullseye/main amd64 libcryptsetup12 amd64 2:2.3.7-1+deb11u1 [248 kB]
Get:10 http://deb.debian.org/debian bullseye/main amd64 libip4tc2 amd64 1.8.7-1 [34.6 kB]
Get:11 http://deb.debian.org/debian bullseye/main amd64 libkmod2 amd64 28-1 [55.6 kB]
Get:12 http://deb.debian.org/debian bullseye-updates/main amd64 systemd amd64 247.3-7+deb11u4 [4502 kB]
Get:13 http://deb.debian.org/debian bullseye-updates/main amd64 systemd-sysv amd64 247.3-7+deb11u4 [114 kB]
Get:14 http://deb.debian.org/debian bullseye/main amd64 libdbus-1-3 amd64 1.12.24-0+deb11u1 [222 kB]
Get:15 http://deb.debian.org/debian bullseye/main amd64 dbus amd64 1.12.24-0+deb11u1 [243 kB]
Get:16 http://deb.debian.org/debian bullseye/main amd64 bzip2 amd64 1.0.8-4 [49.3 kB]
Get:17 http://deb.debian.org/debian bullseye-updates/main amd64 libnss-systemd amd64 247.3-7+deb11u4 [199 kB]
Get:18 http://deb.debian.org/debian bullseye-updates/main amd64 libpam-systemd amd64 247.3-7+deb11u4 [283 kB]
Get:19 http://deb.debian.org/debian bullseye-updates/main amd64 systemd-timesyncd amd64 247.3-7+deb11u4 [131 kB]
Get:20 http://deb.debian.org/debian bullseye/main amd64 xz-utils amd64 5.2.5-2.1~deb11u1 [220 kB]
Get:21 http://deb.debian.org/debian bullseye/main amd64 patch amd64 2.7.6-7 [128 kB]
Get:22 http://deb.debian.org/debian bullseye/main amd64 dpkg-dev all 1.20.12 [2312 kB]
Get:23 http://deb.debian.org/debian bullseye/main amd64 build-essential amd64 12.9 [7704 B]
Get:24 http://deb.debian.org/debian bullseye/main amd64 distro-info-data all 0.51+deb11u3 [7812 B]
Get:25 http://deb.debian.org/debian bullseye/main amd64 libfakeroot amd64 1.25.3-1.1 [47.0 kB]
Get:26 http://deb.debian.org/debian bullseye/main amd64 fakeroot amd64 1.25.3-1.1 [87.0 kB]
Get:27 http://deb.debian.org/debian bullseye/main amd64 libgirepository-1.0-1 amd64 1.66.1-1+b1 [96.7 kB]
Get:28 http://deb.debian.org/debian bullseye/main amd64 gir1.2-glib-2.0 amd64 1.66.1-1+b1 [151 kB]
Get:29 http://deb.debian.org/debian bullseye/main amd64 libpackagekit-glib2-18 amd64 1.2.2-2 [124 kB]
Get:30 http://deb.debian.org/debian bullseye/main amd64 gir1.2-packagekitglib-1.0 amd64 1.2.2-2 [36.8 kB]
Get:31 http://deb.debian.org/debian bullseye/main amd64 git amd64 1:2.30.2-1+deb11u2 [5518 kB]
Get:32 http://deb.debian.org/debian bullseye/main amd64 iso-codes all 4.6.0-1 [2824 kB]
Get:33 http://deb.debian.org/debian bullseye/main amd64 libalgorithm-diff-perl all 1.201-1 [43.3 kB]
Get:34 http://deb.debian.org/debian bullseye/main amd64 libalgorithm-diff-xs-perl amd64 0.04-6+b1 [12.0 kB]
Get:35 http://deb.debian.org/debian bullseye/main amd64 libalgorithm-merge-perl all 0.08-3 [12.7 kB]
Get:36 http://deb.debian.org/debian bullseye/main amd64 liblmdb0 amd64 0.9.24-1 [45.0 kB]
Get:37 http://deb.debian.org/debian bullseye/main amd64 libstemmer0d amd64 2.1.0-1 [119 kB]
Get:38 http://deb.debian.org/debian bullseye/main amd64 libicu67 amd64 67.1-7 [8622 kB]
Get:39 http://deb.debian.org/debian bullseye/main amd64 libxml2 amd64 2.9.10+dfsg-6.7+deb11u4 [693 kB]
Get:40 http://deb.debian.org/debian bullseye/main amd64 libyaml-0-2 amd64 0.2.2-1 [49.6 kB]
Get:41 http://deb.debian.org/debian bullseye/main amd64 libappstream4 amd64 0.14.4-1 [172 kB]
Get:42 http://deb.debian.org/debian bullseye/main amd64 libcap2-bin amd64 1:2.44-1 [32.6 kB]
Get:43 http://deb.debian.org/debian bullseye/main amd64 libelf1 amd64 0.183-1 [165 kB]
Get:44 http://deb.debian.org/debian bullseye/main amd64 libdw1 amd64 0.183-1 [234 kB]
Get:45 http://deb.debian.org/debian bullseye/main amd64 libglib2.0-data all 2.66.8-1 [1164 kB]
Get:46 http://deb.debian.org/debian bullseye/main amd64 libglib2.0-bin amd64 2.66.8-1 [141 kB]
Get:47 http://deb.debian.org/debian bullseye/main amd64 libunwind8 amd64 1.3.2-2 [54.5 kB]
Get:48 http://deb.debian.org/debian bullseye/main amd64 libgstreamer1.0-0 amd64 1.18.4-2.1 [2230 kB]
Get:49 http://deb.debian.org/debian bullseye/main amd64 libpam-cap amd64 1:2.44-1 [15.4 kB]
Get:50 http://deb.debian.org/debian bullseye/main amd64 libpolkit-gobject-1-0 amd64 0.105-31+deb11u1 [48.5 kB]
Get:51 http://deb.debian.org/debian bullseye/main amd64 libpolkit-agent-1-0 amd64 0.105-31+deb11u1 [28.1 kB]
Get:52 http://deb.debian.org/debian-security bullseye-security/main amd64 libssl-dev amd64 1.1.1n-0+deb11u5 [1815 kB]
Get:53 http://deb.debian.org/debian bullseye/main amd64 lsb-release all 11.1.0 [27.9 kB]
Get:54 http://deb.debian.org/debian bullseye/main amd64 policykit-1 amd64 0.105-31+deb11u1 [96.7 kB]
Get:55 http://deb.debian.org/debian bullseye/main amd64 packagekit amd64 1.2.2-2 [598 kB]
Get:56 http://deb.debian.org/debian bullseye/main amd64 packagekit-tools amd64 1.2.2-2 [41.7 kB]
Get:57 http://deb.debian.org/debian bullseye/main amd64 python-apt-common all 2.2.1 [96.5 kB]
Get:58 http://deb.debian.org/debian bullseye/main amd64 python3-apt amd64 2.2.1 [190 kB]
Get:59 http://deb.debian.org/debian bullseye/main amd64 python3-dbus amd64 1.2.16-5 [108 kB]
Get:60 http://deb.debian.org/debian bullseye/main amd64 python3-distro-info all 1.0 [8720 B]
Get:61 http://deb.debian.org/debian bullseye/main amd64 python3-gi amd64 3.38.0-2 [232 kB]
Get:62 http://deb.debian.org/debian bullseye/main amd64 python3-pycurl amd64 7.43.0.6-5 [68.8 kB]
Get:63 http://deb.debian.org/debian bullseye/main amd64 python3-software-properties all 0.96.20.2-2.1 [49.7 kB]
Get:64 http://deb.debian.org/debian bullseye/main amd64 software-properties-common all 0.96.20.2-2.1 [83.4 kB]
Get:65 http://deb.debian.org/debian bullseye/main amd64 unattended-upgrades all 2.8 [88.6 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 37.4 MB in 1s (46.5 MB/s)
(Reading database ... 15718 files and directories currently installed.)
Preparing to unpack .../libsystemd0_247.3-7+deb11u4_amd64.deb ...
Unpacking libsystemd0:amd64 (247.3-7+deb11u4) over (247.3-7+deb11u1) ...
Setting up libsystemd0:amd64 (247.3-7+deb11u4) ...
Selecting previously unselected package libapparmor1:amd64.
(Reading database ... 15718 files and directories currently installed.)
Preparing to unpack .../0-libapparmor1_2.13.6-10_amd64.deb ...
Unpacking libapparmor1:amd64 (2.13.6-10) ...
Selecting previously unselected package libcap2:amd64.
Preparing to unpack .../1-libcap2_1%3a2.44-1_amd64.deb ...
Unpacking libcap2:amd64 (1:2.44-1) ...
Selecting previously unselected package libargon2-1:amd64.
Preparing to unpack .../2-libargon2-1_0~20171227-0.2_amd64.deb ...
Unpacking libargon2-1:amd64 (0~20171227-0.2) ...
Selecting previously unselected package dmsetup.
Preparing to unpack .../3-dmsetup_2%3a1.02.175-2.1_amd64.deb ...
Unpacking dmsetup (2:1.02.175-2.1) ...
Selecting previously unselected package libdevmapper1.02.1:amd64.
Preparing to unpack .../4-libdevmapper1.02.1_2%3a1.02.175-2.1_amd64.deb ...
Unpacking libdevmapper1.02.1:amd64 (2:1.02.175-2.1) ...
Selecting previously unselected package libjson-c5:amd64.
Preparing to unpack .../5-libjson-c5_0.15-2_amd64.deb ...
Unpacking libjson-c5:amd64 (0.15-2) ...
Preparing to unpack .../6-libssl1.1_1.1.1n-0+deb11u5_amd64.deb ...
Unpacking libssl1.1:amd64 (1.1.1n-0+deb11u5) over (1.1.1n-0+deb11u3) ...
Setting up libssl1.1:amd64 (1.1.1n-0+deb11u5) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
Selecting previously unselected package libcryptsetup12:amd64.
(Reading database ... 15763 files and directories currently installed.)
Preparing to unpack .../libcryptsetup12_2%3a2.3.7-1+deb11u1_amd64.deb ...
Unpacking libcryptsetup12:amd64 (2:2.3.7-1+deb11u1) ...
Selecting previously unselected package libip4tc2:amd64.
Preparing to unpack .../libip4tc2_1.8.7-1_amd64.deb ...
Unpacking libip4tc2:amd64 (1.8.7-1) ...
Selecting previously unselected package libkmod2:amd64.
Preparing to unpack .../libkmod2_28-1_amd64.deb ...
Unpacking libkmod2:amd64 (28-1) ...
Selecting previously unselected package systemd.
Preparing to unpack .../systemd_247.3-7+deb11u4_amd64.deb ...
Unpacking systemd (247.3-7+deb11u4) ...
Setting up libapparmor1:amd64 (2.13.6-10) ...
Setting up libcap2:amd64 (1:2.44-1) ...
Setting up libargon2-1:amd64 (0~20171227-0.2) ...
Setting up libjson-c5:amd64 (0.15-2) ...
Setting up libip4tc2:amd64 (1.8.7-1) ...
Setting up libkmod2:amd64 (28-1) ...
Setting up libdevmapper1.02.1:amd64 (2:1.02.175-2.1) ...
Setting up libcryptsetup12:amd64 (2:2.3.7-1+deb11u1) ...
Setting up systemd (247.3-7+deb11u4) ...
Created symlink /etc/systemd/system/getty.target.wants/[email protected] → /lib/systemd/system/[email protected].
Created symlink /etc/systemd/system/multi-user.target.wants/remote-fs.target → /lib/systemd/system/remote-fs.target.
Created symlink /etc/systemd/system/sysinit.target.wants/systemd-pstore.service → /lib/systemd/system/systemd-pstore.service.
Initializing machine ID from random generator.
Setting up dmsetup (2:1.02.175-2.1) ...
Selecting previously unselected package systemd-sysv.
(Reading database ... 16567 files and directories currently installed.)
Preparing to unpack .../00-systemd-sysv_247.3-7+deb11u4_amd64.deb ...
Unpacking systemd-sysv (247.3-7+deb11u4) ...
Selecting previously unselected package libdbus-1-3:amd64.
Preparing to unpack .../01-libdbus-1-3_1.12.24-0+deb11u1_amd64.deb ...
Unpacking libdbus-1-3:amd64 (1.12.24-0+deb11u1) ...
Selecting previously unselected package dbus.
Preparing to unpack .../02-dbus_1.12.24-0+deb11u1_amd64.deb ...
Unpacking dbus (1.12.24-0+deb11u1) ...
Selecting previously unselected package bzip2.
Preparing to unpack .../03-bzip2_1.0.8-4_amd64.deb ...
Unpacking bzip2 (1.0.8-4) ...
Selecting previously unselected package libnss-systemd:amd64.
Preparing to unpack .../04-libnss-systemd_247.3-7+deb11u4_amd64.deb ...
Unpacking libnss-systemd:amd64 (247.3-7+deb11u4) ...
Selecting previously unselected package libpam-systemd:amd64.
Preparing to unpack .../05-libpam-systemd_247.3-7+deb11u4_amd64.deb ...
Unpacking libpam-systemd:amd64 (247.3-7+deb11u4) ...
Selecting previously unselected package systemd-timesyncd.
Preparing to unpack .../06-systemd-timesyncd_247.3-7+deb11u4_amd64.deb ...
Unpacking systemd-timesyncd (247.3-7+deb11u4) ...
Selecting previously unselected package xz-utils.
Preparing to unpack .../07-xz-utils_5.2.5-2.1~deb11u1_amd64.deb ...
Unpacking xz-utils (5.2.5-2.1~deb11u1) ...
Selecting previously unselected package patch.
Preparing to unpack .../08-patch_2.7.6-7_amd64.deb ...
Unpacking patch (2.7.6-7) ...
Selecting previously unselected package dpkg-dev.
Preparing to unpack .../09-dpkg-dev_1.20.12_all.deb ...
Unpacking dpkg-dev (1.20.12) ...
Selecting previously unselected package build-essential.
Preparing to unpack .../10-build-essential_12.9_amd64.deb ...
Unpacking build-essential (12.9) ...
Selecting previously unselected package distro-info-data.
Preparing to unpack .../11-distro-info-data_0.51+deb11u3_all.deb ...
Unpacking distro-info-data (0.51+deb11u3) ...
Selecting previously unselected package libfakeroot:amd64.
Preparing to unpack .../12-libfakeroot_1.25.3-1.1_amd64.deb ...
Unpacking libfakeroot:amd64 (1.25.3-1.1) ...
Selecting previously unselected package fakeroot.
Preparing to unpack .../13-fakeroot_1.25.3-1.1_amd64.deb ...
Unpacking fakeroot (1.25.3-1.1) ...
Selecting previously unselected package libgirepository-1.0-1:amd64.
Preparing to unpack .../14-libgirepository-1.0-1_1.66.1-1+b1_amd64.deb ...
Unpacking libgirepository-1.0-1:amd64 (1.66.1-1+b1) ...
Selecting previously unselected package gir1.2-glib-2.0:amd64.
Preparing to unpack .../15-gir1.2-glib-2.0_1.66.1-1+b1_amd64.deb ...
Unpacking gir1.2-glib-2.0:amd64 (1.66.1-1+b1) ...
Selecting previously unselected package libpackagekit-glib2-18:amd64.
Preparing to unpack .../16-libpackagekit-glib2-18_1.2.2-2_amd64.deb ...
Unpacking libpackagekit-glib2-18:amd64 (1.2.2-2) ...
Selecting previously unselected package gir1.2-packagekitglib-1.0.
Preparing to unpack .../17-gir1.2-packagekitglib-1.0_1.2.2-2_amd64.deb ...
Unpacking gir1.2-packagekitglib-1.0 (1.2.2-2) ...
Preparing to unpack .../18-git_1%3a2.30.2-1+deb11u2_amd64.deb ...
Unpacking git (1:2.30.2-1+deb11u2) over (1:2.30.2-1) ...
Selecting previously unselected package iso-codes.
Preparing to unpack .../19-iso-codes_4.6.0-1_all.deb ...
Unpacking iso-codes (4.6.0-1) ...
Selecting previously unselected package libalgorithm-diff-perl.
Preparing to unpack .../20-libalgorithm-diff-perl_1.201-1_all.deb ...
Unpacking libalgorithm-diff-perl (1.201-1) ...
Selecting previously unselected package libalgorithm-diff-xs-perl.
Preparing to unpack .../21-libalgorithm-diff-xs-perl_0.04-6+b1_amd64.deb ...
Unpacking libalgorithm-diff-xs-perl (0.04-6+b1) ...
Selecting previously unselected package libalgorithm-merge-perl.
Preparing to unpack .../22-libalgorithm-merge-perl_0.08-3_all.deb ...
Unpacking libalgorithm-merge-perl (0.08-3) ...
Selecting previously unselected package liblmdb0:amd64.
Preparing to unpack .../23-liblmdb0_0.9.24-1_amd64.deb ...
Unpacking liblmdb0:amd64 (0.9.24-1) ...
Selecting previously unselected package libstemmer0d:amd64.
Preparing to unpack .../24-libstemmer0d_2.1.0-1_amd64.deb ...
Unpacking libstemmer0d:amd64 (2.1.0-1) ...
Selecting previously unselected package libicu67:amd64.
Preparing to unpack .../25-libicu67_67.1-7_amd64.deb ...
Unpacking libicu67:amd64 (67.1-7) ...
Selecting previously unselected package libxml2:amd64.
Preparing to unpack .../26-libxml2_2.9.10+dfsg-6.7+deb11u4_amd64.deb ...
Unpacking libxml2:amd64 (2.9.10+dfsg-6.7+deb11u4) ...
Selecting previously unselected package libyaml-0-2:amd64.
Preparing to unpack .../27-libyaml-0-2_0.2.2-1_amd64.deb ...
Unpacking libyaml-0-2:amd64 (0.2.2-1) ...
Selecting previously unselected package libappstream4:amd64.
Preparing to unpack .../28-libappstream4_0.14.4-1_amd64.deb ...
Unpacking libappstream4:amd64 (0.14.4-1) ...
Selecting previously unselected package libcap2-bin.
Preparing to unpack .../29-libcap2-bin_1%3a2.44-1_amd64.deb ...
Unpacking libcap2-bin (1:2.44-1) ...
Selecting previously unselected package libelf1:amd64.
Preparing to unpack .../30-libelf1_0.183-1_amd64.deb ...
Unpacking libelf1:amd64 (0.183-1) ...
Selecting previously unselected package libdw1:amd64.
Preparing to unpack .../31-libdw1_0.183-1_amd64.deb ...
Unpacking libdw1:amd64 (0.183-1) ...
Selecting previously unselected package libglib2.0-data.
Preparing to unpack .../32-libglib2.0-data_2.66.8-1_all.deb ...
Unpacking libglib2.0-data (2.66.8-1) ...
Selecting previously unselected package libglib2.0-bin.
Preparing to unpack .../33-libglib2.0-bin_2.66.8-1_amd64.deb ...
Unpacking libglib2.0-bin (2.66.8-1) ...
Selecting previously unselected package libunwind8:amd64.
Preparing to unpack .../34-libunwind8_1.3.2-2_amd64.deb ...
Unpacking libunwind8:amd64 (1.3.2-2) ...
Selecting previously unselected package libgstreamer1.0-0:amd64.
Preparing to unpack .../35-libgstreamer1.0-0_1.18.4-2.1_amd64.deb ...
Unpacking libgstreamer1.0-0:amd64 (1.18.4-2.1) ...
Selecting previously unselected package libpam-cap:amd64.
Preparing to unpack .../36-libpam-cap_1%3a2.44-1_amd64.deb ...
Unpacking libpam-cap:amd64 (1:2.44-1) ...
Selecting previously unselected package libpolkit-gobject-1-0:amd64.
Preparing to unpack .../37-libpolkit-gobject-1-0_0.105-31+deb11u1_amd64.deb ...
Unpacking libpolkit-gobject-1-0:amd64 (0.105-31+deb11u1) ...
Selecting previously unselected package libpolkit-agent-1-0:amd64.
Preparing to unpack .../38-libpolkit-agent-1-0_0.105-31+deb11u1_amd64.deb ...
Unpacking libpolkit-agent-1-0:amd64 (0.105-31+deb11u1) ...
Selecting previously unselected package libssl-dev:amd64.
Preparing to unpack .../39-libssl-dev_1.1.1n-0+deb11u5_amd64.deb ...
Unpacking libssl-dev:amd64 (1.1.1n-0+deb11u5) ...
Selecting previously unselected package lsb-release.
Preparing to unpack .../40-lsb-release_11.1.0_all.deb ...
Unpacking lsb-release (11.1.0) ...
Selecting previously unselected package policykit-1.
Preparing to unpack .../41-policykit-1_0.105-31+deb11u1_amd64.deb ...
Unpacking policykit-1 (0.105-31+deb11u1) ...
Selecting previously unselected package packagekit.
Preparing to unpack .../42-packagekit_1.2.2-2_amd64.deb ...
Unpacking packagekit (1.2.2-2) ...
Selecting previously unselected package packagekit-tools.
Preparing to unpack .../43-packagekit-tools_1.2.2-2_amd64.deb ...
Unpacking packagekit-tools (1.2.2-2) ...
Selecting previously unselected package python-apt-common.
Preparing to unpack .../44-python-apt-common_2.2.1_all.deb ...
Unpacking python-apt-common (2.2.1) ...
Selecting previously unselected package python3-apt.
Preparing to unpack .../45-python3-apt_2.2.1_amd64.deb ...
Unpacking python3-apt (2.2.1) ...
Selecting previously unselected package python3-dbus.
Preparing to unpack .../46-python3-dbus_1.2.16-5_amd64.deb ...
Unpacking python3-dbus (1.2.16-5) ...
Selecting previously unselected package python3-distro-info.
Preparing to unpack .../47-python3-distro-info_1.0_all.deb ...
Unpacking python3-distro-info (1.0) ...
Selecting previously unselected package python3-gi.
Preparing to unpack .../48-python3-gi_3.38.0-2_amd64.deb ...
Unpacking python3-gi (3.38.0-2) ...
Selecting previously unselected package python3-pycurl.
Preparing to unpack .../49-python3-pycurl_7.43.0.6-5_amd64.deb ...
Unpacking python3-pycurl (7.43.0.6-5) ...
Selecting previously unselected package python3-software-properties.
Preparing to unpack .../50-python3-software-properties_0.96.20.2-2.1_all.deb ...
Unpacking python3-software-properties (0.96.20.2-2.1) ...
Selecting previously unselected package software-properties-common.
Preparing to unpack .../51-software-properties-common_0.96.20.2-2.1_all.deb ...
Unpacking software-properties-common (0.96.20.2-2.1) ...
Selecting previously unselected package unattended-upgrades.
Preparing to unpack .../52-unattended-upgrades_2.8_all.deb ...
Unpacking unattended-upgrades (2.8) ...
Setting up liblmdb0:amd64 (0.9.24-1) ...
Setting up systemd-sysv (247.3-7+deb11u4) ...
Setting up libicu67:amd64 (67.1-7) ...
Setting up libalgorithm-diff-perl (1.201-1) ...
Setting up libyaml-0-2:amd64 (0.2.2-1) ...
Setting up distro-info-data (0.51+deb11u3) ...
Setting up libpackagekit-glib2-18:amd64 (1.2.2-2) ...
Setting up libnss-systemd:amd64 (247.3-7+deb11u4) ...
First installation detected...
Checking NSS setup...
Setting up bzip2 (1.0.8-4) ...
Setting up libunwind8:amd64 (1.3.2-2) ...
Setting up libfakeroot:amd64 (1.25.3-1.1) ...
Setting up libcap2-bin (1:2.44-1) ...
Setting up fakeroot (1.25.3-1.1) ...
update-alternatives: using /usr/bin/fakeroot-sysv to provide /usr/bin/fakeroot (fakeroot) in auto mode
Setting up python3-pycurl (7.43.0.6-5) ...
Setting up libglib2.0-data (2.66.8-1) ...
Setting up libdbus-1-3:amd64 (1.12.24-0+deb11u1) ...
Setting up dbus (1.12.24-0+deb11u1) ...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of start.
Setting up xz-utils (5.2.5-2.1~deb11u1) ...
update-alternatives: using /usr/bin/xz to provide /usr/bin/lzma (lzma) in auto mode
Setting up libssl-dev:amd64 (1.1.1n-0+deb11u5) ...
Setting up systemd-timesyncd (247.3-7+deb11u4) ...
Created symlink /etc/systemd/system/dbus-org.freedesktop.timesync1.service → /lib/systemd/system/systemd-timesyncd.service.
Created symlink /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service → /lib/systemd/system/systemd-timesyncd.service.
Setting up patch (2.7.6-7) ...
Setting up git (1:2.30.2-1+deb11u2) ...
Setting up python-apt-common (2.2.1) ...
Setting up libpam-systemd:amd64 (247.3-7+deb11u4) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
Setting up libgirepository-1.0-1:amd64 (1.66.1-1+b1) ...
Setting up libstemmer0d:amd64 (2.1.0-1) ...
Setting up lsb-release (11.1.0) ...
Setting up libelf1:amd64 (0.183-1) ...
Setting up libpam-cap:amd64 (1:2.44-1) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
Setting up python3-distro-info (1.0) ...
Setting up libalgorithm-diff-xs-perl (0.04-6+b1) ...
Setting up libxml2:amd64 (2.9.10+dfsg-6.7+deb11u4) ...
Setting up iso-codes (4.6.0-1) ...
Setting up libpolkit-gobject-1-0:amd64 (0.105-31+deb11u1) ...
Setting up libalgorithm-merge-perl (0.08-3) ...
Setting up libdw1:amd64 (0.183-1) ...
Setting up python3-dbus (1.2.16-5) ...
Setting up python3-apt (2.2.1) ...
Setting up libglib2.0-bin (2.66.8-1) ...
Setting up libappstream4:amd64 (0.14.4-1) ...
Setting up dpkg-dev (1.20.12) ...
Setting up unattended-upgrades (2.8) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline

Creating config file /etc/apt/apt.conf.d/20auto-upgrades with new version

Creating config file /etc/apt/apt.conf.d/50unattended-upgrades with new version
Created symlink /etc/systemd/system/multi-user.target.wants/unattended-upgrades.service → /lib/systemd/system/unattended-upgrades.service.
Setting up python3-software-properties (0.96.20.2-2.1) ...
Setting up gir1.2-glib-2.0:amd64 (1.66.1-1+b1) ...
Setting up build-essential (12.9) ...
Setting up libpolkit-agent-1-0:amd64 (0.105-31+deb11u1) ...
Setting up policykit-1 (0.105-31+deb11u1) ...
Setting up libgstreamer1.0-0:amd64 (1.18.4-2.1) ...
Setcap worked! gst-ptp-helper is not suid!
Setting up gir1.2-packagekitglib-1.0 (1.2.2-2) ...
Setting up python3-gi (3.38.0-2) ...
Setting up packagekit (1.2.2-2) ...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of force-reload.
Failed to open connection to "system" message bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
Created symlink /etc/systemd/user/sockets.target.wants/pk-debconf-helper.socket → /usr/lib/systemd/user/pk-debconf-helper.socket.
Setting up packagekit-tools (1.2.2-2) ...
Setting up software-properties-common (0.96.20.2-2.1) ...
Processing triggers for libc-bin (2.31-13+deb11u5) ...
Processing triggers for dbus (1.12.24-0+deb11u1) ...
Removing intermediate container e5e3053484e6
 ---> 4b7d11cce92a
Step 7/26 : RUN apt-key adv --fetch-keys https://packages.gramineproject.io/gramine-keyring.gpg &&     add-apt-repository 'deb [arch=amd64] https://packages.gramineproject.io/ stable main'
 ---> Running in 1761b0fd1cc1
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.ZWGH6uuH7E/gpg.1.sh --fetch-keys https://packages.gramineproject.io/gramine-keyring.gpg
gpg: requesting key from 'https://packages.gramineproject.io/gramine-keyring.gpg'
gpg: key 5EE1171912234070: public key "Gramine Project signing key (2021)" imported
gpg: Total number processed: 1
gpg:               imported: 1
Removing intermediate container 1761b0fd1cc1
 ---> 3694266ba7ac
Step 8/26 : WORKDIR /geth-sgx
 ---> Running in 61254838f9c9
Removing intermediate container 61254838f9c9
 ---> ec1f551b4aa5
Step 9/26 : RUN apt-get update && apt-get install -y $GRAMINE_VERSION &&     apt-get download $GRAMINE_VERSION libprotobuf-c1 openssl ca-certificates
 ---> Running in 6578da39f9ab
Hit:1 http://deb.debian.org/debian bullseye InRelease
Hit:2 http://deb.debian.org/debian-security bullseye-security InRelease
Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
Get:4 https://packages.gramineproject.io stable InRelease [1859 B]
Get:5 https://packages.gramineproject.io stable/main amd64 Packages [1141 B]
Fetched 3000 B in 0s (7323 B/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  gramine-ratls-epid libcjson1 libprotobuf-c1 libprotobuf23
  python3-cffi-backend python3-click python3-colorama python3-cryptography
  python3-jinja2 python3-markupsafe python3-pkg-resources python3-protobuf
  python3-pyelftools python3-six python3-toml
Suggested packages:
  python-cryptography-doc python3-cryptography-vectors python-jinja2-doc
  python3-setuptools
Recommended packages:
  gramine-ratls-dcap
The following NEW packages will be installed:
  gramine gramine-ratls-epid libcjson1 libprotobuf-c1 libprotobuf23
  python3-cffi-backend python3-click python3-colorama python3-cryptography
  python3-jinja2 python3-markupsafe python3-pkg-resources python3-protobuf
  python3-pyelftools python3-six python3-toml
0 upgraded, 16 newly installed, 0 to remove and 23 not upgraded.
Need to get 5208 kB of archives.
After this operation, 29.4 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 libcjson1 amd64 1.7.14-1 [22.8 kB]
Get:2 http://deb.debian.org/debian bullseye/main amd64 libprotobuf-c1 amd64 1.3.3-1+b2 [27.0 kB]
Get:3 http://deb.debian.org/debian bullseye/main amd64 python3-colorama all 0.4.4-1 [28.5 kB]
Get:4 http://deb.debian.org/debian bullseye/main amd64 python3-click all 7.1.2-1 [75.7 kB]
Get:5 http://deb.debian.org/debian bullseye/main amd64 python3-cffi-backend amd64 1.14.5-1 [85.8 kB]
Get:6 http://deb.debian.org/debian bullseye/main amd64 python3-six all 1.16.0-2 [17.5 kB]
Get:7 http://deb.debian.org/debian bullseye/main amd64 python3-cryptography amd64 3.3.2-1 [223 kB]
Get:8 http://deb.debian.org/debian bullseye/main amd64 python3-markupsafe amd64 1.1.1-1+b3 [15.2 kB]
Get:9 http://deb.debian.org/debian bullseye/main amd64 python3-jinja2 all 2.11.3-1 [114 kB]
Get:10 http://deb.debian.org/debian bullseye/main amd64 libprotobuf23 amd64 3.12.4-1 [892 kB]
Get:11 https://packages.gramineproject.io stable/main amd64 gramine amd64 1.3.1-1 [2919 kB]
Get:12 http://deb.debian.org/debian bullseye/main amd64 python3-pkg-resources all 52.0.0-4 [190 kB]
Get:13 http://deb.debian.org/debian bullseye/main amd64 python3-protobuf amd64 3.12.4-1 [382 kB]
Get:14 http://deb.debian.org/debian bullseye/main amd64 python3-pyelftools all 0.27-1 [99.5 kB]
Get:15 http://deb.debian.org/debian bullseye/main amd64 python3-toml all 0.10.1-1 [15.9 kB]
Get:16 https://packages.gramineproject.io stable/main amd64 gramine-ratls-epid amd64 1.3.1-1 [102 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 5208 kB in 0s (11.4 MB/s)
Selecting previously unselected package libcjson1:amd64.
(Reading database ... 19399 files and directories currently installed.)
Preparing to unpack .../00-libcjson1_1.7.14-1_amd64.deb ...
Unpacking libcjson1:amd64 (1.7.14-1) ...
Selecting previously unselected package libprotobuf-c1:amd64.
Preparing to unpack .../01-libprotobuf-c1_1.3.3-1+b2_amd64.deb ...
Unpacking libprotobuf-c1:amd64 (1.3.3-1+b2) ...
Selecting previously unselected package python3-colorama.
Preparing to unpack .../02-python3-colorama_0.4.4-1_all.deb ...
Unpacking python3-colorama (0.4.4-1) ...
Selecting previously unselected package python3-click.
Preparing to unpack .../03-python3-click_7.1.2-1_all.deb ...
Unpacking python3-click (7.1.2-1) ...
Selecting previously unselected package python3-cffi-backend:amd64.
Preparing to unpack .../04-python3-cffi-backend_1.14.5-1_amd64.deb ...
Unpacking python3-cffi-backend:amd64 (1.14.5-1) ...
Selecting previously unselected package python3-six.
Preparing to unpack .../05-python3-six_1.16.0-2_all.deb ...
Unpacking python3-six (1.16.0-2) ...
Selecting previously unselected package python3-cryptography.
Preparing to unpack .../06-python3-cryptography_3.3.2-1_amd64.deb ...
Unpacking python3-cryptography (3.3.2-1) ...
Selecting previously unselected package python3-markupsafe.
Preparing to unpack .../07-python3-markupsafe_1.1.1-1+b3_amd64.deb ...
Unpacking python3-markupsafe (1.1.1-1+b3) ...
Selecting previously unselected package python3-jinja2.
Preparing to unpack .../08-python3-jinja2_2.11.3-1_all.deb ...
Unpacking python3-jinja2 (2.11.3-1) ...
Selecting previously unselected package libprotobuf23:amd64.
Preparing to unpack .../09-libprotobuf23_3.12.4-1_amd64.deb ...
Unpacking libprotobuf23:amd64 (3.12.4-1) ...
Selecting previously unselected package python3-pkg-resources.
Preparing to unpack .../10-python3-pkg-resources_52.0.0-4_all.deb ...
Unpacking python3-pkg-resources (52.0.0-4) ...
Selecting previously unselected package python3-protobuf.
Preparing to unpack .../11-python3-protobuf_3.12.4-1_amd64.deb ...
Unpacking python3-protobuf (3.12.4-1) ...
Selecting previously unselected package python3-pyelftools.
Preparing to unpack .../12-python3-pyelftools_0.27-1_all.deb ...
Unpacking python3-pyelftools (0.27-1) ...
Selecting previously unselected package python3-toml.
Preparing to unpack .../13-python3-toml_0.10.1-1_all.deb ...
Unpacking python3-toml (0.10.1-1) ...
Selecting previously unselected package gramine.
Preparing to unpack .../14-gramine_1.3.1-1_amd64.deb ...
Unpacking gramine (1.3.1-1) ...
Selecting previously unselected package gramine-ratls-epid.
Preparing to unpack .../15-gramine-ratls-epid_1.3.1-1_amd64.deb ...
Unpacking gramine-ratls-epid (1.3.1-1) ...
Setting up python3-pkg-resources (52.0.0-4) ...
Setting up python3-pyelftools (0.27-1) ...
Setting up python3-colorama (0.4.4-1) ...
Setting up libprotobuf23:amd64 (3.12.4-1) ...
Setting up python3-click (7.1.2-1) ...
Setting up libcjson1:amd64 (1.7.14-1) ...
Setting up python3-markupsafe (1.1.1-1+b3) ...
Setting up libprotobuf-c1:amd64 (1.3.3-1+b2) ...
Setting up python3-six (1.16.0-2) ...
Setting up python3-jinja2 (2.11.3-1) ...
Setting up python3-toml (0.10.1-1) ...
Setting up python3-protobuf (3.12.4-1) ...
Setting up python3-cffi-backend:amd64 (1.14.5-1) ...
Setting up python3-cryptography (3.3.2-1) ...
Setting up gramine (1.3.1-1) ...
Setting up gramine-ratls-epid (1.3.1-1) ...
Processing triggers for libc-bin (2.31-13+deb11u5) ...
Get:1 http://deb.debian.org/debian bullseye/main amd64 ca-certificates all 20210119 [158 kB]
Get:2 http://deb.debian.org/debian bullseye/main amd64 libprotobuf-c1 amd64 1.3.3-1+b2 [27.0 kB]
Get:3 http://deb.debian.org/debian-security bullseye-security/main amd64 openssl amd64 1.1.1n-0+deb11u5 [854 kB]
Get:4 https://packages.gramineproject.io stable/main amd64 gramine amd64 1.3.1-1 [2919 kB]
W: Download is performed unsandboxed as root as file '/geth-sgx/ca-certificates_20210119_all.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
Fetched 3958 kB in 0s (11.6 MB/s)
Removing intermediate container 6578da39f9ab
 ---> 0f74932689cd
Step 10/26 : ADD Makefile geth_init.cpp gramine-compatibility /geth-sgx/
ADD failed: file not found in build context or excluded by .dockerignore: stat gramine-compatibility: file does not exist

Create a BLS private key on enclave startup

Create a BLS private key on enclave startup, if it doesn't exist yet.
Store encrypted on hard drive in case of application restart.

Sealing BLS key with mrenclave is the only way to guarantee confidentiality of key. This means an application update will result in a new key, unless we implement update mechanisms such as the ones discussed here.

Is it not possible to attach to geth inside sgx with a private net?

Thanks to you, I was able to successfully launch a private network. However, when I try to attach and process a transaction, the following error occurs. Is there any other way to process transactions in this case?

show4510@sgx-test:~/test-geth2/go-ethereum$ ./build/bin/geth attach ./geth-network/miner/geth.ipc
Fatal: Unable to attach to remote geth: dial unix ./geth-network/miner/geth.ipc: connect: no such file or directory

go-ethereum private network sgx implementation

I am testing geth's private network using this project as a reference.

The device I'm using is an azure VM:

Linux (Free 20.04)
Size: Standard DC2s v3 (2 VCPU count, 16 GiB memory)　-- sgx2

The command line arguments to geth are:

		./geth \
		    --datadir.ancient=/go-ethereum/geth-network/miner/geth/chaindata/ancient \
		    --networkid=15 \
		    --port=30305 \
			--verbosity=5 \
			--nodiscover \
			--nat=none \
			--http \
			--http.api=eth,net,engine,admin \
			--http.port=8552 \
			--http.corsdomain=* \
			--http.addr=0.0.0.0 \
			--http.api=personal,eth,net,web3,txpool,miner,admin \
			--ws \
			--ws.api=engine,eth,web3,net,debug \
			--authrpc.jwtsecret=/etc/jwt.hex \
			--authrpc.vhosts=* \
			--authrpc.addr=0.0.0.0 \
			--rpc.allow-unprotected-txs \
			--authrpc.port=8553 \
			--allow-insecure-unlock \
			--keystore=/go-ethereum/geth-network/miner/keystore/ \
			--unlock=0x456dfBE5E94ac5915eD811423E97bcdc1C464446 \
			--password=/go-ethereum/geth-network/miner/keystore/pw1.txt \
			--mine \
			--miner.etherbase 0x456dfBE5E94ac5915eD811423E97bcdc1C464446 \
		> $@

The manifest template is:

libos.entrypoint = "{{ entrypoint }}"

loader.log_level = "debug"

loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/lib:/usr/{{ arch_libdir }}"

loader.argv_src_file = "file:geth.args"

sys.enable_sigterm_injection = true
sys.enable_extra_runtime_domain_names_conf = true
sys.insecure__allow_eventfd = true

sgx.remote_attestation = "none"

fs.mounts = [
{ path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
{ path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
{ path = "/usr", uri = "file:/usr" },
{ path = "/etc", uri = "file:/etc" },
{ type = "tmpfs", path = "/root/.ethereum" },
{ type = "tmpfs", path = "/tmp" },
{ path = "/geth", uri = "file:geth" },
{ path = "/go-ethereum/geth-network/", uri = "file:go-ethereum/geth-network/" },
{ path = "/go-ethereum/geth-network/miner/geth/", uri = "file:go-ethereum/geth-network/miner/geth/" },
{ path = "/go-ethereum/geth-network/miner/", uri = "file:go-ethereum/geth-network/miner/" },
{ path = "/go-ethereum/geth-network/miner/geth/chaindata/", uri = "file:go-ethereum/geth-network/miner/geth/chaindata/" },
{ path = "/go-ethereum/geth-network/miner/geth/chaindata/ancient/", uri = "file:go-ethereum/geth-network/miner/geth/chaindata/ancient/" },
{ path = "/lib/ssl/certs/", uri = "file:/lib/ssl/certs/" },
{ path = "/etc/ssl/certs/", uri = "file:/etc/ssl/certs/" },
]

sgx.nonpie_binary = true
sgx.enclave_size = "{{ enclave_size }}"
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.thread_num = 16
sgx.debug = true

sgx.trusted_files = [
"file:{{ gramine.libos }}",
"file:{{ entrypoint }}",
"file:{{ gramine.runtimedir() }}/",
"file:{{ arch_libdir }}/",
"file:/usr/{{ arch_libdir }}/",
"file:geth",
"file:geth.args",
"file:/etc/ssl/certs/ca-certificates.crt",
"file:/lib/ssl/certs/",
"file:/etc/ssl/certs/",
"file:go-ethereum/geth-network/miner/keystore/",
"file:go-ethereum/geth-network/miner/geth/chaindata/",
"file:go-ethereum/geth-network/miner/geth/",
"file:go-ethereum/geth-network/miner/",
]

sgx.allowed_files = [
"file:/etc/nsswitch.conf",
"file:/etc/localtime",
"file:/etc/hosts",
"file:/etc/passwd",
"file:/etc/jwt.hex",
"file:/data",
"file:data",
]

The execution result is (excerpt of the error part):

DEBUG[01-05|07:57:30.401] Failed to decode keystore key            path=/go-ethereum/geth-network/miner/keystore/pw1.txt err="json: cannot unmarshal number into Go value of type struct { Address string \"json:\\\"address\\\"\" }"

error: Disallowing create/write/append to a trusted file 'go-ethereum/geth-network/miner/geth/chaindata/ancient/chain/bodies.cidx'

Fatal: Failed to register the Ethereum service: open /go-ethereum/geth-network/miner/geth/chaindata/ancient/chain/bodies.cidx: permission denied

Go Module Wrapper for Gramine RA-TLS attestation library

Implement a go module that wraps Gramine's RA-TLS attestation library.
The Module should export these two functions:

func ra_tls_verify(certificate []byte, mrenclave []byte, mrsigner []byte, isv_prod_id []byte, isv_svn []byte) (error);
func ra_tls_verify_der(certificate_der []byte, mrenclave []byte, mrsigner []byte, isv_prod_id []byte, isv_svn []byte) (error);

mrenclave, mrsigner, isv_prod_id, isv_svn can be nil, in which case the value shall be ignored during attestation.

running gramine-direct /geth fails, geth runs without gramine

[GETH_INIT] User requested RA-TLS attestation but cannot read SGX-specific file /dev/attestation/attestation_type
[GETH_INIT] creating RA-TLS attestation certificate failed. Aborting...

Reproducible builds

containerize builder so that it produces the same mrenclave hash throughout multiple builds from scratch #5
create dockerfile via script, should set exact version for container image and os package dependencies
#4
list the rest of the Geth-Enclaves TCB, i.e. shared OS libraries, and check their reproducibility

flashbots / geth-sgx-gramine Goto Github PK

geth-sgx-gramine's People

Contributors

Stargazers

Watchers

Forkers

geth-sgx-gramine's Issues

1. modify geth-sgx-gramine to store DB in encrypted files

2. Performance profiling

Gramine Reproducible Builds

1. Gramine enclave TCB

1.1 Replicability

Recommend Projects

Recommend Topics

Recommend Org