Skip to content

Commit

Permalink
Update docu
Browse files Browse the repository at this point in the history
Signed-off-by: Marcus Brandenburger <[email protected]>
  • Loading branch information
mbrandenburger committed Jan 14, 2019
1 parent 7334ef5 commit d1136c6
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 16 deletions.
53 changes: 42 additions & 11 deletions ecc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,51 @@ chaincode implementation see ecc_encalve/.

The following steps guide you through the build phase. Make sure this project is on your GOPATH.

First, build the chaincode and the validiation plugin
First, build the chaincode and the validation plugin

$ make

Next, build the chaincode docker image. Note that normally the fabric peer
itself creates the docker image when a new chaincode is installed. However, we
use a custom chaincode environment docker image that has SGX support enabled.
You can define the peer name and the chaincode name using PEER_NAME and
CC_NAME.

$ make docker DOCKER_IMAGE=dev-jdoe-ecc-0

Next, build the chaincode docker image that is used by a fabric peer
to run our chaincode. Normally, the peer creates the docker image
automatically when a new chaincode is installed. In particular, it
fetches the source code, builds the chaincode binary, and copies them
into a new docker images based on fabric-ccenv. Note that, since the
peer is lazy, the docker image is only created when the chaincode is
installed and it is not already existing. The image name comprise of
the peer name, the chaincode name, and a hash.

However, we use a custom chaincode environment docker image that has
SGX-support enabled. In order to tell a peer to use our SGX chaincode
image, we need to override an existing chaincode image.

For example: ``dev-jdoe-ecc-0-8bdbb434df41902eb2d2b2e2f10f6b0504b63f56eb98582f307c11a15fc14eb7``

Therefore, first install some chaincode, which we are going to override,
and check if the corresponding docker image has been created
successfully.

$ peer chaincode install -n ecc -v 0 -p github.com/hyperledger/fabric/examples/chaincode/go/example02/cmd
$ docker images

Now you should see ``ecc`` in the list of docker images ``$ docker images``.
REPOSITORY
TAG IMAGE ID
dev-jdoe-ercc-0-a5a84629692f2ed6e111c44bd91e8c3e0906deb39d9e16f7acd5aefc51303184
latest 7a5ea0677404
dev-jdoe-ecc-0-8bdbb434df41902eb2d2b2e2f10f6b0504b63f56eb98582f307c11a15fc14eb7
latest 0c18434ae5e3

Next, just run ```make docker`` to override the existing docker image with
our SGX chaincode. To verify that the image contains our enclave
code, let's have a look inside the image and see if we can see an
enclave folder.

$ make docker
$ docker run -i -t --entrypoint ls dev-jdoe-ecc-0-8bdbb434df41902eb2d2b2e2f10f6b0504b63f56eb98582f307c11a15fc14eb7:latest
chaincode chaintool enclave node npm npx protoc-gen-go

You can define the peer and the chaincode name also manually.

$ make docker DOCKER_IMAGE=my-peername-ecc-0

For debugging you can also start the docker image.

$ make docker-run
36 changes: 31 additions & 5 deletions fabric/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,16 @@ to run the auction demo.

### IAS

In order to use Intel's Attestation Service (IAS) you can register
[here](https://software.intel.com/en-us/sgx). Place your client certificate
and your SPID in the ``ias`` folder.
In order to use Intel's Attestation Service (IAS) you need to register
with Intel. [Here](https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example)
you can find more details on how to obtain a signed client certificate,
registering it and get a SPID.

Place your client certificate and your SPID in the ``ias`` folder.

cp client.crt /path-to/fabric/sgxconfig/ias/client.crt
cp client.key /path-to/fabric/sgxconfig/ias/client.key
echo 'YOURSPID' | xxd -r -p > /path-to/fabric/sgxconfig/ias/spid.txt

## Run the Auction

Expand All @@ -49,18 +56,37 @@ the peer in two separate terminals using the corresponding scripts. In a
third terminal, you can you run the auction demo with ``run_sgx_auction.sh``.
Please edit ``start_peer.sh`` and point LD_LIBRARY_PATH to the tlcc enclave lib.

Note that when you run ``run_sgx_auction.sh`` the first time, you may
see the following error:

../.build/bin/peer chaincode instantiate -o localhost:7050 -C mychannel -n ecc -v 0 -c '{"args":["init"]}' -V ecc-vscc
Error: could not assemble transaction, err Proposal response was not successful, error code 500, msg transaction returned with failure:
Incorrect number of arguments. Expecting 4

Don't worry, that is OK! :) The short answer to resolve this is to just
rebuild ecc. Go to ``path-to/fabric-secure-chaincode/ecc`` and run
``make docker``. You can, then, re-run ``run_sgx_auction.sh`` and the
error is gone.

The long answer is the following: When a new chaincode is installed, the
Fabric peer takes care of building the corresponding docker image that
is used to execute the chaincode. As we need a custom SGX-enabled
environment to execute our chaincode inside an enclave, we need to tell
the peer to use our custom docker image.

* Terminal 1

$ cd fabric/sgxconfig
$ ./demo/create_channel.sh
$ ./demo/start_orderer.sh

* Terminal 2

$ cd fabric/sgxconfig
$ ./demo/start_peer.sh

* Terminal 3

$ cd fabric/sgxconfig
$ ./demo/run_sgx_auction.sh

0 comments on commit d1136c6

Please sign in to comment.