This example is a slightly modified variant of the Gramine nginx example. These changes are required to run it with MarbleRun.
Prerequisite: Gramine is installed and the original nginx example is working. You will need hardware with Intel SGX support, and the Coordinator must not run in simulation mode.
To marbleize the example we edited nginx.manifest.template. See comments starting with MARBLERUN for explanations of the required changes.
We also removed certificate generation from the Makefile because it will be provisioned by the Coordinator. See manifest.json on how this is specified.
We now build the example as follows:
openssl genrsa -3 -out enclave-key.pem 3072
make SGX=1Then get Measurement from the build output and set it as UniqueID in manifest.json.
Start the Coordinator in a SGX enclave:
erthost ../../build/coordinator-enclave.signedThe Coordinator exposes two APIs, a client REST API (port 4433) and a mesh API (port 2001). While the Coordinator and your Marble communicate via the mesh API, you can administrate the Coordinator via the REST API.
Once the Coordinator instance is running, you can upload the manifest to the Coordinator's client API:
curl -k --data-binary @manifest.json https://localhost:4433/manifestThe type of the Marble is defined in the manifest.json. In this example, the manifest defines a single Marble, which is called "frontend". To run the application, you need to set the EDG_MARBLE_TYPE environment variable to that name.
EDG_MARBLE_TYPE=frontend gramine-sgx nginxFrom a new terminal, check if nginx is running properly:
curl -k https://localhost:8444