From 8b8d29277f3510ca4beb2962a7ba3cdc74c17c26 Mon Sep 17 00:00:00 2001 From: RogerLamTd Date: Fri, 6 Dec 2024 17:00:22 +0800 Subject: [PATCH 1/4] init --- docs/README_Docker_and_RA.md | 21 ++++++++++++++++---- script/check-epc-size.sh | 0 script/raiko-setup.sh | 38 ++++++++++++++++++++++++++++++++++++ 3 files changed, 55 insertions(+), 4 deletions(-) mode change 100644 => 100755 script/check-epc-size.sh create mode 100755 script/raiko-setup.sh diff --git a/docs/README_Docker_and_RA.md b/docs/README_Docker_and_RA.md index ce891420..171fcb75 100644 --- a/docs/README_Docker_and_RA.md +++ b/docs/README_Docker_and_RA.md @@ -2,14 +2,27 @@ This tutorial was created to assist you in setting up Raiko and its SGX dependencies using a Docker container. Configuring SGX can be complex without a detailed guide to walk you through each step. This tutorial strives to provide a comprehensive walkthrough, leaving no detail unaddressed. -> **_NOTE:_** Currently, raiko v1.3.0 sometimes encounters OOM errors (Out of Memory). We recommend that you do NOT use 1.3.0 in production as this can lead to losses. Please instead use 1.3.0-edmm ONLY if you have a SGX-2 enabled machine (i.e. pull the image with `docker pull us-docker.pkg.dev/evmchain/images/raiko:1.3.0-edmm` and proceed as normal). If you have bootstrapped and started using the 1.3.0 image, you will have to redo the process with the 1.3.0-edmm image if you wish to continue proving without error. We are working on a hotfixed version at the moment, thank you for your patience. - ## Recommended Specs We recommended 4 cores and 8GB memory for running Raiko. 8 cores and 16GB memory is ideal; the bare minimum is 2 cores and 4GB memory (tentative). We also recommend an EPC (Enclave memory) size of 4GB for mainnet, to prevent OOM errors. You can check your machine's EPC size by running `./script/check-epc-size.sh`. +## Installing Dependencies + +To make the process of setup a bit more straightforward, we've provided a script to install dependencies and check your machine's FMSPC in one go. Please prepare your Intel API Key before running. + +```bash +cd raiko +sudo bash script/raiko-setup.sh +source ~/.bashrc +foundryup +``` + +The script does NOT include Docker as that is dependent on your distribution, please follow the docs to install the CLI. + +After running this script your machine should be setup and you may skip to the `2. Generating PCCS Certificates` part of the guide and continue as normal. + ## Prerequisites Intel SGX is a technology that involves a considerable amount of configuration. Given its high level of configurability, the setup of your infrastructure may vary significantly depending on the attestation type (EPID, ECDSA) and other parameters. While we've strived to minimize the manual effort required to prepare the development environment, there are certain prerequisites that are challenging, if not impossible, to automate using Dockerfiles. This section outlines these prerequisites. @@ -284,11 +297,11 @@ docker compose build raiko If you do not wish to build the image locally, you can optionally pull them from our registry. ``` -docker pull us-docker.pkg.dev/evmchain/images/raiko:1.3.0-edmm +docker pull us-docker.pkg.dev/evmchain/images/raiko:1.4.0 docker pull us-docker.pkg.dev/evmchain/images/pccs:latest ``` -If you do this step, you need to change your raiko docker-compose.yml to use this image. Navigate to `raiko/docker` and search for `raiko:latest` and change all instances to `raiko:1.3.0-edmm`. +If you do this step, you need to change your raiko docker-compose.yml to use this image. Navigate to `raiko/docker` and search for `raiko:latest` and change all instances to `raiko:1.4.0`. You can continue on with the following steps as usual after this. diff --git a/script/check-epc-size.sh b/script/check-epc-size.sh old mode 100644 new mode 100755 diff --git a/script/raiko-setup.sh b/script/raiko-setup.sh new file mode 100755 index 00000000..ae0e3cfd --- /dev/null +++ b/script/raiko-setup.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +apt-get -qq install -y cpuid git build-essential wget python-is-python3 debhelper zip libcurl4-openssl-dev pkgconf libboost-dev libboost-system-dev libboost-thread-dev protobuf-c-compiler libprotobuf-c-dev protobuf-compiler + +count=$(cpuid | grep -ic "SGX: Software Guard Extensions supported = true") + +if [ $count -lt 1 ] +then + echo "This machine does not have SGX support" + exit 1 +fi + +linux_ver=$(uname -r | grep -ic "6.*") + +if [ $linux_ver -lt 1 ] +then + echo "Please ensure that your Linux kernel version is `6.0` or above." + exit 1 +fi + +echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" | tee /etc/apt/sources.list.d/intel-sgx.list > /dev/null + +wget -q -O - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - + +apt -qq update + +apt -qq install sgx-pck-id-retrieval-tool + +echo "Please enter your Intel PCS Service API key" + +read -r API_KEY + +PCKIDRetrievalTool -f /tmp/pckid.csv && pckid=$(cat /tmp/pckid.csv) && ppid=$(echo "$pckid" | awk -F "," '{print $1}') && cpusvn=$(echo "$pckid" | awk -F "," '{print $3}') && pcesvn=$(echo "$pckid" | awk -F "," '{print $4}') && pceid=$(echo "$pckid" | awk -F "," '{print $2}') && curl -v "https://api.trustedservices.intel.com/sgx/certification/v4/pckcert?encrypted_ppid=${ppid}&cpusvn=${cpusvn}&pcesvn=${pcesvn}&pceid=${pceid}" -H "Ocp-Apim-Subscription-Key:${API_KEY}" 2>&1 | grep -i "SGX-FMSPC" + +echo "If your FMSPC is not on the list, please create a GitHub issue to have it added. If not, you will not be able to run Raiko." + +curl -fsSL https://get.pnpm.io/install.sh | sh - +curl -L https://foundry.paradigm.xyz | bash From c9ea96a6a170d15d0d0b228c2bd88361db0caa3c Mon Sep 17 00:00:00 2001 From: RogerLamTd Date: Mon, 9 Dec 2024 11:13:45 +0800 Subject: [PATCH 2/4] use v2/proof --- docs/README_Docker_and_RA.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README_Docker_and_RA.md b/docs/README_Docker_and_RA.md index 171fcb75..0e3509dc 100644 --- a/docs/README_Docker_and_RA.md +++ b/docs/README_Docker_and_RA.md @@ -466,7 +466,7 @@ Opt { Once your Raiko instance is running, you can verify if it was started properly as follows: ``` - curl --location 'http://localhost:8080/proof' \ + curl --location 'http://localhost:8080/v2/proof' \ --header 'Content-Type: application/json' \ --data '{ "proof_type": "sgx", From abfcfc6445258181078fc65e84b5fb1e8d41be8a Mon Sep 17 00:00:00 2001 From: RogerLamTd Date: Mon, 9 Dec 2024 11:19:20 +0800 Subject: [PATCH 3/4] update response format --- docs/README_Docker_and_RA.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/README_Docker_and_RA.md b/docs/README_Docker_and_RA.md index 0e3509dc..1f822b85 100644 --- a/docs/README_Docker_and_RA.md +++ b/docs/README_Docker_and_RA.md @@ -489,9 +489,13 @@ The response should look like this: ``` { "data": { - "output": null, - "proof": "0x00000206c3694ecb5c....6e0e7a36546bf98caa7bb4ac2cd4f917c2102116167e42c54849f15044c032e1c", - "quote": "03000200000000000a000f00939a72....0a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a00" + "proof": { + "input": "0x.....", + "kzg_proof": "null", + "proof": "0x.....", + "quote": "03000200000000000a000f00939a72....0a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a00", + "uuid": null + } }, "status": "ok" } From 6a5526b9c5ccbd04d6698de77b6734b2f59bb1ac Mon Sep 17 00:00:00 2001 From: RogerLamTd Date: Mon, 9 Dec 2024 11:47:47 +0800 Subject: [PATCH 4/4] add finding instance id instruction --- docs/README_Docker_and_RA.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/README_Docker_and_RA.md b/docs/README_Docker_and_RA.md index 1f822b85..9861f162 100644 --- a/docs/README_Docker_and_RA.md +++ b/docs/README_Docker_and_RA.md @@ -403,6 +403,9 @@ It should look like this: emit InstanceAdded(id: 1, instance: 0xc369eedf4C69CacceDa551390576EAd2383E6f9E, replaced: 0x0000000000000000000000000000000000000000, validSince: 1708704201 [1.708e9]) ``` +If you accidentally cleared your terminal or somehow otherwise fail to view this event log, you can find this value in the Etherscan at your prover EOA. +You should see a new transaction with the method `Register Instance` sent to the respective `SGX_VERIFIER_ADDRESS`; viewing the transaction details and accessing the transaction receipt event logs should show the InstanceAdded event! + ## Running Raiko Once you've completed the above steps, you can actually run a prover.