BlindAI
Search…
Build the server from source

Using Docker 🐳

You can build the whole project by using our Docker image. We have set up the Docker image to have a reproducible build no matter the environment. You can start the process with those commands:
Simulation
Hardware (generic)
Azure DCs v3
1
cd server
2
make init # create the TLS certificates
3
DOCKER_BUILDKIT=1 docker build \
4
--target software \
5
-t mithrilsecuritysas/blindai-server-sim:latest \
6
-f ./docker/build.dockerfile \
7
.
Copied!
1
cd server
2
make init # create the TLS certificates
3
DOCKER_BUILDKIT=1 docker build \
4
--target hardware \
5
-t mithrilsecuritysas/blindai-server:latest \
6
-f ./docker/build.dockerfile \
7
.
Copied!
This will create a policy file with allow_debug = false. To change that, use -e POLICY_ALLOW_DEBUG=true when bulding.
1
cd server
2
make init # create the TLS certificates
3
DOCKER_BUILDKIT=1 docker build \
4
--target hardware-dcsv3 \
5
-t mithrilsecuritysas/blindai-server-dcsv3:latest \
6
-f ./docker/build.dockerfile \
7
.
Copied!
This will create a policy file with allow_debug = false. To change that, use -e POLICY_ALLOW_DEBUG=true when bulding.
To run the client, you will want to get the policy.toml file from the server using:
1
# change image to mithrilsecuritysas/blindai-server-dcsv3 for Azure DCs v3
2
docker run mithrilsecuritysas/blindai-server:latest /bin/cat /root/policy.toml > policy.toml
Copied!
You will need the file host_server.pem as well, you will find this file in the folder bin/tls. You can skip this for simulation mode.
To start this docker image:
Simulation
Hardware (generic)
Azure DCs v3
1
docker run -it \
2
-p 50051:50051 \
3
-p 50052:50052 \
4
mithrilsecuritysas/blindai-server-sim:latest
Copied!
Make sure you have the correct hardware and drivers (see Hardware requirements), and run:
1
docker run -it \
2
-p 50051:50051 \
3
-p 50052:50052 \
4
--device /dev/sgx/enclave \
5
--device /dev/sgx/provision \
6
mithrilsecuritysas/blindai-server:latest /root/start.sh PCCS_API_KEY
Copied!
The PCCS_API_KEY needs to be replaced with the PCCS API Key.
A Quote Provisioning Certificate Caching Service (PCCS) is built-in inside the Docker Image in order to generate the DCAP attestation from the enclave. You need to provide an API Key in order for the PCCS server to function. You can get one from Intel here.​
This will launch the enclave in non debug-mode. If you wish to launch in debug mode, use -e ENCLAVE_DEBUG_MODE=true when launching.
1
docker run -it \
2
-p 50051:50051 \
3
-p 50052:50052 \
4
--device /dev/sgx/enclave \
5
--device /dev/sgx/provision \
6
mithrilsecuritysas/blindai-server-dcsv3:latest
Copied!
This will launch the enclave in non debug-mode. If you wish to launch in debug mode, use -e ENCLAVE_DEBUG_MODE=true when launching.

Without docker

Make sure to follow Setting up your dev environment first to set up your environment and install the build dependencies.
Simulation
Hardware (generic)
Azure DCs v3
Compile using
1
cd server
2
make SGX_MODE=SW
Copied!
Build using
1
cd server
2
make
Copied!
Build using
1
cd server
2
make
Copied!
Two files will be generated after the building process:
  • policy.toml: the enclave security policy that defines which enclave is trusted.
  • host_server.pem: TLS certificate for the connection to the untrusted (app) part of the server.
You will need these two files for running the client in non-simulation mode.

Running

Simulation
Hardware (generic)
Azure DCs v3
Run using
1
cd bin
2
./blindai_app
Copied!
Make sure you have the correct hardware and drivers (see Hardware requirements)
You will also need to install the Provisionning Certificate Caching Service (PCCS) using this documentation.
Make sure you have the SGX Default Quote Provider Library too
1
apt update && apt install -y libsgx-dcap-default-qpl-dev
Copied!
Then run using
1
cd bin
2
./blindai_app
Copied!
Make sure to have the DCs v3 quote provision library:
1
curl -sSL https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
2
sudo apt-add-repository https://packages.microsoft.com/ubuntu/18.04/prod
3
sudo apt-get update
4
sudo apt-get install az-dcap-client
5
ln -s /usr/lib/libdcap_quoteprov.so /usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1
Copied!
Then run using
1
cd bin
2
export BLINDAI_AZURE_DCSV3_PATCH=1
3
./blindai_app
Copied!