Get Input running in a Gramine SGX enclave.
Implementation
This involves making changes in three areas: the TEEKit "build" tooling, the Input backend and the Input frontend.
TEEKit "build" tooling
Changes to the build tooling need to happen in two packages: kettle and kettle-sgx.
- Update kettle so that we can build Kettle apps (i.e. the bundle consisting of app.js and worker.js) outside of the teekit repo (i.e. we can import
@teekit/kettle and then run commands with the kettle CLI).
- Update kettle-sgx so that we can use it to package apps (built by kettle) outside of the teekit repo.
Input backend
- Replace node's http library with Hono
- Import TunnelServer from
@teekit/tunnel
- Call TunnelServer.initialize when the app starts
- Export the /quote port so that we can collect the TEE attestation
Input frontend
- Import TunnelServer from
@teekit/tunnel from the app
- Call TunnelClient.initialize with the backend URL and expected TEE attestation as arguments, to initiate the connection with the server
- For requests that go to the server, use the fetch function provided by the tunnel client
Get Input running in a Gramine SGX enclave.
Implementation
This involves making changes in three areas: the TEEKit "build" tooling, the Input backend and the Input frontend.
TEEKit "build" tooling
Changes to the build tooling need to happen in two packages: kettle and kettle-sgx.
@teekit/kettleand then run commands with the kettle CLI).Input backend
@teekit/tunnelInput frontend
@teekit/tunnelfrom the app