chore: update document with ic-tee-host-daemon

ldclabs · Nov 7, 2024 · c9f4de2 · c9f4de2
1 parent 49f49f3
commit c9f4de2
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 73 deletions.
diff --git a/README.md b/README.md
@@ -1,7 +1,9 @@
 # IC-TEE
 🔐 Make Trusted Execution Environments (TEEs) work with the Internet Computer.
 
-Relation project: [IC-COSE](https://github.com/ldclabs/ic-cose), a decentralized COnfiguration service with Signing and Encryption on the Internet Computer.
+Relation project:
+- [IC-COSE](https://github.com/ldclabs/ic-cose), a decentralized COnfiguration service with Signing and Encryption on the Internet Computer.
+- [ic-tee-host-daemon](https://github.com/ldclabs/ic-tee-host-daemon), a daemon running on the host machine of TEEs.
 
 ## Libraries
 

diff --git a/nitro_enclave/host_iptables-config.sh b/nitro_enclave/host_iptables-config.sh
diff --git a/src/ic_tee_cli/README.md b/src/ic_tee_cli/README.md
@@ -9,6 +9,9 @@ Install:
 cargo install ic_tee_cli
 # get help info
 ic_tee_cli --help
+
+# verify a TEE attestation from url
+ic_tee_cli tee-verify --url https://tee-demo.panda.fans/.well-known/attestation
 ```
 
 ## License

diff --git a/src/ic_tee_nitro_gateway/README.md b/src/ic_tee_nitro_gateway/README.md
@@ -12,31 +12,26 @@
 ## Deploy
 ### Building and running AWS Nitro Enclave image
 
-#### Setup host machine
+#### Run `ic_tee_host_daemon` on host machine
 
-https://docs.marlin.org/learn/oyster/core-concepts/networking/outgoing
+`ic_tee_host_daemon` is a daemon running on the host machine of an enclave, providing the following functions:
 
-Forward all traffic from vsock 3 (port 1200 in the enclave) to the internet.
-```bash
-wget -O vsock-to-ip-transparent http://public.artifacts.marlin.pro/projects/enclaves/vsock-to-ip-transparent_v1.0.0_linux_amd64
-chmod +x vsock-to-ip-transparent
-./vsock-to-ip-transparent --vsock-addr 3:1200
-```
+1. Forwards requests from the enclave to the internet.
+2. Listens for requests from the internet and forwards them to the enclave.
+3. Receives logs from the enclave and outputs them to stdout.
 
-https://docs.marlin.org/learn/oyster/core-concepts/networking/incoming
-
-Add iptables rules on the host machine to forward traffic on 443 from the internet to 127.0.0.1:1200.
 ```bash
-sudo sh nitro_enclave/host_iptables-config.sh
+sudo ./ic_tee_host_daemon
 ```
 
-Forward all traffic from 127.0.0.1:1200 to vsock 88.
+It may be necessary to clear the iptables rules.
 ```bash
-wget -O port-to-vsock-transparent http://public.artifacts.marlin.pro/projects/enclaves/port-to-vsock-transparent_v1.0.0_linux_amd64
-chmod +x port-to-vsock-transparent
-./port-to-vsock-transparent --vsock 88 --ip-addr 127.0.0.1:1200
+iptables -F
+iptables -t nat -F
 ```
 
+Detail: https://github.com/ldclabs/ic-tee-host-daemon
+
 #### Build and run enclave
 
 The following steps should be run in AWS Nitro-based instances.
@@ -97,6 +92,7 @@ sudo nitro-cli run-enclave --cpu-count 2 --memory 512 --enclave-cid 88 --eif-pat
 # }
 ```
 
+Stop the enclave.
 ```bash
 sudo nitro-cli describe-enclaves
 sudo nitro-cli terminate-enclave --enclave-id i-056e1ab9a31cd77a0-enc193037029f7f152