Running dockerized apps with graphene

[Alexander Chigarov]

Hi! First, thanks for such a great product. Have been researching it for a while and came up with several questions:

1. What is the proper way to use Graphene in docker?

We did the following:

• built the Ubuntu 20.04 image with all listed Graphene dependencies as described in the Quickstart section;

• installed the libpcl-dev to build the Graphene sample app;

• built the Graphene sample app;

• when trying to launch Graphene sample app we receive the following error:
  error: Cannot open device /dev/sgx_enclave. Please make sure the Intel SGX kernel module is loaded.
  error: load_enclave() failed with error -1

          

Is there any tricky way to use sgx devices with dockerized Graphene?

2. When building a docker image with Graphene we noticed that it's size reaches 1.37 Gb with just the basic dependencies listed in your guide. Is this correct?

3. What is the proper way to launch a python script in the Graphene environment? Should we use standard python for it, and if yes how should it be launched properly?

We saw the Graphene docker image on dockerhub but it seems to be pretty outdated (over a year) and unmaintained, and to have no documentation provided.

4. The Graphene enclave configuration contains parameter sgx.enclave_size which is 256 Mb by default. Is  there any limitation for this value in Graphene or we can use any amount of memory available?

5. If we understand Graphene attestation guide correctly Graphene enclave does not provide any “high-level” network attestation endpoint and the attestation process should be handled by the application protocol or by the third-party service (like Edgeless Marble Run). Is this correct, or is it possible to use some built-in Graphene endpoint for remote attestation?

Thanks in advance!