-
Notifications
You must be signed in to change notification settings - Fork 3
Obscuro Testnet
The Obscuro Testnet is the number 1 destination for application developers, builders and node operators who want to migrate their Ethereum smart contracts to a privacy preserving layer 2. With Obscuro Testnet you can familiarise yourselves with deploying apps, running an Obscuro node or simply understand more about how Obscuro works.
The Testnet release schedule has been intentionally designed to make new features available as soon as possible. This means you can expect frequent updates which will be communicated here. The trade-off is that in the early days Testnet will have some sharp edges and unexpected surprises. More specifically, whilst Testnet is in its infancy:
- Obscuro Testnet will crash from time to time
- When Obscuro Testnet crashes expect to lose everything
- Obscuro Testnet code has not been audited (mainnet code will be audited prior to launch) so expect to see code which is yet to be optimised
All Obscuro code is intentionally under an open source licence. If you see something you think could be improved or reworked feel free to submit a PR in the go-obscuro repo.
As you would expect from a Testnet, OBX tokens issued on Obscuro Testnet have no value and gas fees will be zero.
To indicate your interest in Testnet prior to it being available please complete the form on the Obscuro website.
PLACEHOLDER
Follow the steps below to create a new Obscuro node using Docker and join the Obscuro Testnet.
Obscuro makes use of Intel's Software Guard Extension (SGX) capability to achieve full computational privacy (see the Obscuro Whitepaper for full details). As a result there are some hardware compatibility requirements and the Intel SGX driver and SGX Platform Software (PSW) has to be installed.
An attestation process initiated when the node wants to join the Obscuro testnet verifies the node is running a genuine SGX enclave and that it is patched and not vulnerable to any known exploits. The steps below include a means of checking the outcome of the attestation process to avoid a failure at the point of joining the Testnet.
- Ubuntu 18.04
- URL to the most recent SGX driver .bin file, available from https://download.01.org/intel-sgx/sgx-linux/. For example https://download.01.org/intel-sgx/sgx-linux/2.16/distro/ubuntu18.04-server/sgx_linux_x64_driver_2.11.054c9c4c.bin
Either,
- Computer hardware running an Intel Xeon CPU with Intel SGX capability (use Intel's Production Specification advanced search page to confirm compatible processors)
- Enable Intel Software Guard Extension in the BIOS menu
- Disable Secure Boot in the BIOS menu
Or,
- Azure Confidential Computing virtual machine. By default these use Intel SGX capable processors.
-
Update the system and install required components:
sudo apt update sudo apt upgrade sudo apt-get install make gcc wget -
Download SGX driver:
wget "<the URL recorded as part of prerequisites above>" -
Set protections to allow for the .bin file execution:
chmod +x sgx_linux_x64_driver_<driver version taken from driver download URL>.bin -
Install the driver:
sudo ./sgx_linux_x64_driver_<driver version taken from driver download URL>.bin -
Create or update remount-dev-exec.service to remove /dev as exec and at system startup:
sudo nano /etc/systemd/system/remount-dev-exec.servicePaste in the following and press Ctrl+O to write the contents and Ctrl+X to exit nano
[Unit] Description=Remount /dev as exec to allow AESM service to boot and load enclaves into SGX [Service] Type=oneshot ExecStart=/bin/mount -o remount,exec /dev RemainAfterExit=true [Install] WantedBy=multi-user.targetsudo systemctl enable remount-dev-exec sudo systemctl start remount-dev-exec -
Configure the system to run an Intel SGX application:
echo 'deb [arch=amd64] https://download.01.org/intelsgx/sgx_repo/ubuntu bionic main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list wget -qO - https://download.01.org/intelsgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add sudo apt update sudo apt-get install libsgx-epid libsgx-quote-ex libsgx-dcap-ql libsgx-enclave-common libsgx-urts sgx-aesm-service libsgx-uae-service autoconf libtool libprotobuf-dev
PLACEHOLDER
Before you install Docker Engine for the first time you need to set up the Docker repository.
-
Update the
aptpackage index and install packages to allowaptto use a repository over HTTPS:sudo apt-get update sudo apt-get install ca-certificates curl gnupg lsb-release -
Add Docker’s official GPG key:
sudo mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg -
Use the following command to set up the repository:
echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
Update the
aptpackage index, and install the latest version of Docker Engine, containered, and Docker Compose, or go to the next step to install a specific version:sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin -
To install a specific version of Docker Engine, list the available versions in the repo, then select and install:
a. List the versions available in your repo:
apt-cache madison docker-ceb. Install a specific version using the version string from the second column, for example,
5:20.10.16~3-0~ubuntu-jammy.sudo apt-get install docker-ce=<VERSION_STRING> docker-ce-cli=<VERSION_STRING> containerd.io docker-compose-plugin -
Verify that Docker Engine is installed correctly by running the hello-world image.
sudo docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.
Docker Engine is installed and running. The docker group is created but no users are added to it. You need to use sudo to run Docker commands.
-
Run EdgelessDB on an SGX-capable system:
docker run --name my-edb -p3306:3306 -p8080:8080 --privileged -v /dev/sgx:/dev/sgx -t ghcr.io/edgelesssys/edgelessdb-sgx-1gb
-
Create a Dockerfile so the Docker image can be created:
sudo nano enclave.DockerfilePaste in the following and press Ctrl+O to write the contents and Ctrl+X to exit nano
FROM ghcr.io/edgelesssys/ego-dev:latest RUN git clone https://github.com/obscuronet/go-obscuro RUN cd go-obscuro/go/obscuronode/enclave/main && ego-go build && ego sign main ENV OE_SIMULATION=1 ENTRYPOINT ["ego", "run", "go-obscuro/go/obscuronode/enclave/main/main"] EXPOSE 11000 -
Create a Docker image for the enclave service to run in SGX:
sudo docker build -t obscuro_enclave -f enclave.Dockerfile . -
Run the Docker image as a container where
XXXis the port on which to expose the enclave service's RPC endpoints on the local machine, andYYYis the public IP address of your node:sudo docker run -e OE_SIMULATION=0 --privileged -v /dev/sgx:/dev/sgx -p XXX:11000/tcp obscuro_enclave --hostID YYY --address :11000 --willAttest=true
PLACEHOLDER
PLACEHOLDER
sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-compose-plugin
Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
You must delete any edited configuration files manually.
-
Run the uninstall shell script:
sudo /opt/intel/sgxdriver/uninstall.sh -
Uninstall the rest of the dependencies:
sudo apt purge -y libsgx-enclave-common libsgx-enclave-common-dev libsgx-urts sgx-aesm-service libsgx-uae-service libsgx-launch libsgx-aesm-launch-plugin libsgx-ae-le
PLACEHOLDER