Please see README for how to install Mystikos or build it from source code.
As usual, we use the familiar code:
#include <stdio.h>
int main()
{
printf("Hello world from Mystikos!\n");
return 0;
}
Save it to a folder and call it helloworld.c.
Compile helloworld.c with gcc, and place it under a subdirectory
appdir.
mkdir -p appdir
gcc -g -o appdir/hello helloworld.c
In most cases, we would generate many more files in appdir, a folder to hold
the root file system including the application, the dependent libraries, and
configurations. Our hello world program is so simple that it doesn't depend
on any library other than libc. So appdir contains
a lonely hello executable. That's all we need to run the app inside a TEE.
Now we can create a CPIO named rootfs out of the folder appdir with:
myst mkcpio appdir rootfs
The command to launch the program inside an SGX enclave is a little bit
long, compared to just ./appdir/hello on Linux.
myst exec-sgx rootfs /hello
The command specifies myst as the driver, and asks the driver to execute
a program in an SGX enclave in this manner:
- Load rootfs as the root file system into the enclave
- Load
/hellofrom the file system and execute it. - Send parameters following the executable
/helloto it. (in this case we have none)
The command specifies myst as the execution environment, and executes a program in a generic Mystikos SGX enclave for development and debugging purpose. This execution mode does not capture the identity of the executing program in the SGX Enclave attestation data, thus is not suitable for production use.
To run an application with Mystikos in release or production mode, please see packaging.
If your C program is complicated and requires many dependent libraries, we recommend that you wrap your application in a container. Please see Converting an existing non-container binary into a Mystikos application for details.