This tutorial was created to help you set up Raiko using a Docker container.
Raiko leverages Intel SGX through Gramine. Since Gramine supports only a few distributions including Ubuntu, the Docker image is based on Ubuntu.
Ensure your machine has an SGX-enabled CPU to run raiko. You can check if your CPU supports SGX (Software Guard Extensions) on Linux by using the cpuid tool.
-
Install
cpuidif it's not already installed. On Ubuntu, you can do this with the following command:sudo apt-get install cpuid
-
Run
cpuidandgrepfor SGX:cpuid | grep -i sgxIf your CPU supports SGX, you should see output similar to this:
SGX: Software Guard Extensions supported = trueIf you don't see this line, your CPU does not support SGX.
Alternatively, you can run grep sgx /proc/cpuinfo. If the command returns no output, your CPU doesn't support SGX.
Starting with Linux kernel version 5.11, the kernel provides out-of-the-box support for SGX. However, it doesn't support EDMM (Enclave Dynamic Memory Management), which Raiko requires. EDMM support first appeared in Linux 6.0, so ensure that you have Linux kernel 6.0 or above.
To check version of your kernel run:
uname -a
If you are using Ubuntu and you want to find what are the available Linux kernel versions, run:
apt search linux-image
Taiko doesn't provide prebuilt Docker image (yet). You need to build it yourself.
- Clone
raikorepository:git clone [email protected]:taikoxyz/raiko.git - Change active directory:
cd raiko/docker - Build the image:
docker compose build - That's it! You should now be able to find the
raiko:latestin the list of all Docker images:docker image ls
After successfully building Docker image, you are now able to bootstrap and run Raiko as a daemon.
Bootstrapping is the process of generating a public-private key pair, which will be used for doing signatures within the SGX enclave. The private key is stored in an encrypted format in the ~/.config/raiko/secrets/priv.key file. Encryption and decryption are performed inside the enclave, providing protection against malicious attacks.
- Make sure you haven't generated Raiko's public-private key pair yet:
If you
ls ~/.config/raiko/secretssecretsdirectory is not empty, you can skip Raiko bootstrapping. - Bootstrap Raiko:
It creates a new, encrypted private key in
docker compose run --rm raiko --init~/.config/raiko/secretsdirectory. It also prints a public key that you need to send to the Taiko team for registration. Register the "Instance address"(pinted by--initcommand) with the Taiko team. Once the Taiko team registers your instance, you will be able to use it to sign proofs.
Once you have Raiko bootstrapped, you can start Raiko daemon.
docker compose up raiko -d
Start the Raiko daemon. Skip -d (which stands for daemon) to run in the foreground instead.
Now, once you have Raiko up and running, you can test it to make sure it is serving requests as expected.
- Open new terminal and run:
to monitor requests that you will be sending. Replace
tail -f /var/log/raiko/raiko.log.dd-mm-yyyydd-mm-yyyyplaceholder with the current date. - Send a sample request to Raiko:
If the request was served correctly, you should see a lot of logs being produced in the log file and an SGX proof printed on the standard output:
curl --location --request POST 'http://localhost:8080' --header 'Content-Type: application/json' --data-raw '{ "jsonrpc": "2.0", "id": 1, "method": "proof", "params": [ { "type": "Sgx", "l2Rpc": "https://rpc.internal.taiko.xyz", "l1Rpc": "https://l1rpc.internal.taiko.xyz", "block": 2, "prover": "0x70997970C51812dc3A010C7d01b50e0d17dc79C8", "graffiti": "0000000000000000000000000000000000000000000000000000000000000000" } ] }'{"jsonrpc":"2.0","id":1,"result":{"type":"Sgx","proof":"0x000000006cbe8f8cb4c319f5beba9a4fa66923105dc90aec3c5214eed022323b9200097b647208956cc1b7ce0d8c0777df657caace329cc73f2398b137095128c7717167fc52d6474887e98e0f97149c9be2ca63a458dc8a1b"}}