A production-ready Gramine SGX project for secure 3D model slicing with remote attestation, encrypted model protection, and cryptographic deletion certificates.
SecureSlice v4 implements a complete secure slicing pipeline running Slic3r → gcode2png → POV-Ray entirely within a single SGX enclave. The system provides:
- Remote Attestation: DCAP-based attestation with fresh nonce binding
- Encrypted Models: AES-256-GCM encryption with ECDH-derived session keys
- Iterative Refinement: Preview-approve workflow with parameter adjustments
- Deletion Certificates: Cryptographic proof of secure deletion with SGX quotes
- Blockchain Logging: Immutable audit trail for deletion certificates
# Create working directories
mkdir -p host_io/in host_io/out host_io/work
# Copy test model
cp test_models/cube.stl host_io/in/model.stlcat > host_io/in/params.json << 'PARAMS'
{
"--layer-height": "0.2",
"--fill-density": "20%",
"orientation": {
"rotate_x": 45,
"rotate_y": 0,
"rotate_z": 0,
"scale": 1.0
}
}
PARAMS# Standalone mode (no SGX required for testing)
STANDALONE_MODE=1 python3 orchestrator.py# Check the generated preview
ls -la host_io/out/preview.png
# View with any image viewer# To approve and finalize:
echo '{"approve": true}' > host_io/in/control.json
# OR to reject and adjust:
echo '{"approve": false, "params": {"--layer-height": "0.15"}}' > host_io/in/control.jsonls -la host_io/out/
# final.gcode - Ready for 3D printer
# preview.png - Visual preview
# deletion_cert.json - Cryptographic proof
# orchestrator.log - Processing log- Ubuntu 22.04 LTS (or compatible Linux)
- Python 3.8 or newer
- Perl 5 (for gcode2png)
- Docker (optional but recommended)
- 4GB RAM minimum
- 10GB free disk space
- Intel CPU with SGX support (6th gen Core or newer)
- SGX enabled in BIOS
- Intel SGX drivers installed
- DCAP libraries configured
# 1. Clone the repository
git clone https://github.com/your-repo/SecureSlice-v4.git
cd SecureSlice-v4
# 2. Install system dependencies
sudo apt-get update
sudo apt-get install -y \
python3 python3-pip \
perl \
imagemagick \
build-essential
# 3. Install Python packages
pip3 install cryptography requests
# 4. Verify vendored binaries
ls -la vendor/
# Should show:
# - slic3r (20MB) - C++ slicer with rotation fix
# - gcode2png (11KB) - Perl visualization script
# - povray (2.9MB) - Ray tracer
# 5. Test installation
./vendor/slic3r --help
perl vendor/gcode2png --help# Setup
cp test_models/cube.stl host_io/in/model.stl
# Basic parameters
echo '{
"--layer-height": "0.2",
"--fill-density": "20%"
}' > host_io/in/params.json
# Run
STANDALONE_MODE=1 python3 orchestrator.py &
sleep 10
echo '{"approve": true}' > host_io/in/control.json
# Result
ls -la host_io/out/final.gcode# Test different orientations
for angle in 0 45 90; do
echo "Testing rotation: $angle degrees"
# Set rotation
echo "{
\"orientation\": {
\"rotate_x\": $angle,
\"rotate_y\": 0,
\"rotate_z\": 0
}
}" > host_io/in/params.json
# Run pipeline
rm -rf host_io/work/* host_io/out/*
STANDALONE_MODE=1 timeout 30 python3 orchestrator.py &
sleep 10
# Save preview
cp host_io/out/preview.png preview_${angle}deg.png
echo '{"approve": true}' > host_io/in/control.json
sleep 2
done
# Compare results
ls -la preview_*.png# Start with coarse settings
cat > host_io/in/params.json << 'EOF'
{
"--layer-height": "0.3",
"--fill-density": "10%"
}