diff --git a/7-SGX_Hands-on/src/simulate.sh b/7-SGX_Hands-on/src/simulate.sh
new file mode 100755
index 0000000..fefccac
--- /dev/null
+++ b/7-SGX_Hands-on/src/simulate.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env sh
+set -eu
+
+TMP=/tmp/signatureproxy
+KEYDIR=../employee_keys
+mkdir -p $TMP
+
+echo "setting up enclave"
+./signatureproxy proxysetup -pkey $TMP/proxy_private.bin > $TMP/proxy_public.pem
+
+echo "generating dummy firmware"
+dd if=/dev/urandom of=$TMP/firmware.bin bs=1M count=1 &> /dev/null
+
+echo "signing firmware as Alice"
+./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der
+
+echo "resigning firmware using enclave"
+cat $TMP/signature_alice.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/alice_public.pem -firm $TMP/firmware.bin > $TMP/signature_for_alice.der
+
+echo "verifying firmware"
+cat $TMP/signature_for_alice.der | ./signatureproxy embedded -ppub $TMP/proxy_public.pem -firm $TMP/firmware.bin
+
+
+echo "signing firmware as Oskar"
+./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der
+
+echo "resigning firmware using enclave"
+cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin || echo "Oskars signing request successfully rejected"