-
Notifications
You must be signed in to change notification settings - Fork 0
/
gramine-sgx-otk.manifest.jinja
57 lines (47 loc) · 1.43 KB
/
gramine-sgx-otk.manifest.jinja
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
{% if entrypoint is not defined -%}
{% set entrypoint = '/usr/lib/x86_64-linux-gnu/gramine-sgx-otk/signer' -%}
{% endif -%}
{% if ra_type is not defined -%}
{% set ra_type = 'dcap' -%}
{% endif -%}
{% set debug = debug is defined and debug == 'true' -%}
[libos]
entrypoint = "/gramine-sgx-otk"
[loader]
entrypoint = "file:{{ gramine.libos }}"
{%- if log_level is defined %}
log_level = "{{ log_level }}"
{%- endif %}
[loader.env]
LD_LIBRARY_PATH = "/lib:/usr/lib/x86_64-linux-gnu:/lib/x86_64-linux-gnu"
[fs]
mounts = [
{ path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
{ path = "/lib/x86_64-linux-gnu", uri = "file:/lib/x86_64-linux-gnu" },
{ path = "/usr/lib/x86_64-linux-gnu", uri = "file:/usr/lib/x86_64-linux-gnu" },
{ path = "/gramine-sgx-otk", uri = "file:{{ entrypoint }}" },
]
[sys]
stack.size = "2M"
enable_extra_runtime_domain_names_conf = true
[sgx]
{%- if debug %}
debug = true
{%- endif %}
enclave_size = "16M"
max_threads = 2
isvsvn = 0xffff
remote_attestation = "{{ ra_type }}"
{%- if ra_type == 'epid' %}
ra_client_spid = "{{ ra_client_spid }}"
ra_client_linkable = {{ ra_client_linkable }}
{%- endif %}
trusted_files = [
"file:{{ gramine.libos }}",
"file:{{ entrypoint }}",
"file:{{ gramine.runtimedir() }}/",
"file:/lib/x86_64-linux-gnu/libgcc_s.so.1",
"file:/usr/lib/x86_64-linux-gnu/libssl.so.1.1",
"file:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1",
]
{#- vim: set ft=jinja : #}