-
Notifications
You must be signed in to change notification settings - Fork 35
/
Copy pathhello.manifest.template
54 lines (45 loc) · 1.49 KB
/
hello.manifest.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
loader.entrypoint = "file:{{ gramine.libos }}"
loader.env.LD_LIBRARY_PATH = "/lib"
# entrypoint must be premain-libos
libos.entrypoint = "premain-libos"
# argv0 must be the path to the actual application
loader.argv = [ "hello" ]
# Forward EDG environment variables, used by MarbleRun
loader.env.EDG_MARBLE_TYPE = { passthrough = true }
loader.env.EDG_MARBLE_COORDINATOR_ADDR = { passthrough = true }
loader.env.EDG_MARBLE_UUID_FILE = { passthrough = true }
loader.env.EDG_MARBLE_DNS_NAMES = { passthrough = true }
# FS mount points
fs.mounts = [
{ path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
{ path = "/etc", uri = "file:/etc" },
]
# trusted files
sgx.trusted_files = [
"file:{{ gramine.runtimedir() }}/libnss_dns.so.2",
"file:{{ gramine.runtimedir() }}/libnss_files.so.2",
"file:{{ gramine.runtimedir() }}/libresolv.so.2",
"file:{{ gramine.runtimedir() }}/ld-linux-x86-64.so.2",
"file:{{ gramine.runtimedir() }}/libc.so.6",
"file:{{ gramine.runtimedir() }}/libpthread.so.0",
"file:{{ gramine.libos }}",
"file:premain-libos",
"file:hello"
]
# allowed files
sgx.allowed_files = [
"file:/etc/hosts",
"file:/etc/host.conf",
"file:/etc/gai.conf",
"file:/etc/resolv.conf",
"file:/etc/localtime",
"file:/etc/nsswitch.conf",
"file:uuid"
]
# enable DCAP
sgx.remote_attestation = "dcap"
# enclave must have enough memory and threads
sgx.enclave_size = "1024M"
sgx.max_threads = 16
# create a debug enclave by default
sgx.debug = true