-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathgramine-sealing-key-provider.manifest.template
44 lines (32 loc) · 1.28 KB
/
gramine-sealing-key-provider.manifest.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# Gramine manifest template for Sealing Key Provider
loader.entrypoint = "file:{{ gramine.libos }}"
libos.entrypoint = "{{ self_exe }}"
loader.log_level = "{{ log_level }}"
loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}"
loader.env.MALLOC_ARENA_MAX = "1"
loader.env.RUST_BACKTRACE = "full"
# Set RUST_LOG based on Gramine log level
loader.env.RUST_LOG = "{{ rust_log }}"
fs.mounts = [
{ path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
{ path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
]
sgx.debug = {{ 'true' if log_level == 'debug' else 'false' }}
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
# Enable remote attestation
sgx.remote_attestation = "dcap"
# Reduce number of worker threads for tokio
loader.env.TOKIO_WORKER_THREADS = "1"
sys.insecure__allow_eventfd = true
# Turn on /etc/resolv.conf emulation
sys.enable_extra_runtime_domain_names_conf = true
# Required files and devices for quote generation and key access
sgx.allowed_files = []
sgx.enable_stats = {{ 'true' if log_level == 'debug' else 'false' }}
sgx.trusted_files = [
"file:{{ gramine.libos }}",
"file:{{ self_exe }}",
"file:{{ gramine.runtimedir() }}/",
"file:{{ arch_libdir }}/",
]
sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '32' }}