mirror of
https://github.com/matter-labs/teepot.git
synced 2025-07-22 15:34:48 +02:00
chore: cleanup and nixify
* create containers with nix * updated README.md * added SPDX license headers Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer
parent
c8082debc7
commit
91f1612e0f
GPG key ID:
F519A1143B3FBE32
36 changed files with 900 additions and 659 deletions
|
|
@ -0,0 +1,71 @@
|
|||
libos.entrypoint = "{{ entrypoint }}"
|
||||
|
||||
[loader]
|
||||
argv = ["{{ entrypoint }}"]
|
||||
entrypoint = "file:{{ gramine.libos }}"
|
||||
|
||||
[loader.env]
|
||||
### Admin Config ###
|
||||
PORT = { passthrough = true }
|
||||
|
||||
### VAULT attestation ###
|
||||
VAULT_ADDR = { passthrough = true }
|
||||
VAULT_SGX_MRENCLAVE = { passthrough = true }
|
||||
VAULT_SGX_MRSIGNER = { passthrough = true }
|
||||
VAULT_SGX_ALLOWED_TCB_LEVELS = { passthrough = true }
|
||||
|
||||
### DEBUG ###
|
||||
RUST_BACKTRACE = "1"
|
||||
RUST_LOG = "info,tee_vault_admin=trace,teepot=trace,vault_tee_client=trace,tee_client=trace,awc=debug"
|
||||
|
||||
### Enclave security ###
|
||||
ALLOWED_TCB_LEVELS = "SwHardeningNeeded"
|
||||
|
||||
### Fixed values ###
|
||||
LD_LIBRARY_PATH = "/lib"
|
||||
SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
|
||||
PATH = "/bin"
|
||||
HOME = "/app"
|
||||
|
||||
MALLOC_ARENA_MAX = "1"
|
||||
AZDCAP_DEBUG_LOG_LEVEL = "ignore"
|
||||
AZDCAP_COLLATERAL_VERSION = "v4"
|
||||
|
||||
[fs]
|
||||
root.uri = "file:/"
|
||||
start_dir = "/app"
|
||||
mounts = [
|
||||
{ path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
|
||||
{ path = "{{ gramine.runtimedir() }}/libdcap_quoteprov.so", uri = "file:/lib/libdcap_quoteprov.so" },
|
||||
{ type = "tmpfs", path = "/var/tmp" },
|
||||
{ type = "tmpfs", path = "/tmp" },
|
||||
{ type = "tmpfs", path = "/app/.dcap-qcnl" },
|
||||
{ type = "tmpfs", path = "/app/.az-dcap-client" },
|
||||
]
|
||||
|
||||
[sgx]
|
||||
trusted_files = [
|
||||
"file:/app/",
|
||||
"file:/bin/",
|
||||
"file:/etc/gai.conf",
|
||||
"file:/etc/sgx_default_qcnl.conf",
|
||||
"file:/etc/ssl/certs/ca-bundle.crt",
|
||||
"file:/lib/",
|
||||
"file:/lib/libdcap_quoteprov.so",
|
||||
"file:/nix/",
|
||||
"file:{{ gramine.libos }}",
|
||||
"file:{{ gramine.runtimedir() }}/",
|
||||
]
|
||||
remote_attestation = "dcap"
|
||||
max_threads = 64
|
||||
edmm_enable = false
|
||||
## max enclave size
|
||||
enclave_size = "2G"
|
||||
|
||||
[sys]
|
||||
enable_extra_runtime_domain_names_conf = true
|
||||
enable_sigterm_injection = true
|
||||
|
||||
# possible tweak option, if problems with mio
|
||||
# currently mio is compiled with `mio_unsupported_force_waker_pipe`
|
||||
# insecure__allow_eventfd = true
|
||||
Loading…
Add table
Add a link
Reference in a new issue