mirror of
https://github.com/matter-labs/teepot.git
synced 2025-07-21 23:23:57 +02:00
97420df006
``` ❯ docker run -i --rm --privileged --device /dev/sgx_enclave --net host \ matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \ | base64 -d --ignore-garbage \ | docker run -i --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest ``` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
57 lines
1.3 KiB
TOML
57 lines
1.3 KiB
TOML
libos.entrypoint = "{{ entrypoint }}"
|
|
|
|
[loader]
|
|
argv = ["{{ entrypoint }}"]
|
|
entrypoint = "file:{{ gramine.libos }}"
|
|
log_level = "{{ log_level }}"
|
|
|
|
[loader.env]
|
|
### DEBUG ###
|
|
RUST_BACKTRACE = "1"
|
|
RUST_LOG = "warning"
|
|
|
|
### Fixed values ###
|
|
LD_LIBRARY_PATH = "{{ gramine.runtimedir() }}:/lib"
|
|
SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
|
|
PATH = "/bin"
|
|
HOME = "/app"
|
|
|
|
MALLOC_ARENA_MAX = "1"
|
|
AZDCAP_DEBUG_LOG_LEVEL = "ignore"
|
|
AZDCAP_COLLATERAL_VERSION = "v4"
|
|
|
|
[fs]
|
|
root.uri = "file:/"
|
|
start_dir = "/app"
|
|
mounts = [
|
|
{ type = "tmpfs", path = "/var/tmp" },
|
|
{ type = "tmpfs", path = "/tmp" },
|
|
{ type = "tmpfs", path = "/app/.dcap-qcnl" },
|
|
{ type = "tmpfs", path = "/app/.az-dcap-client" },
|
|
]
|
|
|
|
[sgx]
|
|
trusted_files = [
|
|
"file:/app/",
|
|
"file:/bin/",
|
|
"file:/etc/gai.conf",
|
|
"file:/etc/sgx_default_qcnl.conf",
|
|
"file:/etc/ssl/certs/ca-bundle.crt",
|
|
"file:/lib/",
|
|
"file:/nix/",
|
|
"file:{{ gramine.libos }}",
|
|
"file:{{ gramine.runtimedir() }}/",
|
|
]
|
|
remote_attestation = "dcap"
|
|
max_threads = 64
|
|
edmm_enable = false
|
|
## max enclave size
|
|
enclave_size = "2G"
|
|
|
|
[sys]
|
|
enable_extra_runtime_domain_names_conf = true
|
|
enable_sigterm_injection = true
|
|
|
|
# possible tweak option, if problems with mio
|
|
# currently mio is compiled with `mio_unsupported_force_waker_pipe`
|
|
# insecure__allow_eventfd = true
|