|
|
@@ -0,0 +1,72 @@
|
|
|
+loader.preload = file:$(LIBCDIR)/libsysdb.so
|
|
|
+loader.exec = file:verifier
|
|
|
+loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu:/usr/lib:/usr/lib/x86_64-linux-gnu:/opt/intel/sgxsdk/lib64:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/server
|
|
|
+#loader.env.LD_PRELOAD = /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/server/libjsig.so
|
|
|
+loader.env.PATH = /usr/bin:/bin
|
|
|
+
|
|
|
+loader.debug_type = none
|
|
|
+
|
|
|
+fs.mount.lib.type = chroot
|
|
|
+fs.mount.lib.path = /lib
|
|
|
+fs.mount.lib.uri = file:$(LIBCDIR)
|
|
|
+
|
|
|
+fs.mount.hostlib.type = chroot
|
|
|
+fs.mount.hostlib.path = /lib/x86_64-linux-gnu
|
|
|
+fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu
|
|
|
+
|
|
|
+fs.mount.bin.type = chroot
|
|
|
+fs.mount.bin.path = /bin
|
|
|
+fs.mount.bin.uri = file:/bin
|
|
|
+
|
|
|
+fs.mount.usr.type = chroot
|
|
|
+fs.mount.usr.path = /usr
|
|
|
+fs.mount.usr.uri = file:/usr
|
|
|
+
|
|
|
+fs.mount.java.type = chroot
|
|
|
+fs.mount.java.path = /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/
|
|
|
+fs.mount.java.uri = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/
|
|
|
+
|
|
|
+sgx.thread_num=16 #Needed for JVM, otherwise "cannot attach to any TCS message is shown"
|
|
|
+sgx.enclave_size=8G
|
|
|
+
|
|
|
+# sgx-related
|
|
|
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
|
|
|
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
|
|
|
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
|
|
|
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
|
|
|
+sgx.trusted_files.libselinux = file:/lib/x86_64-linux-gnu/libselinux.so.1
|
|
|
+sgx.trusted_files.libprotobuf = file:/usr/lib/x86_64-linux-gnu/libprotobuf.so.9
|
|
|
+sgx.trusted_files.liburts = file:/opt/intel/sgxsdk/lib64/libsgx_urts.so
|
|
|
+sgx.trusted_files.libuaeservice = file:/opt/intel/sgxsdk/lib64/libsgx_uae_service.so
|
|
|
+sgx.trusted_files.libstdcpp = file:/usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
|
|
+sgx.trusted_files.libgcc_s = file:/lib/x86_64-linux-gnu/libgcc_s.so.1
|
|
|
+sgx.trusted_files.libz = file:/lib/x86_64-linux-gnu/libz.so.1
|
|
|
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
|
|
|
+sgx.allowed_files.sealed_msg = file:sealed_msg.txt
|
|
|
+sgx.trusted_files.libopensslcrypto = file:/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
|
|
|
+sgx.allowed_files.apache_signer_keypair = file:apache_signature_keypair.pem
|
|
|
+
|
|
|
+#For Pixy:
|
|
|
+sgx.trusted_files.libjvm = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/server/libjvm.so
|
|
|
+sgx.trusted_files.libjsig = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/server/libjsig.so
|
|
|
+sgx.trusted_files.libverify = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/libverify.so
|
|
|
+sgx.trusted_files.libjava = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/libjava.so
|
|
|
+sgx.trusted_files.libzip = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/libzip.so
|
|
|
+sgx.trusted_files.librt = file:$(LIBCDIR)/librt.so.1
|
|
|
+sgx.trusted_files.libnss_compat = file:/lib/x86_64-linux-gnu/libnss_compat.so.2
|
|
|
+sgx.trusted_files.libnsl = file:/usr/lib/x86_64-linux-gnu/libnsl.so
|
|
|
+sgx.trusted_files.libnss_nis = file:/usr/lib/x86_64-linux-gnu/libnss_nis.so
|
|
|
+sgx.trusted_files.libnss_files = file:/usr/lib/x86_64-linux-gnu/libnss_files.so
|
|
|
+sgx.allowed_files.jrelib = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib
|
|
|
+#Throws class initialization error otherwise
|
|
|
+sgx.allowed_files.jrelibext = file:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext
|
|
|
+#Throws class initialization error otherwise
|
|
|
+
|
|
|
+#For Python
|
|
|
+sgx.allow_file_creation = 1
|
|
|
+sgx.trusted_files.libpython = file:/usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0
|
|
|
+sgx.trusted_files.libutil = file:$(LIBCDIR)/libutil.so.1
|
|
|
+sgx.allowed_files.pyhome = file:/usr/lib/python2.7
|
|
|
+sgx.allowed_files.pyhome2 = file:/usr/local/lib/python2.7
|
|
|
+
|
|
|
+
|
