[Unit]
Description=Intel(R) Architectural Enclave Service Manager 
After=syslog.target network.target auditd.service
Wants=jhi.service

[Service]
User=aesmd
Type=forking
Environment=NAME=aesm_service
Environment=AESM_PATH=@aesm_folder@
PermissionsStartOnly=true
ExecStartPre=@aesm_folder@/linksgx.sh
ExecStartPre=/bin/mkdir -p /var/run/aesmd/
ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/
ExecStartPre=/bin/chmod 0755 /var/run/aesmd/
ExecStart=@aesm_folder@/aesm_service
InaccessibleDirectories=/home
ExecReload=/bin/kill -SIGUP $MAINPID
Restart=on-failure
RestartSec=15s
DevicePolicy=closed
DeviceAllow=/dev/isgx rw
DeviceAllow=/dev/sgx rw
DeviceAllow=/dev/mei0 rw
[Install]
WantedBy=multi-user.target