-
Notifications
You must be signed in to change notification settings - Fork 17
/
my-proof.manifest.template
33 lines (27 loc) · 1.28 KB
/
my-proof.manifest.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# Adjust this as needed.
sgx.enclave_size = "256M"
# Increase this as needed, e.g., if you run a web server.
sgx.max_threads = 4
# Whitelist ENV variables that get passed to the enclave
# Using { passthrough = true } allows values to be passed in from the Satya node's /RunProof endpoint
loader.env.USER_EMAIL = { passthrough = true }
# Gramine gives a warning that allowed_files is not safe in production, but it
# should generally be fine for our use case which inherently assumes that input
# files are untrusted until proven otherwise.
sgx.allowed_files = [
"file:/input/",
"file:/output/",
# Required for internet access from inside the enclave
"file:/etc/hosts",
"file:/etc/resolv.conf",
]
# These directories are mounted from the host, which will be a temporary directory from the Satya node that's running the proof.
fs.mounts = [
{ type = "encrypted", path = "/sealed", uri = "file:/sealed", key_name = "_sgx_mrenclave" },
{ path = "/input", uri = "file:/input" },
{ path = "/output", uri = "file:/output" },
]
# You can add other Gramine-manifest-compatible options as needed, see the
# Gramine documentation for more details: https://gramine.readthedocs.io. Note
# that gsc defines a number of manifest settings by default.
loader.entrypoint = { path = "/my_proof/__main__.py" }