cycles-quartz/examples/transfers/enclave/quartz.manifest.template

# Quartz-based app manifest file

loader.entrypoint = "file:{{ gramine.libos }}"
libos.entrypoint = "{{ quartz_dir }}/target/release/quartz-app-transfers-enclave"

loader.log_level = "{{ log_level }}"

loader.env.LD_LIBRARY_PATH = "/lib:/usr/local/lib:{{ arch_libdir }}:/usr{{ arch_libdir }}"
loader.env.HOME = "{{ home }}"
loader.env.INSIDE_SGX = "1"
loader.env.TLS = { passthrough = true }
loader.env.RA_TYPE = { passthrough = true }
loader.env.RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE = { passthrough = true }
loader.env.RA_TLS_ALLOW_OUTDATED_TCB_INSECURE = { passthrough = true }
loader.env.RA_TLS_MRENCLAVE = { passthrough = true }
loader.env.RA_TLS_MRSIGNER = { passthrough = true }
loader.env.RA_TLS_ISV_SVN = { passthrough = true }
loader.env.RA_TLS_ISV_PROD_ID = { passthrough = true }
loader.env.RA_TLS_EPID_API_KEY = { passthrough = true }
loader.env.MYAPP_DATA = { passthrough = true }
loader.env.QUARTZ_PORT = { passthrough = true }
loader.env.SSL_CERT_FILE = { passthrough = true }
loader.env.ADMIN_SK = { passthrough = true }
loader.insecure__use_host_env = true

loader.argv = ["quartz-app-transfers-enclave",
                "--chain-id", "{{ chain_id }}",
                "--fmspc", "{{ fmspc }}",
                "--tcbinfo-contract", "{{ tcbinfo_contract }}",
                "--dcap-verifier-contract", "{{ dcap_verifier_contract }}",
                "--node-url", "{{ node_url }}",
                "--ws-url", "{{ ws_url }}",
                "--grpc-url", "{{ grpc_url }}",
                "--rpc-addr", "0.0.0.0:11090",
                "--trusted-height", "{{ trusted_height }}",
                "--trusted-hash", "{{ trusted_hash }}"]

fs.mounts = [
  { uri = "file:{{ gramine.runtimedir() }}", path = "/lib" },
  { uri = "file:{{ arch_libdir }}", path = "{{ arch_libdir }}" },
  { uri = "file:/usr/{{ arch_libdir }}", path = "/usr{{ arch_libdir }}" },
  { uri = "file:{{ quartz_dir }}", path = "{{ quartz_dir }}" },
  { uri = "file:/etc/ssl/certs/ca-certificates.crt", path = "/etc/ssl/certs/ca-certificates.crt" },
  { uri = "file:/usr/lib/ssl/certs/ca-certificates.crt", path = "/usr/lib/ssl/certs/ca-certificates.crt" },
]

# sgx.debug = true
sgx.enclave_size = "512M"
sgx.max_threads = 16
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}

sgx.remote_attestation = "{{ ra_type }}"
sgx.ra_client_linkable = {{ 'true' if ra_client_linkable == '1' else 'false' }}

sgx.trusted_files = [
  "file:{{ gramine.libos }}",
  "file:{{ quartz_dir }}/target/release/",
  "file:{{ gramine.runtimedir() }}/",
  "file:{{ arch_libdir }}/",
  "file:/usr/{{ arch_libdir }}/",
  "file:/etc/ssl/certs/ca-certificates.crt",
]

sgx.allowed_files = [
  "file:/etc/nsswitch.conf",
  "file:/etc/host.conf",
  "file:/etc/ethers",
  "file:/etc/hosts",
  "file:/etc/group",
  "file:/etc/passwd",
  "file:/etc/gai.conf",
  "file:/etc/ssl/certs/ca-certificates.crt",
  "file:/usr/lib/ssl/certs/ca-certificates.crt",
  "file:/etc/sgx_default_qcnl.conf",
]

sys.insecure__allow_eventfd = true
sys.enable_sigterm_injection = true
sys.enable_extra_runtime_domain_names_conf = true