-
Notifications
You must be signed in to change notification settings - Fork 34
/
redis-server.manifest.template
165 lines (133 loc) · 7.08 KB
/
redis-server.manifest.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
# Redis manifest file example
################################## GRAMINE ####################################
# PAL entrypoint (points to the LibOS layer library of Gramine). There is
# currently only one implementation, so it is always set to libsysdb.so.
loader.entrypoint = "file:{{ gramine.libos }}"
# MARBLERUN: entrypoint must be premain-libos
libos.entrypoint = "premain-libos"
# Verbosity of Gramine debug log (none/error/warning/debug/trace/all). Note
# that GRAMINE_LOG_LEVEL macro is expanded in the Makefile as part of the
# building process: the default is "error" for non-debug builds, and "debug"
# for debug builds.
loader.log_level = "{{ log_level }}"
################################# ARGUMENTS ###################################
# MARBLERUN: argv0 must be the path to the actual application
loader.argv = ["redis-server"]
################################# ENV VARS ####################################
# Specify paths to search for libraries. The usual LD_LIBRARY_PATH syntax
# applies. Paths must be in-Gramine visible paths, not host paths (i.e.,
# paths must be taken from fs.mounts[...].path, not fs.mounts[...].uri).
#
# In case of Redis:
# - /lib is searched for Glibc libraries (ld, libc, libpthread)
loader.env.LD_LIBRARY_PATH = "/lib:/usr/lib/x86_64-linux-gnu"
# MARBLERUN: Forward EDG environment variables, used by MarbleRun
loader.env.EDG_MARBLE_TYPE = { passthrough = true }
loader.env.EDG_MARBLE_COORDINATOR_ADDR = { passthrough = true }
loader.env.EDG_MARBLE_UUID_FILE = { passthrough = true }
loader.env.EDG_MARBLE_DNS_NAMES = { passthrough = true }
################################## SIGNALS ####################################
# Allow for injecting SIGTERM signal from the host. Without this option,
# pressing `Ctrl + C` wouldn't terminate Redis.
sys.enable_sigterm_injection = true
################################# MOUNT FS ####################################
# General notes:
# - All mount points are mounted using the default 'chroot' type.
# - `path`: names of directories and files in Gramine environment; they may be
# arbitrary but here we mostly reuse host URIs for simplicity (except
# for the first `/lib` mount point).
# - `uri`: names of directories and files on the host, somewhat confusingly
# prepended by the 'file:' keyword.
fs.mounts = [
# Mount on-host directory to Gramine glibc/runtime libraries (in 'uri') into
# in-Gramine visible directory /lib (in 'path').
{ path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
{ path = "/usr/lib/x86_64-linux-gnu", uri = "file:/usr/lib/x86_64-linux-gnu" },
# Mount redis-server executable (located in the current directory) under the
# in-Gramine visible root directory.
{ path = "/redis-server", uri = "file:redis-server" },
# Mount host-OS directory to NSS files required by Glibc + NSS libs (in 'uri')
# into in-Gramine visible directory /etc (in 'path').
{ path = "/etc", uri = "file:/etc" },
# Redis encrypted data dir
{ type = "encrypted", path = "/redis-data/", uri = "file:redis-data/", key_name = "redis-key" },
]
############################### SGX: GENERAL ##################################
# Create a debug SGX enclave (with SIGSTRUCT.ATTRIBUTES.DEBUG bit set to 1).
# This allows to debug Gramine with the application using GDB, read perf
# counters and enable SGX statistics. Note that this option is *insecure*!
sgx.debug = true
# Set enclave size (somewhat arbitrarily) to 1024MB. Recall that SGX v1 requires
# to specify enclave size at enclave creation time. If Redis exhausts these
# 1024MB then it will start failing with random errors. Greater enclave sizes
# result in longer startup times, smaller enclave sizes are not enough for
# typical Redis workloads.
sgx.enclave_size = "1024M"
# Enable Enclave Dynamic Memory Management (EDMM) feature based on EDMM
# environment variable. This allows for addition of pages to enclave in runtime,
# instead of allocating them upfront at startup. If this feature is enabled,
# `sgx.enclave_size` above describes a maximal enclave size and can usually be
# increased without negative consequences (it does not impact startup time).
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
# Set maximum number of in-enclave threads (somewhat arbitrarily) to 8. Recall
# that SGX v1 requires to specify the maximum number of simultaneous threads at
# enclave creation time.
#
# Note that internally Gramine may spawn two additional threads, one for IPC
# and one for asynchronous events/alarms. Redis is technically single-threaded
# but spawns couple additional threads to do background bookkeeping. Therefore,
# specifying '8' allows to run a maximum of 6 Redis threads which is enough.
# MARBLERUN: enclave must have enough threads for Go runtime of premain
sgx.max_threads = 16
############################# SGX: TRUSTED FILES ###############################
# Specify all files used by Redis and its dependencies (including all libraries
# which can be loaded at runtime via dlopen), as well as other static read-only
# files (like configuration files).
#
# The paths to files are on-host paths. These files will be searched for in
# in-Gramine visible paths according to mount points above.
#
# As part of the build process, Gramine-SGX script (`gramine-sgx-sign`) finds
# each specified file, measures its hash, and adds it to the manifest entry for
# that file (converting each entry to a table with "uri" and "sha256" keys).
# Note that this happens on the developer machine or a build server. If a
# directory is specified in the list below, then this directory is recursively
# traversed and each found file is processed as described above.
#
# At runtime, during loading of each "trusted file", Gramine-SGX measures its
# hash and compares with the "sha256" value in the corresponding manifest entry.
# If hashes match, this file is trusted and allowed to be loaded and used. Note
# that this happens on the deployment machine.
# MARBLERUN: must trust premain-libos
sgx.trusted_files = [
"file:{{ gramine.libos }}",
"file:redis-server",
"file:{{ gramine.runtimedir() }}/",
"file:/usr/lib/x86_64-linux-gnu/",
"file:premain-libos"
]
############################# SGX: ALLOWED FILES ###############################
# Specify all non-static files used by app. These files may be accessed by
# Gramine-SGX but their integrity is not verified (Gramine-SGX does not
# measure their hashes). This may pose a security risk!
sgx.allowed_files = [
# Name Service Switch (NSS) files. Glibc reads these files as part of name-
# service information gathering. For more info, see 'man nsswitch.conf'.
"file:/etc/nsswitch.conf",
"file:/etc/ethers",
"file:/etc/hosts",
"file:/etc/group",
"file:/etc/passwd",
"file:/etc/localtime",
"file:/etc/resolv.conf",
"file:/etc/host.conf",
# getaddrinfo(3) configuration file. Glibc reads this file to correctly find
# network addresses. For more info, see 'man gai.conf'.
"file:/etc/gai.conf",
# MARBLERUN: allow the marble's uuid file
"file:uuid"
]
############################# SGX: Attestation ###############################
sgx.remote_attestation = "dcap"
sgx.isvprodid = 13
sgx.isvsvn = 1