anjuna-compile-manifest

Build an SGX manifest from a manifest-template file.

Synopsis

anjuna-compile-manifest [OPTIONS] <full-path-to-executable>

Description

The anjuna-compile-manifest tool generates an application execution manifest (with an .sgx extension) that specifies how the application is to be run in the enclave. The manifest template specifies the trusted external dependencies loaded or used by the target application, its output encryption policy, and any mandatory enclave parameters. More on the manifest can be found in the Configuration reference.

anjuna-compile-manifest automatically fills in shared libraries that the executable directly depends on as reported by ldd executable. Unless --use-system-glibc is specified, glibc dependencies are replaced by glibc shared libraries that have been optimized for faster execution in the Anjuna SGX Runtime enclave runtime.

Options

Usage: anjuna-compile-manifest [OPTIONS] PATH

      --help     Print the help summary and exit

  -t, --template <path>   Path to a manifest template (.template.yaml) file
                          to use. If not specified, EXEC.manifest.template.yaml
                          or manifest.template.yaml will be used (in that
                          order of preference).

  -s, --use-system-glibc  Use the system's glibc shared libraries instead
                          of Anjuna's enclave-optimized glibc

  -v, --version           Display version information

Exit status

0 on success
1 on error

Example

Assume you have a manifest template file named openssl.manifest.template.yaml and openssl is located at /usr/bin/openssl. To sign it, run the following command:

$ anjuna-compile-manifest /usr/bin/openssl