Runtime/anjuna-runtime

Execute an application in an enclave.

Synopsis

Runtime/anjuna-runtime [ANJUNA-RUNTIME OPTIONS] APPLICATION [APPLICATION COMMAND-LINE ARGUMENTS] ...

Description

Runtime/anjuna-runtime is the custom application loader that enables you to run an entire application inside an Intel® SGX enclave.

Running an application under the Anjuna SGX Runtime is as simple as inserting Runtime/anjuna-runtime before the regular command line for the application being run.

For example, to run OpenSSL without the Anjuna SGX Runtime, run the following command:

$ openssl version

To run OpenSSL with the Anjuna SGX Runtime using the same configuration, run the following command:

$ Runtime/anjuna-runtime openssl version

Runtime/anjuna-runtime is used when the application SGX manifest file and the signature file have been created. If the SGX manifest and signature files need to be created, use the anjuna-sgxrun (for testing purposes) utility instead.

Options

Usage: Runtime/anjuna-runtime [--dev] <application> [<application args>]
   or: Runtime/anjuna-runtime -runtime [HELP_OPTION]
   or: Runtime/anjuna-runtime --provision [EPID_PROVISION_OPTIONS] <application>

Dev Mode Option:
  --dev               load shared libraries without validation, for debug enclaves only

License Option:
  --license-path      path to license file

Help Option:
  --version           display the version and exit
  --usage, --help     print this message and exit

EPID Provisioning Options:
  --spid value        set the Intel Service Provider ID (spid)
  --nonce             an optional nonce for generating the SGX quote
  --unlinkable        set the Intel attestation policy to 'unlinkable'
                      If this parameter is not specified, the SGX quote;
                      will be performed with the attestation policy set to 'linkable'
  --runtime-work-dir  the directory containing the Runtime files

Exit status

Anjuna SGX Runtime returns the target application’s exit code.

AVX support

The Anjuna SGX Runtime is compiled to support Intel Advanced Extensions (or AVX) that applications can leverage to increase performance for specific vector operations. Most Intel processors support those instructions, except for Celeron J-series (like J4005) and Pentium Silver series, which were introduced to show Intel® SGX2 support.

When running on unsupported processors, the Anjuna SGX Runtime displays the following error:

    manifest file: file:<application>.manifest.sgx
    enclave ECREATE failed in enclave creation ioctl - 22
    Error: AVX not supported on this host

The Runtime can be configured to run without AVX on unsupported processors. More information can be found in the Configuration reference.

Example

$ Runtime/anjuna-runtime /usr/bin/openssl version