Runtime/anjuna-runtime

Execute an application in an enclave.

SYNOPSIS

    Runtime/anjuna-runtime [ANJUNA-RUNTIME OPTIONS] APPLICATION [APPLICATION COMMAND-LINE ARGUMENTS] ...

DESCRIPTION

Runtime/anjuna-runtime is the custom application loader that enables you to run an entire application inside an Intel® SGX enclave.

Running an application under the Anjuna SGX Runtime is as simple as inserting Runtime/anjuna-runtime before the regular command line for the application being run.

For example, to run OpenSSL without the Anjuna SGX Runtime, run the following command:

    $ openssl version

To run OpenSSL with the Anjuna SGX Runtime using the same configuration, run the following command:

    $ Runtime/anjuna-runtime openssl version

Runtime/anjuna-runtime is used when the application SGX manifest has been created and signed. If the SGX manifest needs to be created or signed, use the anjuna-sgxrun utility instead.

OPTIONS

    Usage: Runtime/anjuna-runtime [--dev] <application> [<application args>]
       or: Runtime/anjuna-runtime [HELP_OPTIONS]
       or: Runtime/anjuna-runtime --provision [PROVISION_OPTIONS] <application>

    Dev Mode Option:
      --dev               load shared libraries without validation, for debug enclaves only

    Help Options:
      --version           display the version and exit
      --usage, --help     print this message and exit

    Provisioning Options:
      --spid value        set the Intel Service Provider ID (SPID) for EPID quotes, not
                          needed when using the DCAP SGX driver
      --nonce             an optional nonce when generating EPID SGX quotes
      --unlinkable        set the Intel attestation policy to 'unlinkable' in EPID quotes;
                          if not specified, EPID SGX quotes will have their attestation
                          policy set to 'linkable'.

EXIT STATUS

Anjuna SGX Runtime returns the target application’s exit code.

AVX support

The Anjuna SGX Runtime is compiled to support Intel Advanced Extensions (or AVX) that certain applications can leverage to increase performance for certain vector operations. Most Intel processors support those instructions, except for Celeron J-series (like J4005) and Pentium Silver series which was introduced to show Intel SGX2 support.

When running on such a processor, the Anjuna SGX Runtime displays the following error:

    manifest file: file:<application>.manifest.sgx
    enclave ECREATE failed in enclave creation ioctl - 22
    Error: AVX not supported on this host

The Runtime can be configured to run without AVX for such processors. More information can be found in the Configuration Reference.

EXAMPLE

    $ Runtime/anjuna-runtime openssl version