manifest.template

loader.entrypoint = "file:{{ gramine.libos }}"
libos.entrypoint = "{{ entrypoint }}"
loader.argv0_override = "{{ entrypoint }}"

loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
loader.insecure__use_cmdline_argv = true

# for eventfd test
sys.insecure__allow_eventfd = true

fs.mounts = [
  { path = "/lib", uri = "file:{{ gramine.runtimedir(libc) }}" },
  { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
  { path = "/exec_victim", uri = "file:{{ binary_dir }}/exec_victim" },
  { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
  { path = "/usr/{{ arch_libdir }}", uri = "file:/usr/{{ arch_libdir }}" },
  { path = "/bin", uri = "file:/bin" },

  { type = "tmpfs", path = "/mnt/tmpfs" },
  { type = "encrypted", path = "/tmp_enc", uri = "file:tmp_enc", key_name = "my_custom_key" },
]

sgx.thread_num = 16
sgx.nonpie_binary = true
sgx.debug = true

sgx.allowed_files = [
  "file:tmp/",
  "file:root", # for getdents test
  "file:testfile", # for mmap_file test
]

sgx.trusted_files = [
  "file:{{ gramine.libos }}",
  "file:{{ gramine.runtimedir(libc) }}/",
  "file:{{ arch_libdir }}/libgcc_s.so.1",
  "file:/usr{{ arch_libdir }}/libstdc++.so.6",
  "file:{{ binary_dir }}/{{ entrypoint }}",
  "file:{{ binary_dir }}/exec_victim",
]

sgx.insecure__protected_files_key = "ffeeddccbbaa99887766554433221100"
sgx.protected_files = [
  "file:tmp/pf/",
]

# See the `keys.c` test.
fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100"
fs.insecure__keys.my_custom_key = "00112233445566778899aabbccddeeff"

# for sealed_file_mrenclave* tests
sgx.protected_mrenclave_files = [
  "file:sealed_file_mrenclave.dat",
]

# for sealed_file_mrsigner test
sgx.protected_mrsigner_files = [
  "file:sealed_file_mrsigner.dat",
]