From 1ccb4495c21f514b9291e6e631b516c25aed1ae3 Mon Sep 17 00:00:00 2001 From: Dmitrii Kuvaiskii Date: Thu, 9 Sep 2021 23:50:07 -0700 Subject: [PATCH] Add documentation Documentation config is taken from the core Gramine repo and slightly modified (C-specific configs are replaced/removed). The main text is taken from the core repo's `manpages/gsc.rst`. Note that the description of GSC is updated to use `gramine` word everywhere. Signed-off-by: Dmitrii Kuvaiskii --- Documentation/.gitignore | 1 + Documentation/Doxyfile | 18 + Documentation/Makefile | 22 ++ Documentation/_static/css/gramine.css | 3 + Documentation/_templates/.gitignore | 0 Documentation/conf.py | 143 +++++++ Documentation/gramine_logo.svg | 37 ++ Documentation/img/.gitignore | 0 Documentation/index.rst | 518 ++++++++++++++++++++++++++ Documentation/requirements.txt | 3 + test/generic.manifest | 2 + 11 files changed, 747 insertions(+) create mode 100644 Documentation/.gitignore create mode 100644 Documentation/Doxyfile create mode 100644 Documentation/Makefile create mode 100644 Documentation/_static/css/gramine.css create mode 100644 Documentation/_templates/.gitignore create mode 100644 Documentation/conf.py create mode 100644 Documentation/gramine_logo.svg create mode 100644 Documentation/img/.gitignore create mode 100644 Documentation/index.rst create mode 100644 Documentation/requirements.txt create mode 100644 test/generic.manifest diff --git a/Documentation/.gitignore b/Documentation/.gitignore new file mode 100644 index 00000000..e35d8850 --- /dev/null +++ b/Documentation/.gitignore @@ -0,0 +1 @@ +_build diff --git a/Documentation/Doxyfile b/Documentation/Doxyfile new file mode 100644 index 00000000..5ab3f354 --- /dev/null +++ b/Documentation/Doxyfile @@ -0,0 +1,18 @@ +PROJECT_NAME = "gsc" +OUTPUT_DIRECTORY = _build/doxygen +INPUT = ../src + +GENERATE_XML = YES +XML_PROGRAMLISTING = NO +XML_OUTPUT = xml + +GENERATE_HTML = NO +GENERATE_LATEX = NO + +WARN_NO_PARAMDOC = YES +WARN_AS_ERROR = NO +OPTIMIZE_OUTPUT_FOR_C = YES +EXTRACT_STATIC = YES + +ALIASES = "rst=\verbatim embed:rst:leading-asterisk" +ALIASES += "endrst=\endverbatim" diff --git a/Documentation/Makefile b/Documentation/Makefile new file mode 100644 index 00000000..165d0976 --- /dev/null +++ b/Documentation/Makefile @@ -0,0 +1,22 @@ +# Minimal makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +SOURCEDIR = . +BUILDDIR = _build + +# Put it first so that "make" without argument is like "make help". +help: + @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + +clean: + $(RM) -r "$(BUILDDIR)" + +.PHONY: help Makefile Doxyfile clean + +# Catch-all target: route all unknown targets to Sphinx using the new +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +%: Makefile + @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) diff --git a/Documentation/_static/css/gramine.css b/Documentation/_static/css/gramine.css new file mode 100644 index 00000000..3e6922a2 --- /dev/null +++ b/Documentation/_static/css/gramine.css @@ -0,0 +1,3 @@ +.rst-content dl:not(.docutils)>dt { + font-family: SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace; +} diff --git a/Documentation/_templates/.gitignore b/Documentation/_templates/.gitignore new file mode 100644 index 00000000..e69de29b diff --git a/Documentation/conf.py b/Documentation/conf.py new file mode 100644 index 00000000..b833060a --- /dev/null +++ b/Documentation/conf.py @@ -0,0 +1,143 @@ +# pylint: skip-file +# +# Configuration file for the Sphinx documentation builder. +# +# This file does only contain a selection of the most common options. For a +# full list see the documentation: +# http://www.sphinx-doc.org/en/master/config + +# -- Path setup -------------------------------------------------------------- + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# +# import os +# import sys +# sys.path.insert(0, os.path.abspath('.')) + +import collections +import pathlib +import subprocess + +# -- Project information ----------------------------------------------------- + +project = 'GSC Contributions' +copyright = '2021, GSC Contributors' +author = 'GSC Contributors' + +# The short X.Y version +version = '' +# The full version, including alpha/beta/rc tags +release = '' + + +# -- General configuration --------------------------------------------------- + +# If your documentation needs a minimal Sphinx version, state it here. +# +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.autodoc', + 'sphinx.ext.todo', + 'breathe', + 'sphinx_rtd_theme', +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +source_suffix = { + '.rst': 'restructuredtext', +} + +# The master toctree document. +master_doc = 'index' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +# This pattern also affects html_static_path and html_extra_path. +exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = None + +highlight_language = 'python3' +primary_domain = 'py' + +rst_prolog = ''' +.. |~| unicode:: 0xa0 + :trim: +''' + +breathe_projects = { + 'gsc': '_build/doxygen/xml', +} + +def generate_doxygen(app): + subprocess.check_call(['doxygen', 'Doxyfile']) + +def setup(app): + app.add_stylesheet('css/gramine.css') + app.connect('builder-inited', generate_doxygen) + +breathe_domain_by_extension = { + 'h': 'c', +} + +todo_include_todos = True + +nitpicky = True + +# -- Options for HTML output ------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +# +html_theme = 'sphinx_rtd_theme' +html_theme_options = { + 'logo_only': True, +} +html_logo = 'gramine_logo.svg' + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Custom sidebar templates, must be a dictionary that maps document names +# to template names. +# +# The default sidebars (for documents that don't match any pattern) are +# defined by theme itself. Builtin themes are using these templates by +# default: ``['localtoc.html', 'relations.html', 'sourcelink.html', +# 'searchbox.html']``. +# +# html_sidebars = {} + + +# -- Options for manual page output ------------------------------------------ + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ +] + +# barf if a page is not included +assert (collections.Counter(str(p.with_suffix('')) + for p in pathlib.Path().glob('manpages/*.rst') + if not p.stem == 'index') + == collections.Counter(source + for source, *_ in man_pages)) diff --git a/Documentation/gramine_logo.svg b/Documentation/gramine_logo.svg new file mode 100644 index 00000000..80fff2ae --- /dev/null +++ b/Documentation/gramine_logo.svg @@ -0,0 +1,37 @@ + + + + 074510C7-BDF4-416F-A6C3-8C2B191E0454 + Created with sketchtool. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Documentation/img/.gitignore b/Documentation/img/.gitignore new file mode 100644 index 00000000..e69de29b diff --git a/Documentation/index.rst b/Documentation/index.rst new file mode 100644 index 00000000..303e07bf --- /dev/null +++ b/Documentation/index.rst @@ -0,0 +1,518 @@ +.. program:: gsc + +============================================= +:program:`gsc` -- Gramine Shielded Containers +============================================= + +.. warning:: + GSC is still under development and must not be used in production! Please + see `issue #13 `__ for a + description of missing features and security caveats. + +Synopsis +======== + +:command:`gsc` *COMMAND* [*OPTIONS*] ... + +Description +=========== + +Docker containers are widely used to deploy applications in the cloud. Using +Gramine Shielded Containers (GSC) we provide the infrastructure to deploy Docker +containers protected by Intel SGX enclaves using the Gramine Library OS. + +The :program:`gsc` tool transforms a Docker image into a new image +(called ``gsc-``) which includes the Gramine Library OS, manifest +files, Intel SGX related information, and executes the application inside an +Intel SGX enclave using the Gramine Library OS. It follows the common Docker +approach to first build an image and subsequently run a container of an image. +At first a Docker image has to be graminized via the :command:`gsc build` +command. When the graminized image should run within an Intel SGX enclave, the +image has to be signed via a :command:`gsc sign-image` command. Subsequently, +the image can be run using :command:`docker run`. + +Prerequisites +============= + +The installation descriptions of prerequisites are for Ubuntu 18.04 and may +differ when using a different Ubuntu version or Linux distribution. + +Software packages +----------------- + +Please install the ``docker.io``, ``python3``, ``python3-pip`` packages. In +addition, install the Docker client, Jinja2, TOML, and YAML python packages via +pip. GSC requires Python 3.6 or later. + +.. code-block:: sh + + sudo apt-get install docker.io python3 python3-pip + pip3 install docker jinja2 toml pyyaml + +SGX software stack +------------------ + +To run with Intel SGX, please install the corresponding software stack as +described in https://gramine.readthedocs.io/en/latest/building.html. + +Host configuration +------------------ + +To create Docker images, the user must have access to Docker daemon. + +.. warning:: + Please use this step with caution. By granting the user access to the Docker + group, the user may acquire root privileges via :command:`docker run`. + +.. code-block:: sh + + sudo adduser $USER docker + +Create a configuration file called :file:`config.yaml` or specify a different +configuration file via :program:`gsc` option. Please see the documentation on +configuration options below and use the :file:`config.yaml.template` as +reference. + +Command line arguments +====================== + +.. option:: --help + + Display usage. + +.. program:: gsc-build + +:command:`gsc build` -- build graminized image +----------------------------------------------- + +Builds an unsigned graminized Docker image of an application image called +``gsc--unsigned`` by compiling Gramine or relying on a prebuilt +Gramine image. + +:command:`gsc build` [*OPTIONS*] <*IMAGE-NAME*> <*APP.MANIFEST*> + +.. option:: -d + + Compile Gramine with debug flags and debug output. If configured to use a + prebuilt Gramine image, the image has to support this option. + +.. option:: -L + + Compile Gramine with Linux PAL in addition to Linux-SGX PAL. If configured + to use a prebuilt Gramine image, the image has to support this option. + +.. option:: --insecure-args + + Allow untrusted arguments to be specified at :command:`docker run`. Otherwise + any arguments specified during :command:`docker run` are ignored. + +.. option:: --no-cache + + Disable Docker's caches during :command:`gsc build`. This builds the + unsigned graminized image from scratch. + +.. option:: --rm + + Remove intermediate Docker images created by :command:`gsc build`, if the + image build is successful. + +.. option:: --build-arg + + Set build-time variables during :command:`gsc build` (same as `docker build + --build-arg`). + +.. option:: -c + + Specify configuration file. Default: :file:`config.yaml`. + +.. option:: IMAGE-NAME + + Name of the application Docker image. + +.. option:: APP.MANIFEST + + Manifest file (Gramine configuration). + +.. program:: gsc-sign-image + +:command:`gsc sign-image` -- signs a graminized image +------------------------------------------------------ + +Signs the enclave of an unsigned graminized Docker image and creates a new +Docker image called ``gsc-``. :command:`gsc sign-image` always +removes intermediate Docker images, if successful or not, to ensure the removal +of the signing key in them. + +:command:`gsc sign-image` [*OPTIONS*] <*IMAGE-NAME*> <*KEY-FILE*> + +.. option:: -c + + Specify configuration file. Default: :file:`config.yaml` + +.. option:: IMAGE-NAME + + Name of the application Docker image + +.. option:: KEY-FILE + + Used to sign the Intel SGX enclave + +.. program:: gsc-build-gramine + +:command:`gsc build-gramine` -- build Gramine-only Docker image +----------------------------------------------------------------- + +Builds a base Docker image including the Gramine sources and compiled runtime. +This base image can be used as input for :command:`gsc build` via configuration +parameter `Gramine.Image`. + +:command:`gsc build-gramine` [*OPTIONS*] <*IMAGE-NAME*> + +.. option:: -d + + Compile Gramine with debug flags and debug output. Allows :command:`gsc + build` commands to include debug runtime using :option:`-d `. + +.. option:: -L + + Compile Gramine with Linux PAL in addition to Linux-SGX PAL. Allows + :command:`gsc build` commands to include the Linux PAL using :option:`-L + `. + +.. option:: --no-cache + + Disable Docker's caches during :command:`gsc build-gramine`. This builds the + unsigned graminized image from scratch. + +.. option:: --rm + + Remove intermediate Docker images created by :command:`gsc build-gramine`, + if the image build is successful. + +.. option:: --build-arg + + Set build-time variables during :command:`gsc build-gramine` (same as + `docker build --build-arg`). + +.. option:: -c + + Specify configuration file. Default: :file:`config.yaml` + +.. option:: -f + + Stop after Dockerfile is created and do not build the Docker image. + +.. option:: IMAGE-NAME + + Name of the resulting Gramine Docker image + +.. program:: gsc-info-image + +:command:`gsc info-image` -- retrieve information about graminized Docker image +-------------------------------------------------------------------------------- + +Retrieves Intel SGX relevant information about the graminized Docker image such +as the ``MRENCLAVE`` and ``MRSIGNER`` measurements for each application in the +Docker image. + +Synopsis: + +:command:`gsc info-image` <*IMAGE-NAME*> + +.. option:: IMAGE-NAME + + Name of the graminized Docker image + +Using Gramine's trusted command line arguments +---------------------------------------------- + +Most executables aren't designed to run with attacker-controlled arguments. +Allowing an attacker to control executable arguments can break the security of +the resulting enclave. + +:command:`gsc build` uses the existing Docker image's entrypoint and cmd fields +to identify the trusted arguments. These arguments are stored in +:file:`trusted_argv`. This file is only generated when :option:`--insecure-args +` is *not* specified. As a result any arguments +specified during :command:`docker run` are ignored. + +To be able to provide arguments at runtime, the image build has to enable this +via the option :option:`--insecure-args `. + +Stages of building graminized SGX Docker images +------------------------------------------------ + +The build process of a graminized Docker image from image ```` +follows three main stages and produces an image named ``gsc-``. +:command:`gsc build-gramine` performs only the first stage, +:command:`gsc build` performs the first two stages, and finally +:command:`gsc sign-image` performs the last stage. + +#. **Building Gramine.** The first stage builds Gramine from sources based on + the provided configuration (see :file:`config.yaml`) which includes the + distribution (e.g., Ubuntu 18.04), Gramine repository, and the Intel SGX + driver details. This stage can be skipped if :command:`gsc build` uses a + pre-built Gramine Docker image. + +#. **Graminizing the application image.** The second stage copies the important + Gramine artifacts (e.g., the runtime and signer tool) from the first stage + (or if the first stage was skipped, it pulls a prebuilt Docker image defined + via the configuration file). It then prepares image-specific variables such + as the executable path and the library path, and scans the entire image to + generate a list of trusted files. GSC excludes files and paths starting with + :file:`/boot`, :file:`/dev`, :file:`.dockerenv`, :file:`.dockerinit`, + :file:`/etc/mtab`, :file:`/etc/rc`, :file:`/proc`, :file:`/sys`, and + :file:`/var`, since checksums are required which either don't exist or may + vary across different deployment machines. GSC combines these variables and + list of trusted files into a new manifest file. In a last step the entrypoint + is changed to launch the :file:`apploader.sh` script which generates an Intel + SGX token and starts the :program:`gramine-sgx` loader. Note that the + generated image (``gsc--unsigned``) cannot successfully load an + Intel SGX enclave, since essential files and the signature of the enclave are + still missing (see next stage). + +#. **Signing the Intel SGX enclave.** The third stage uses Gramine's signer + tool to generate SIGSTRUCT files for SGX enclave initialization. This tool + also generates an SGX-specific manifest file. The required signing key is + provided by the user via the :command:`gsc sign-image` command and copied + into this Docker build stage. The generated image is called + ``gsc-`` and includes all necessary files to start an Intel SGX + enclave. + +In the future we plan to provide prebuilt Gramine images for popular +cloud-provider offerings. + +Generating a signed graminized Docker image +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The last stage combines the graminized Docker image with the signed enclave and +manifest files. Therefore it copies the SIGSTRUCT files and the SGX-specific +manifest file from the previous stage into the graminized Docker image from the +second stage. + +Configuration +============= + +GSC is configured via a configuration file called :file:`config.yaml` or +specified as a :program:`gsc` option. A template configuration file is provided +in :file:`config.yaml.template`. + +.. describe:: Distro + + Defines Linux distribution to be used to build Gramine in. Currently the + only supported value is ``ubuntu18.04``. + +.. describe:: Gramine.Repository + + Source repository of Gramine. Default value: + `https://github.com/gramineproject/gramine.git + `__. + +.. describe:: Gramine.Branch + + Use this branch of the repository. Default value: master. + +.. describe:: Gramine.Image + + Builds graminized Docker image based on a prebuilt Gramine Docker image. + These images are prepared via :command:`gsc build-gramine` and will be + provided for popular cloud-provider environments. `Gramine.Repository` and + `Gramine.Branch` are ignored in case `Gramine.Image` is specified. + +.. describe:: SGXDriver.Repository + + Source repository of the Intel SGX driver. Default value: "" + (in-kernel driver) + +.. describe:: SGXDriver.Branch + + Use this branch of the repository. Default value: "" + (in-kernel driver) + +Run graminized Docker images +============================= + +Execute :command:`docker run` command via Docker CLI and provide gsgx and +isgx/sgx devices and the PSW/AESM socket. Additional Docker options and +executable arguments may be supplied to the :command:`docker run` command. + +.. warning:: + Forwarding devices to a container lowers security of the host. GSC should + never be used as a sandbox for applications (i.e. it only shields the app + from the host but not vice versa). + +.. program:: docker + +:command:`docker run` [*OPTIONS*] gsc-<*IMAGE-NAME*> [<*ARGUMENTS*>] + +.. option:: OPTIONS + + :command:`docker run` options. Common options include ``-it`` (interactive + with terminal), ``-d`` (detached), ``--device`` (forward device). Please see + `Docker manual `__ + for details. + +.. option:: IMAGE-NAME + + Name of original image (without GSC build). + +.. option:: ARGUMENTS + + Arguments to be supplied to the executable launching inside the Docker + container and Gramine. Such arguments may only be provided when + :option:`--insecure-args ` was specified during + :command:`gsc build`. + + +Execute with Linux PAL instead of Linux-SGX PAL +----------------------------------------------- + +When specifying :option:`-L ` during GSC :command:`gsc build`, +you may select the Linux PAL at Docker run time instead of the Linux-SGX PAL by +specifying the environment variable :envvar:`GSC_PAL` as an option to the +:command:`docker run` command. When using the Linux PAL, it is not necessary to +sign the image via a :command:`gsc sign-image` command. + +.. envvar:: GSC_PAL + + This environment variable specifies the pal loader. + +.. code-block:: sh + + docker run ... --env GSC_PAL=Linux gsc- ... + +Example +======= + +.. warning:: + Example below relies on insecure arguments to be able to run Python with + arbitrary arguments. This is not intended for production environments. + +The example below shows how to graminize the public Docker image of Python3. +This example assumes that all prerequisites are installed and configured. + +#. Create a configuration file: + + .. code-block:: sh + + cp config.yaml.template config.yaml + # Manually adopt config.yaml to the installed Intel SGX driver and desired + # Gramine repository/version. + +#. Generate the signing key (if you don't already have a key): + + .. code-block:: sh + + openssl genrsa -3 -out enclave-key.pem 3072 + +#. Pull public Python image from Dockerhub: + + .. code-block:: sh + + docker pull python + +#. Graminize the Python image using :command:`gsc build`: + + .. code-block:: sh + + ./gsc build --insecure-args python test/generic.manifest + +#. Sign the graminized Docker image using :command:`gsc sign-image`: + + .. code-block:: sh + + ./gsc sign-image python enclave-key.pem + +#. Retrieve SGX-related information from graminized image using :command:`gsc info-image`: + + .. code-block:: sh + + ./gsc info-image gsc-python + +#. Test the graminized Docker image (change ``--device=/dev/sgx_enclave`` to + your version of the Intel SGX driver if needed): + + .. code-block:: sh + + docker run --device=/dev/sgx_enclave \ + -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \ + gsc-python -c 'print("HelloWorld!")' + +#. You can also start a Bash interactive session in the graminized Docker + image (useful for debugging): + + .. code-block:: sh + + docker run --device=/dev/sgx_enclave \ + -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \ + -it --entrypoint /bin/bash gsc-python + +Limitations +=========== + +This document focuses on the most important limitations of GSC. `Issue #13 +`__ provides the complete list +of known limitations and serves as a discussion board for workarounds. + +Dependency on Ubuntu 18.04 +-------------------------- + +Docker images not based on Ubuntu 18.04 may not be compatible with GSC. GSC +relies on Gramine to execute Linux applications inside Intel SGX enclaves and +the installation of prerequisites depends on package manager and package +repositories. GSC can simply be extended to support other distributions by +providing a template for this distribution in :file:`templates/`. + +Trusted data in Docker volumes +------------------------------ + +Data mounted as Docker volumes at runtime is not included in the general search +for trusted files during the image build. As a result, Gramine denies access to +these files, since they are neither allowed nor trusted files. This will likely +break applications using files stored in Docker volumes. + +Workaround +^^^^^^^^^^ + +Trusted files can be added to image-specific manifest file (first argument to +:command:`gsc build` command) at build time. This workaround does not allow +these files to change between build and run, or over multiple runs. This only +provides integrity for files and not confidentiality. + +Allowing dynamic file contents via Gramine protected files +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Docker volumes can include Gramine protected files. As a result Gramine can +open these protected files without knowing the exact contents as long as the +protected file was configured in the manifest. The complete and secure use of +protected files may require additional steps. + +Integration of Docker Secrets +----------------------------- + +Docker Secrets are automatically pulled by Docker and the results are stored +either in environment variables or mounted as files. GSC is currently unaware of +such files and hence, cannot mark them trusted. Similar to trusted data, these +files may be added to the manifest. + +Access to files in excluded paths +--------------------------------- + +The manifest generation excludes all files and paths starting with :file:`/boot` +, :file:`/dev`, :file:`.dockerenv`, :file:`.dockerinit`, :file:`/etc/mtab`, +:file:`/etc/rc`, :file:`/proc`, :file:`/sys`, and :file:`/var` from the list of +trusted files. If your application relies on some files in these directories, +you must manually add them to the manifest:: + + sgx.trusted_files = [ "file:file1", "file:file2" ] + or + sgx.allowed_files = [ "file:file3", "file:file4" ] + +Docker images with non-executables as entrypoint +------------------------------------------------ + +Docker images may contain a script entrypoint which is not an ELF executable. +:program:`gsc` fails to recognize such entrypoints and fails during the image +build. A workaround relies on creating an image from the application image which +has an entrypoint of the script interpreter with the script as an argument. This +allows :program:`gsc` to start the interpreter instead of the script. diff --git a/Documentation/requirements.txt b/Documentation/requirements.txt new file mode 100644 index 00000000..e0b27586 --- /dev/null +++ b/Documentation/requirements.txt @@ -0,0 +1,3 @@ +sphinx==1.8.0 +breathe<4.13.0 +sphinx_rtd_theme<1 diff --git a/test/generic.manifest b/test/generic.manifest new file mode 100644 index 00000000..187b2fc1 --- /dev/null +++ b/test/generic.manifest @@ -0,0 +1,2 @@ +sgx.enclave_size = "4G" +sgx.thread_num = 8