gramine-sgx-sign – Gramine SIGSTRUCT generator¶
Synopsis¶
gramine-sgx-sign [OPTION]… –output output_manifest –key key_file –manifest manifest_file
Description¶
gramine-sgx-sign is used to expand Trusted Files and generate signature file for given input manifest and libpal file (main Gramine binary).
Command line arguments¶
-
--help,-h¶ Show help and exit.
-
--outputoutput_manifest,-ooutput_manifest¶ Path to the output manifest file (with Trusted Files expanded).
-
--keykey_file,-kkey_file¶ Path to the private key used for signing.
-
--manifestmanifest_file,-mmanifest_file¶ Input manifest file.
-
--date<YYYY-MM-DD>|today¶ Set specific date to be put into
SIGSTRUCT. If not given, or the value is literaltoday, then current day according to system calendar is used. Otherwise expects<YYYY>-<MM>-<DD>. The date needs not to be a valid day, it will happily accept--date 0000-00-00, e.g. for reproducible builds.
-
--libpallibpal_path,-llibpal_path¶ Path to libpal file (main Gramine binary).
-
--sigfilesigfile,-ssigfile¶ Path to the output file containing
SIGSTRUCT. If not provided, manifest_file will be used with “.manifest” (if present) removed from the end and with “.sig” appended.
-
--depfiledepfile¶ Generate a file that describes the dependencies for the output manifest and
SIGSTRUCT, i.e. files that should trigger rebuilding if they’re modified. The dependency file is in Makefile format, and is suitable for using in build systems (Make, Ninja).
-
--verbose,-v¶ Print details to standard output. This is the default.
-
--quiet,-q¶ Don’t print details to standard output.
-
--with<plugin>¶ Use plugin to perform actual signing. The default plugin is
file, which signs theSIGSTRUCTusing PEM-encoded local file. The list of available plugins is at the end of--helpoutput.Each plugin may add its own set of options (usually in the form of
--<plugin>-<option>). To get help about those, use gramine-sgx-sign --with=<plugin> --help-<plugin> and/or consult the documentation of the respective plugin.