This is documentation for the development version of the project, aka master branch. If you installed Gramine from packages, documentation for the stable version is available at

Python API


We expose a Python API for manifest, SIGSTRUCT and SGX token management.


To render a manifest from a jinja2 template:

from graminelibos import Manifest

with open('some_manifest_template_file', 'r') as f:
    template_string =

manifest = Manifest.from_template(template_string, {'foo': 123})

with open('some_output_file', 'w') as f:

To create a signed SIGSTRUCT file from a manifest:

import datetime
from graminelibos import get_tbssigstruct, sign_with_local_key

today =
# Manifest must be ready for signing, e.g. all trusted files must be already expanded.
sigstruct = get_tbssigstruct('path_to_manifest', today, 'optional_path_to_libpal')
sigstruct.sign(sign_with_local_key, 'path_to_private_key')

with open('path_to_sigstruct', 'wb') as f:

To create a SGX token file from a signed SIGSTRUCT file:

from graminelibos import Sigstruct, get_token

with open('path_to_sigstruct', 'rb') as f:
    sigstruct = Sigstruct.from_bytes(

token = get_token(sigstruct)

with open('path_to_token_file', 'wb') as f:

API Reference