gramine-ratls – RA-TLS wrapper¶
Synopsis¶
gramine-ratls [OPTIONS] <CERTFILE> <KEYFILE> [–] [COMMAND ARGS …]
Description¶
gramine-ratls generates X.509 certificate and matching private key
using RA-TLS library. It saves those as files (by default PEM encoded, but see
option -D
) under paths given as first two CLI arguments. If further
arguments are passed, those are interpreted as a command that is then
executed using execvp()
.
It is intended to launch standalone TLS (HTTPS) servers which require cert and key passed as files.
Options¶
-
-D
¶
Write the certificate and key in DER format.
-
-P
¶
Write the certificate and key in PEM format. This is the default, but can be used to override
-D
.
-
-h
¶
Show help and exit.
Example¶
This manifest will run gramine-ratls and write the contents of certificate file to standard output using the cat utility:
loader.entrypoint = "file:{{ gramine.libos }}"
loader.argv = [
"gramine-ratls", "/tmp/crt.der", "/tmp/key.der",
"cat", "/tmp/crt.der",
]
libos.entrypoint = "/gramine-ratls"
loader.env.LD_LIBRARY_PATH = "/lib"
fs.mounts = [
{ path = "/gramine-ratls", uri = "file:/usr/bin/gramine-ratls" },
{ path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
{ path = "/bin/cat", uri = "file:/bin/cat" },
{ path = "/tmp", type = "tmpfs" },
]
sgx.remote_attestation = "dcap"
sgx.debug = true
sgx.trusted_files = [
"file:{{ gramine.libos }}",
"file:/usr/bin/gramine-ratls",
"file:{{ gramine.runtimedir() }}/",
"file:/bin/cat",
]