gramine-ratls – RA-TLS wrapper

Synopsis

gramine-ratls [OPTIONS] <CERTFILE> <KEYFILE> [–] [COMMAND ARGS …]

Description

gramine-ratls generates X.509 certificate and matching private key using RA-TLS library. It saves those as files (by default PEM encoded, but see option -D) under paths given as first two CLI arguments. If further arguments are passed, those are interpreted as a command that is then executed using execvp().

It is intended to launch standalone TLS (HTTPS) servers which require cert and key passed as files.

Options

-D

Write the certificate and key in DER format.

-P

Write the certificate and key in PEM format. This is the default, but can be used to override -D.

-h

Show help and exit.

Example

This manifest will run gramine-ratls and write the contents of certificate file to standard output using the cat utility:

loader.entrypoint = "file:{{ gramine.libos }}"
loader.argv = [
    "gramine-ratls", "/tmp/crt.der", "/tmp/key.der",
    "cat", "/tmp/crt.der",
]
libos.entrypoint = "/gramine-ratls"

loader.env.LD_LIBRARY_PATH = "/lib"

fs.mounts = [
    { path = "/gramine-ratls", uri = "file:/usr/bin/gramine-ratls" },
    { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
    { path = "/bin/cat", uri = "file:/bin/cat" },
    { path = "/tmp", type = "tmpfs" },
]

sgx.remote_attestation = "dcap"

sgx.debug = true

sgx.trusted_files = [
    "file:{{ gramine.libos }}",
    "file:/usr/bin/gramine-ratls",
    "file:{{ gramine.runtimedir() }}/",
    "file:/bin/cat",
]