forked from apache/incubator-teaclave
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathconfig.toml
67 lines (57 loc) · 4.27 KB
/
config.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# MesaTEE Runtime Configuration
#
# Note that this config is loaded at running time. We don't have to trust the
# content though. Maliciously crafted config from this file will not break data
# confidentiality/integrity.
# Topology of MesaTEE Services
# ┌───────────────────────────────────────────────────┐
# │ │FNS API Endpoint
# │ ▼
# │ ┌─────────────────────┐
# │ │Function Node Service│
# │ TMS Internal ┌────────────────│ (FNS) │─┐
# │ Endpoint │ └─────────────────────┘ │
# │ ▼ │ │
# ┌────────┐ ┌───────────────────────┐ │ │ ┌──────────────────────┐
# │ User │ │Task Management Service│ ┌────────────┘ │ │Key Management Service│
# │ │──────▶│ (TMS) │ │ ├─▶│ (KMS) │
# └────────┘ └───────────────────────┘ │ │ └──────────────────────┘
# │ TMS API Endpoint │ │ ┌───────────────────┐ │KMS Internal
# │ │ │ │Trusted Distributed│ │ Endpoint
# │ └──────────────┴─▶│ File System │──┘
# │ TDFS Internal│ (TDFS) │
# │ Endpoint └───────────────────┘
# │ ▲
# │ │ TDFS API Endpoint
# └───────────────────────────────────────────────────┘
# This section configures the MesaTEE API endpoints where a user MUST connect to.
# `listen_ip` specifies the IPv4/6 address that the service should listen on;
# `connect_ip` is a required field for FNS only. The user is not required to
# know this address; instead the user SHOULD expect to get this address from TMS.
# This is a required section.
[api_endpoints]
tms = { listen_ip = "0.0.0.0", port = 5554 }
tdfs = { listen_ip = "0.0.0.0", port = 5065 }
fns = { listen_ip = "0.0.0.0", connect_ip = "127.0.0.1", port = 3444 }
# This section configures the internal endpoints used by MesaTEE services.
# `listen_ip` specifies the IPv4/6 address that the service should listen on;
# `connect_ip` specifies the IPv4/6 address that the other services should connect to;
# A user SHOULD NOT connect to these endpoints.
# This is a required section.
[internal_endpoints]
tms = { listen_ip = "0.0.0.0", connect_ip = "127.0.0.1", port = 5555 }
tdfs = { listen_ip = "0.0.0.0", connect_ip = "127.0.0.1", port = 5066 }
kms = { listen_ip = "0.0.0.0", connect_ip = "127.0.0.1", port = 6016 }
# This section configures the location of certificate/private key used to
# connect to Intel® Attestation Service (IAS).
# This is a required section.
[ias_client_config]
spid = { path = "bin/ias_spid.txt" }
key = { path = "bin/ias_key.txt" }
# This section configures the auditors.
# This is a required section.
[audited_enclave_config]
enclave_info = { path = "out/enclave_info.txt" }
signature_a = { path = "auditors/godzilla/godzilla.sign.sha256" }
signature_b = { path = "auditors/optimus_prime/optimus_prime.sign.sha256" }
signature_c = { path = "auditors/albus_dumbledore/albus_dumbledore.sign.sha256" }