Asylo SGX backend build rules

sgx_enclave_configuration

sgx_enclave_configuration(name, disable_debug, heap_max_size, isvextprodid, isvfamilyid, isvsvn, kss, misc_mask, misc_select, prodid, provision_key, stack_max_size, tcs_num, tcs_policy)

Attributes

name Name; required

A unique name for this target.

disable_debug String; optional

Indicates whether launching the enclave in debug mode is disabled

heap_max_size String; optional

The enclave's maximum heap size in bytes (4KB aligned)

isvextprodid String; optional

The enclave's 16-byte extended ISVPRODID value. It is an error to set this attribute if 'kss' is set to False

isvfamilyid String; optional

The enclave's 16-byte extended ISV Family ID. It is an error to set this attribute if 'kss' is set to False

isvsvn String; optional

The enclave's ISV (Independent Software Vendor) assigned Security Version Number

kss Boolean; optional

Indicates whether the enclave can use Key Sharing and Separation (KSS)

misc_mask String; optional

A mask indicating which bits in misc_select are enforced

misc_select String; optional

The desired Extended SSA frame feature (must be 0)

prodid String; optional

The enclave's ISV (Independent Software Vendor) assigned Product ID

provision_key String; optional

Indicates whether the enclave has access to the Provisioning Key and the Provisioning Seal Key

stack_max_size String; optional

The enclave's maximum stack size in bytes (4KB aligned)

tcs_num String; optional

The number of Thread Control Structures allocated for the enclave

tcs_policy String; optional

The TCS management policy (0 - The TCS is bound to the untrusted thread, 1 - The TCS is unbound to the untrusted thread)

SGXEnclaveConfigInfo

SGXEnclaveConfigInfo()

SGXEnclaveInfo

SGXEnclaveInfo()

sgx_enclave

sgx_enclave(name, config, testonly, kwargs)

Build rule for creating SGX enclave shared object files signed for testing.

The enclave is signed with test key stored in @linux_sgx//:enclave_test_private.pem.

This macro creates two build targets: 1) name_unsigned.so: cc_binary that builds the unsigned enclave. 2) name: internal signing rule that (debug) signs name_unsigned.so.

Parameters

name required.

The debug-signed enclave target name.

config optional. default is "@linux_sgx//:enclave_debug_config"

An sgx_enclave_configuration rule.

testonly optional. default is 0

0 or 1, set to 1 if the target is only used in tests.

kwargs optional.

cc_binary arguments.

sgx_tags

sgx_tags()

Returns tags for SGX targets.