Enclave Boundary Messages

This file defines the messages for communicating with a trusted application’s entry-points: initialization, (re-entrant) execution input and output, and finalization.

HostConfig

A configuration message for the EnclaveManager to communicate with the attestation daemon.

Field	Type	Description	Required
`local_attestation_domain`	`string`	Local attestation domain of the enclave.	No

EnvironmentVariable

Represents an environment variable’s value to communicate a baseline environment to getenv.

Field	Type	Description	Required
`name`	`string`	The name of the variable (e.g., as input to `getenv`).	No
`value`	`string`	The initial value of the variable. An enclave can change the value later with e.g., `setenv`. The environment variable’s value is not changed by changes in the host environment. The host’s environment variable values are not inherited from the enclave.	No

LoggingConfig

Initialization settings for the logging system in an enclave.

Field	Type	Description	Required
`vlog_level`	`int32`	Enclave logging levels for VLOG. Any VLOG with levels below or equal to this level will be logged, others will be ignored.	No
`log_directory`	`string`	Directory under which to store enclave log files. Default: `"/tmp/"`	No

EnclaveLoadConfig

The configuration required to load an enclave. This message is extended for each backend supported by the Asylo primitive library. asylo::EnclaveManager::LoadEnclave is passed an instance of this message for loading enclaves in Asylo.

Field	Type	Description	Required
`name`	`string`	Name of the enclave to be loaded.	No
`config`	`EnclaveConfig`	Configuration passed to an enclave during initialization.	No
`exit_logging`	`bool`	Should enclave exit call logging be enabled.	No

EnclaveConfig

Configuration passed to an enclave during initialization. An enclave’s configuration (an instance of this message) is part of its identity. The base configuration included in EnclaveConfig is used to support platform capabilities such as the logging API and POSIX APIs.

Field	Type	Description	Required
`stdin_fd`	`int32`	Host file descriptor to use for standard in. A negative value indicates no standard in should be opened.	No
`stdout_fd`	`int32`	Host file descriptor to use for standard out. A negative value indicates no standard out should be opened.	No
`stderr_fd`	`int32`	Host file descriptor to use for standard error. A negative value indicates no standard error should be opened.	No
`host_name`	`string`	Host name of this enclave.	No
`current_working_directory`	`string`	Initial current working directory in enclave.	No
`enclave_assertion_authority_configs`	`EnclaveAssertionAuthorityConfig[]`	Enclave assertion authority configuration. If the enclave makes use of an assertion authority that requires configuration, a config should be listed here.	No
`environment_variables`	`EnvironmentVariable[]`	Environment variables that getenv understands inside the enclave.	No
`logging_config`	`LoggingConfig`	Configuration needed to initialize logging.	No
`enable_fork`	`bool`	Whether fork (which reserves an extra thread inside the enclave) is enabled.	No
`host_config`	`HostConfig`	System-specific enclave configuration. This configuration is expected to be the same for all enclaves running under the same instance of an OS.	No

EnclaveInput

Input passed to an enclave after it has been initialized with EnclaveConfig.

EnclaveFinal

Input passed to an enclave during finalization.

EnclaveOutput

An output message produced by an enclave for an invocation of its Run entry-point. This message can be used to send information out of the enclave back to an untrusted caller.

Field	Type	Description	Required
`status`	`StatusProto`	Contains status information for the Run invocation. A non-OK status may indicate an error in either trusted or untrusted space.	No