Enclave Boundary Messages

This file defines the messages for communicating with a trusted application’s entry-points: initialization, (re-entrant) execution input and output, and finalization.

HostConfig

A configuration message for the EnclaveManager to communicate with the attestation daemon.

Field Type Description Required
local_attestation_domain string

Local attestation domain of the enclave.

No

EnvironmentVariable

Represents an environment variable’s value to communicate a baseline environment to getenv.

Field Type Description Required
name string

The name of the variable (e.g., as input to getenv).

No
value string

The initial value of the variable. An enclave can change the value later with e.g., setenv. The environment variable’s value is not changed by changes in the host environment. The host’s environment variable values are not inherited from the enclave.

No

LoggingConfig

Initialization settings for the logging system in an enclave.

Field Type Description Required
vlog_level int32

Enclave logging levels for VLOG. Any VLOG with levels below or equal to this level will be logged, others will be ignored.

No
log_directory string

Directory under which to store enclave log files. Default: "/tmp/"

No

EnclaveLoadConfig

The configuration required to load an enclave. This message is extended for each backend supported by the Asylo primitive library. asylo::EnclaveManager::LoadEnclave is passed an instance of this message for loading enclaves in Asylo.

Field Type Description Required
name string

Name of the enclave to be loaded.

No
config EnclaveConfig

Configuration passed to an enclave during initialization.

No
exit_logging bool

Should enclave exit call logging be enabled.

No

EnclaveConfig

Configuration passed to an enclave during initialization. An enclave’s configuration (an instance of this message) is part of its identity. The base configuration included in EnclaveConfig is used to support platform capabilities such as the logging API and POSIX APIs.

Field Type Description Required
stdin_fd int32

Host file descriptor to use for standard in. A negative value indicates no standard in should be opened.

No
stdout_fd int32

Host file descriptor to use for standard out. A negative value indicates no standard out should be opened.

No
stderr_fd int32

Host file descriptor to use for standard error. A negative value indicates no standard error should be opened.

No
host_name string

Host name of this enclave.

No
current_working_directory string

Initial current working directory in enclave.

No
enclave_assertion_authority_configs EnclaveAssertionAuthorityConfig[]

Enclave assertion authority configuration. If the enclave makes use of an assertion authority that requires configuration, a config should be listed here.

No
environment_variables EnvironmentVariable[]

Environment variables that getenv understands inside the enclave.

No
logging_config LoggingConfig

Configuration needed to initialize logging.

No
enable_fork bool

Whether fork (which reserves an extra thread inside the enclave) is enabled.

No
host_config HostConfig

System-specific enclave configuration. This configuration is expected to be the same for all enclaves running under the same instance of an OS.

No

EnclaveInput

Input passed to an enclave after it has been initialized with EnclaveConfig.

EnclaveFinal

Input passed to an enclave during finalization.

EnclaveOutput

An output message produced by an enclave for an invocation of its Run entry-point. This message can be used to send information out of the enclave back to an untrusted caller.

Field Type Description Required
status StatusProto

Contains status information for the Run invocation. A non-OK status may indicate an error in either trusted or untrusted space.

No