The new syntax also allows to specify SHA256 hashes for a subset of trusted files (to skip hash generation during graphene-sgx-sign):
[[sgx.trusted_files]]
uri = "file:trusted_testfile"
sha256 = "c49a0aae384a14c8320f015ed5958d4402ba0726a31c4230cf772f76ff8aca2e"
The previous TOML-table syntax is still supported but deprecated. Graphene utility graphene-sgx-sign generates final SGX manifests using the new syntax, but graphene-sgx can still run old-syntax manifests.
All Graphene regression tests are updated to use the new syntax. But all examples still use the old syntax (to be fixed in next commits).
As a side effect, the TOML C library (tomlc99) is updated to the latest version -- it supports mixed TOML arrays.
Fixes #2593.
How to test this PR?
All tests should pass. Since I updated Graphene tests to the new syntax, and left the examples with the old syntax, both syntaxes will be tested in CI and both must succeed.
Description of the changes
This PR adds a new manifest syntax to define lists of SGX allowed, trusted, protected files. The previous syntax used TOML tables:
The new syntax uses TOML arrays:
The new syntax also allows to specify SHA256 hashes for a subset of trusted files (to skip hash generation during
graphene-sgx-sign
):The previous TOML-table syntax is still supported but deprecated. Graphene utility
graphene-sgx-sign
generates final SGX manifests using the new syntax, butgraphene-sgx
can still run old-syntax manifests.All Graphene regression tests are updated to use the new syntax. But all examples still use the old syntax (to be fixed in next commits).
As a side effect, the TOML C library (
tomlc99
) is updated to the latest version -- it supports mixed TOML arrays.Fixes #2593.
How to test this PR?
All tests should pass. Since I updated Graphene tests to the new syntax, and left the examples with the old syntax, both syntaxes will be tested in CI and both must succeed.
This change is