# Copyright (C) 2023 Gramine contributors # SPDX-License-Identifier: BSD-3-Clause # Python3 manifest example loader.entrypoint = "file:{{ gramine.libos }}" libos.entrypoint = "{{ entrypoint }}" #loader.log_level = "{{ log_level }}" loader.log_level = "all" loader.env.LD_LIBRARY_PATH = "/lib:/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}" # Python's NumPy spawns as many threads as there are CPU cores, and each thread # consumes a chunk of memory, so on large machines 1G enclave size may be not enough. # We limit the number of spawned threads via OMP_NUM_THREADS env variable. loader.env.OMP_NUM_THREADS = "4" loader.env.PATH= "/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" loader.insecure__use_cmdline_argv = true sys.enable_sigterm_injection = true fs.mounts = [ { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" }, { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" }, { path = "/usr/{{ arch_libdir }}", uri = "file:/usr/{{ arch_libdir }}" }, {% for path in python.get_sys_path(entrypoint) %} { path = "{{ path }}", uri = "file:{{ path }}" }, {% endfor %} { path = "{{ entrypoint }}", uri = "file:{{ entrypoint }}" }, { path = "/etc/hosts", uri = "file:helper-files/hosts" }, { type = "tmpfs", path = "/tmp"}, { path = "/usr/local/lib/python3.8/dist-packages/concrete_python.libs" , uri = "file:/usr/local/lib/python3.8/dist-packages/concrete_python.libs" }, { path = "/bin" , uri = "file:/bin" }, { path = "/usr/local/lib/python3.8" , uri = "file:/usr/local/lib/python3.8" }, { path = "/usr/lib/python3.8" , uri = "file:/usr/lib/python3.8" }, { path = "/usr/lib/python3" , uri = "file:/usr/lib/python3" } ] sys.stack.size = "2M" sys.enable_extra_runtime_domain_names_conf = true sgx.debug = true sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} sgx.enclave_size = "4G" #sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '32' }} sgx.max_threads = 128 sgx.remote_attestation = "{{ ra_type }}" sgx.ra_client_spid = "{{ ra_client_spid }}" sgx.ra_client_linkable = {{ 'true' if ra_client_linkable == '1' else 'false' }} sgx.trusted_files = [ "file:{{ gramine.libos }}", "file:{{ entrypoint }}", "file:{{ gramine.runtimedir() }}/", "file:{{ arch_libdir }}/", "file:/usr/{{ arch_libdir }}/", {% for path in python.get_sys_path(entrypoint) %} "file:{{ path }}{{ '/' if path.is_dir() else '' }}", {% endfor %} "file:scripts/", "file:helper-files/", "file:/bin/", ] sgx.allowed_files = [ "file:test.onnx", "file:.artifacts/", "file:/usr/local/lib/python3.8/dist-packages/concrete_python.libs", "file:/usr/local/lib/python3.8/", "file:/usr/lib/python3.8/", "file:/usr/lib/python3/", ]