forked from intel/sgx-ra-sample
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsettings
120 lines (72 loc) · 3.33 KB
/
settings
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# Use Bourne Shell style syntax for this file.
#======================================================================
# Global options
#======================================================================
# Set to non-zero to query the production IAS instead of development.
# Note that the SPID and certificate are different for production
# and development, so if you change this you'll need to change them,
# too.
QUERY_IAS_PRODUCTION=0
# Your Service Provider ID. This should be a 32-character hex string.
# [REQUIRED]
SPID=928A6B0E3CDDAD56EB3BADAA3B63F71F
# Set to a non-zero value if this SPID is associated with linkable
# quotes. If you change this, you'll need to change SPID and
# IAS_CLIENT_CERT_FILE, too.
LINKABLE=0
#======================================================================
# Client options
#======================================================================
# Set to non-zero to have the client generate a random nonce.
RANDOM_NONCE=1
# Set to non-zero to have the client generate a platform manifest.
# This requires a PSE session, and thus support for platform
# services.
#
# (Note that server hardware does not support platform services)
USE_PLATFORM_SERVICES=0
#======================================================================
# Service provider (server) options
#======================================================================
# Your IAS client certificate file. [REQUIRED]
IAS_CLIENT_CERT_FILE=../ias-ra-data/cert/plse-ias-dev.pem
# Your IAS client key file.
#
# Note that curl built against NSS can only use a 3-des encrypted key
# or an unencrypted key.
#
# If using wget as your user agent, you have to use an unencrypted key.
# Otherwise, wget will prompt you for the prigve key password every time
# (there's no command line option to send the password or a password
# file path).
IAS_CLIENT_KEY_FILE=../ias-ra-data/cert/plse-ias-dev.pem
# If your IAS client certificate's key is encrypted, put the password
# in a file, and place the filename here. If you aren't using a password
# then comment this out.
IAS_CLIENT_CERT_KEY_PASSWORD_FILE=
# Your IAS client certificate type. This defaults to PEM if you leave
# it blank. Can be either PEM or P12.
IAS_CLIENT_CERT_TYPE=
# The Intel IAS SGX Report Signing CA file. You are sent this certificate
# when you apply for access to SGX Developer Services at
# http://software.intel.com/sgx [REQUIRED]
IAS_REPORT_SIGNING_CA_FILE=../ias-ra-data/cert/IASReportSigningCACert.pem
# Set to the URL for your proxy server to force the use of a proxy
# when communicating with IAS (overriding any environment variables).
IAS_PROXY_URL=http://proxy-us.intel.com:911/
# Set to non-zero to disable the use of a proxy server and force a
# direct connection when communicating with IAS (overriding any
# environment variables).
# IAS_DISABLE_PROXY=0
# Set to non-zero to enforce a strict attestation policy, which rejects
# enclaves that result in a GROUP_OUT_OF_DATE or CONFIGURATION_NEEDED
# response from IAS when verifying attestation evidence. Strict mode is
# DISABLED by default.
# POLICY_STRICT_TRUST=1
#======================================================================
# Debugging options
#======================================================================
# Set to non-zero for verbose output
VERBOSE=1
# Set to non-zero for debugging output
DEBUG=1