-
Notifications
You must be signed in to change notification settings - Fork 0
/
policy.in
33 lines (27 loc) · 1.43 KB
/
policy.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Enclave policy file. Determines which enclaves are accept by the
# service provider (after their quote data has been verified).
#
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# This file is generated from policy.in after the signed enclave file is
# created. MRSIGNER is calculated from Enclave.signed.so, and the
# other values are hardcoded.
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# This hex string should match the signer of the enclave. This is used to
# prevent unauthorized enclaves (those from unrecognized ISVs/developers)
# from using the remote service.
MRSIGNER=@MRSIGNER@
# This hex string should match the measurement of the enclave code, also
# know as the enclave hash. This is used to prevent unauthorized enclaves
# (those with a different hash) from using the remote service.
MRENCLAVE=@MRENCLAVE@
# The product ID for the enclave. This must match the ProdId in the
# enclave confgiruation file.
PRODID=0
# The ISV software version number (ISV SVN) must be >= this value. This
# allows service providers to enforce a minimum enclave version to utilize
# the remote service. ISV SVN is set in the enclave configuration file.
MIN_ISVSVN=1
# Set to 1 to allow enclaves compiled in DEBUG mode (this sample code uses
# debug mode). Otherwise, set to 0 to force only production (non-debuggable)
# enclaves. A production service should never allow debug-mode enclaves.
ALLOW_DEBUG=1