Loading nixos/modules/services/security/aesmd.nix +14 −8 Original line number Diff line number Diff line { config, options, pkgs, lib, ... }: with lib; let inherit (lib) concatStringsSep literalExpression makeLibraryPath mkEnableOption mkForce mkIf mkOption mkPackageOption mkRemovedOptionModule optional types; cfg = config.services.aesmd; opt = options.services.aesmd; sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; }; sgx-psw = cfg.package; configFile = with cfg.settings; pkgs.writeText "aesmd.conf" ( concatStringsSep "\n" ( Loading @@ -18,13 +20,17 @@ let ); in { imports = [ (mkRemovedOptionModule [ "debug" ] '' Enable debug mode by overriding the aesmd package directly: services.aesmd.package = pkgs.sgx-psw.override { debug = true; }; '') ]; options.services.aesmd = { enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX"; debug = mkOption { type = types.bool; default = false; description = "Whether to build the PSW package in debug mode."; }; package = mkPackageOption pkgs "sgx-psw" { }; environment = mkOption { type = with types; attrsOf str; default = { }; Loading Loading @@ -126,7 +132,7 @@ in "|/dev/sgx_enclave" ]; serviceConfig = rec { serviceConfig = { ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" '' set -euo pipefail whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin" Loading Loading
nixos/modules/services/security/aesmd.nix +14 −8 Original line number Diff line number Diff line { config, options, pkgs, lib, ... }: with lib; let inherit (lib) concatStringsSep literalExpression makeLibraryPath mkEnableOption mkForce mkIf mkOption mkPackageOption mkRemovedOptionModule optional types; cfg = config.services.aesmd; opt = options.services.aesmd; sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; }; sgx-psw = cfg.package; configFile = with cfg.settings; pkgs.writeText "aesmd.conf" ( concatStringsSep "\n" ( Loading @@ -18,13 +20,17 @@ let ); in { imports = [ (mkRemovedOptionModule [ "debug" ] '' Enable debug mode by overriding the aesmd package directly: services.aesmd.package = pkgs.sgx-psw.override { debug = true; }; '') ]; options.services.aesmd = { enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX"; debug = mkOption { type = types.bool; default = false; description = "Whether to build the PSW package in debug mode."; }; package = mkPackageOption pkgs "sgx-psw" { }; environment = mkOption { type = with types; attrsOf str; default = { }; Loading Loading @@ -126,7 +132,7 @@ in "|/dev/sgx_enclave" ]; serviceConfig = rec { serviceConfig = { ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" '' set -euo pipefail whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin" Loading
