Loading nixos/modules/services/security/aesmd.nix +11 −1 Original line number Diff line number Diff line Loading @@ -25,6 +25,16 @@ in default = false; description = lib.mdDoc "Whether to build the PSW package in debug mode."; }; environment = mkOption { type = with types; attrsOf str; default = { }; description = mdDoc "Additional environment variables to pass to the AESM service."; # Example environment variable for `sgx-azure-dcap-client` provider library example = { AZDCAP_COLLATERAL_VERSION = "v2"; AZDCAP_DEBUG_LOG_LEVEL = "INFO"; }; }; quoteProviderLibrary = mkOption { type = with types; nullOr path; default = null; Loading Loading @@ -104,7 +114,7 @@ in NAME = "aesm_service"; AESM_PATH = storeAesmFolder; LD_LIBRARY_PATH = makeLibraryPath [ cfg.quoteProviderLibrary ]; }; } // cfg.environment; # Make sure any of the SGX application enclave devices is available unitConfig.AssertPathExists = [ Loading nixos/tests/aesmd.nix +10 −1 Original line number Diff line number Diff line Loading @@ -28,7 +28,12 @@ specialisation = { withQuoteProvider.configuration = { ... }: { services.aesmd.quoteProviderLibrary = pkgs.sgx-azure-dcap-client; services.aesmd = { quoteProviderLibrary = pkgs.sgx-azure-dcap-client; environment = { AZDCAP_DEBUG_LOG_LEVEL = "INFO"; }; }; }; }; }; Loading Loading @@ -89,5 +94,9 @@ ld_library_path = machine.succeed(f"xargs -0 -L1 -a /proc/{main_pid}/environ | grep LD_LIBRARY_PATH") assert ld_library_path.startswith("LD_LIBRARY_PATH=${pkgs.sgx-azure-dcap-client}/lib:"), \ "LD_LIBRARY_PATH is not set to the configured quote provider library" with subtest("aesmd.service with quote provider library has set AZDCAP_DEBUG_LOG_LEVEL"): azdcp_debug_log_level = machine.succeed(f"xargs -0 -L1 -a /proc/{main_pid}/environ | grep AZDCAP_DEBUG_LOG_LEVEL") assert azdcp_debug_log_level == "AZDCAP_DEBUG_LOG_LEVEL=INFO\n", "AZDCAP_DEBUG_LOG_LEVEL is not set to INFO" ''; } Loading
nixos/modules/services/security/aesmd.nix +11 −1 Original line number Diff line number Diff line Loading @@ -25,6 +25,16 @@ in default = false; description = lib.mdDoc "Whether to build the PSW package in debug mode."; }; environment = mkOption { type = with types; attrsOf str; default = { }; description = mdDoc "Additional environment variables to pass to the AESM service."; # Example environment variable for `sgx-azure-dcap-client` provider library example = { AZDCAP_COLLATERAL_VERSION = "v2"; AZDCAP_DEBUG_LOG_LEVEL = "INFO"; }; }; quoteProviderLibrary = mkOption { type = with types; nullOr path; default = null; Loading Loading @@ -104,7 +114,7 @@ in NAME = "aesm_service"; AESM_PATH = storeAesmFolder; LD_LIBRARY_PATH = makeLibraryPath [ cfg.quoteProviderLibrary ]; }; } // cfg.environment; # Make sure any of the SGX application enclave devices is available unitConfig.AssertPathExists = [ Loading
nixos/tests/aesmd.nix +10 −1 Original line number Diff line number Diff line Loading @@ -28,7 +28,12 @@ specialisation = { withQuoteProvider.configuration = { ... }: { services.aesmd.quoteProviderLibrary = pkgs.sgx-azure-dcap-client; services.aesmd = { quoteProviderLibrary = pkgs.sgx-azure-dcap-client; environment = { AZDCAP_DEBUG_LOG_LEVEL = "INFO"; }; }; }; }; }; Loading Loading @@ -89,5 +94,9 @@ ld_library_path = machine.succeed(f"xargs -0 -L1 -a /proc/{main_pid}/environ | grep LD_LIBRARY_PATH") assert ld_library_path.startswith("LD_LIBRARY_PATH=${pkgs.sgx-azure-dcap-client}/lib:"), \ "LD_LIBRARY_PATH is not set to the configured quote provider library" with subtest("aesmd.service with quote provider library has set AZDCAP_DEBUG_LOG_LEVEL"): azdcp_debug_log_level = machine.succeed(f"xargs -0 -L1 -a /proc/{main_pid}/environ | grep AZDCAP_DEBUG_LOG_LEVEL") assert azdcp_debug_log_level == "AZDCAP_DEBUG_LOG_LEVEL=INFO\n", "AZDCAP_DEBUG_LOG_LEVEL is not set to INFO" ''; }
