Skip to content

Commit

Permalink
aesmd: allow overriding sgx-psw package manually
Browse files Browse the repository at this point in the history
  • Loading branch information
phlip9 committed Nov 2, 2024
1 parent 2d0e1f8 commit 6524b07
Showing 1 changed file with 14 additions and 8 deletions.
22 changes: 14 additions & 8 deletions nixos/modules/services/security/aesmd.nix
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
{ config, options, pkgs, lib, ... }:
with lib;
let
inherit (lib) concatStringsSep literalExpression makeLibraryPath mkEnableOption
mkForce mkIf mkOption mkPackageOption mkRemovedOptionModule optional types;

cfg = config.services.aesmd;
opt = options.services.aesmd;

sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; };
sgx-psw = cfg.package;

configFile = with cfg.settings; pkgs.writeText "aesmd.conf" (
concatStringsSep "\n" (
Expand All @@ -18,13 +20,17 @@ let
);
in
{
imports = [
(mkRemovedOptionModule [ "debug" ] ''
Enable debug mode by overriding the aesmd package directly:
services.aesmd.package = pkgs.sgx-psw.override { debug = true; };
'')
];

options.services.aesmd = {
enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX";
debug = mkOption {
type = types.bool;
default = false;
description = "Whether to build the PSW package in debug mode.";
};
package = mkPackageOption pkgs "sgx-psw" { };
environment = mkOption {
type = with types; attrsOf str;
default = { };
Expand Down Expand Up @@ -126,7 +132,7 @@ in
"|/dev/sgx_enclave"
];

serviceConfig = rec {
serviceConfig = {
ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" ''
set -euo pipefail
whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin"
Expand Down

0 comments on commit 6524b07

Please sign in to comment.