config/build.config.toml - incubator-teaclave - Git at Google

 # Teaclave Build Config

 # Intel Attestation Service root CA certificate to verify attestation report
 as_root_ca_cert = { path = "keys/ias_root_ca_cert.pem" }
 # For DCAP, use the following cert
 # as_root_ca_cert = { path = "keys/dcap_root_ca_cert.pem" }

 # Auditors' public keys to verify their endorsement signatures
 auditor_public_keys = [
     { path = "keys/auditors/godzilla/godzilla.public.pem" },
     { path = "keys/auditors/optimus_prime/optimus_prime.public.pem" },
     { path = "keys/auditors/albus_dumbledore/albus_dumbledore.public.pem"},
 ]

 # RPC max message size
 rpc_max_message_size = 409600

 # Validity in seconds for a remote attestation report and endorsed attested TLS config
 attestation_validity_secs = 3600

 # Specify accepted inbound services to enforce incoming connections via mutual
 # attestation. Below figure illustrates current topology of Teaclave services.
 #
 # clients => authentication <-+       +----> storage <----+
 #                             |       |                   |
 # clients => frontend ----------> management            scheduler <-- execution
 #                                     |
 #                                     +--> access_control
 #
 #                                                   =>      api endpoint connections
 #                                                   -> internal endpoint connections
 [inbound]
 access_control = ["teaclave_management_service"]
 authentication = ["teaclave_frontend_service"]
 storage        = ["teaclave_management_service", "teaclave_scheduler_service"]
 management     = ["teaclave_frontend_service"]
 scheduler      = ["teaclave_execution_service"]
	# Teaclave Build Config

	# Intel Attestation Service root CA certificate to verify attestation report
	as_root_ca_cert = { path = "keys/ias_root_ca_cert.pem" }
	# For DCAP, use the following cert
	# as_root_ca_cert = { path = "keys/dcap_root_ca_cert.pem" }

	# Auditors' public keys to verify their endorsement signatures
	auditor_public_keys = [
	{ path = "keys/auditors/godzilla/godzilla.public.pem" },
	{ path = "keys/auditors/optimus_prime/optimus_prime.public.pem" },
	{ path = "keys/auditors/albus_dumbledore/albus_dumbledore.public.pem"},
	]

	# RPC max message size
	rpc_max_message_size = 409600

	# Validity in seconds for a remote attestation report and endorsed attested TLS config
	attestation_validity_secs = 3600

	# Specify accepted inbound services to enforce incoming connections via mutual
	# attestation. Below figure illustrates current topology of Teaclave services.
	#
	# clients => authentication <-+ +----> storage <----+
	# \| \| \|
	# clients => frontend ----------> management scheduler <-- execution
	# \|
	# +--> access_control
	#
	# => api endpoint connections
	# -> internal endpoint connections
	[inbound]
	access_control = ["teaclave_management_service"]
	authentication = ["teaclave_frontend_service"]
	storage = ["teaclave_management_service", "teaclave_scheduler_service"]
	management = ["teaclave_frontend_service"]
	scheduler = ["teaclave_execution_service"]