config/build.config.toml - incubator-teaclave - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.

 # Teaclave Build Config

 # Intel Attestation Service root CA certificate to verify attestation report
 as_root_ca_cert = { path = "keys/ias_root_ca_cert.pem" }
 # For DCAP, use the following cert
 # as_root_ca_cert = { path = "keys/dcap_root_ca_cert.pem" }

 # Auditors' public keys to verify their endorsement signatures
 auditor_public_keys = [
     { path = "keys/auditors/godzilla/godzilla.public.pem" },
     { path = "keys/auditors/optimus_prime/optimus_prime.public.pem" },
     { path = "keys/auditors/albus_dumbledore/albus_dumbledore.public.pem"},
 ]

 # RPC max message size
 rpc_max_message_size = 409600

 # Validity in seconds for a remote attestation report and endorsed attested TLS config
 attestation_validity_secs = 3600

 # Specify accepted inbound services to enforce incoming connections via mutual
 # attestation. Below figure illustrates current topology of Teaclave services.
 #
 # clients => authentication <-+       +----> storage <----+
 #                             |       |                   |
 # clients => frontend ----------> management            scheduler <-- execution
 #                                     |
 #                                     +--> access_control
 #
 #                                                   =>      api endpoint connections
 #                                                   -> internal endpoint connections
 [inbound]
 access_control = ["teaclave_management_service"]
 authentication = ["teaclave_frontend_service"]
 storage        = ["teaclave_management_service", "teaclave_scheduler_service"]
 management     = ["teaclave_frontend_service"]
 scheduler      = ["teaclave_execution_service"]
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	# Teaclave Build Config

	# Intel Attestation Service root CA certificate to verify attestation report
	as_root_ca_cert = { path = "keys/ias_root_ca_cert.pem" }
	# For DCAP, use the following cert
	# as_root_ca_cert = { path = "keys/dcap_root_ca_cert.pem" }

	# Auditors' public keys to verify their endorsement signatures
	auditor_public_keys = [
	{ path = "keys/auditors/godzilla/godzilla.public.pem" },
	{ path = "keys/auditors/optimus_prime/optimus_prime.public.pem" },
	{ path = "keys/auditors/albus_dumbledore/albus_dumbledore.public.pem"},
	]

	# RPC max message size
	rpc_max_message_size = 409600

	# Validity in seconds for a remote attestation report and endorsed attested TLS config
	attestation_validity_secs = 3600

	# Specify accepted inbound services to enforce incoming connections via mutual
	# attestation. Below figure illustrates current topology of Teaclave services.
	#
	# clients => authentication <-+ +----> storage <----+
	# \| \| \|
	# clients => frontend ----------> management scheduler <-- execution
	# \|
	# +--> access_control
	#
	# => api endpoint connections
	# -> internal endpoint connections
	[inbound]
	access_control = ["teaclave_management_service"]
	authentication = ["teaclave_frontend_service"]
	storage = ["teaclave_management_service", "teaclave_scheduler_service"]
	management = ["teaclave_frontend_service"]
	scheduler = ["teaclave_execution_service"]