#nitro #enclave #aws #low-level #file-path #eif

app eif_build

This CLI tool provides a low level path to assemble an enclave image format (EIF) file used in AWS Nitro Enclaves

2 releases

0.2.1 Sep 9, 2024
0.2.0 Sep 9, 2024

#430 in Hardware support

Apache-2.0

120KB
2K SLoC

eif_build

status version docs msrv

This CLI tool provides a low level path to assemble an enclave image format (EIF) file used in AWS Nitro Enclaves.

Security

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License.

Building

To compile the eif_build tool, run

$ cargo build --all --release

The resulting binary will be under ./target/release/eif_build.

Usage

Enclave image format builder
Builds an eif file

USAGE:
    eif_build [OPTIONS] --kernel <FILE> --cmdline <String> --output <FILE> --ramdisk <FILE>

OPTIONS:
        --arch <(x86_64|aarch64)>
            Sets image architecture [default: x86_64]

        --build-time <build_time>
            Overrides image build time. [default: 2024-07-09T17:16:38.424202433+00:00]

        --build-tool <build_tool>
            Image build tool name. [default: eif_build]

        --build-tool-version <build_tool_version>
            Overrides image build tool version. [default: 0.2.0]

        --cmdline <String>
            Sets the cmdline

    -h, --help
            Print help information

        --img-kernel <img_kernel>
            Overrides image Operating System kernel version. [default: "Unknown version"]

        --img-os <img_os>
            Overrides image Operating System name. [default: "Generic Linux"]

        --kernel <FILE>
            Sets path to a bzImage/Image file for x86_64/aarch64 architecture

        --kernel_config <FILE>
            Sets path to a bzImage.config/Image.config file for x86_64/aarch64 architecture

        --metadata <metadata>
            Path to JSON containing the custom metadata provided by the user.

        --name <image_name>
            Name for enclave image

        --output <FILE>
            Specify output file path

        --private-key <private-key>
            Specify the path to the private-key

        --ramdisk <FILE>
            Sets path to a ramdisk file representing a cpio.gz archive

        --signing-certificate <signing-certificate>
            Specify the path to the signing certificate

        --version <image_version>
            Version of the enclave image

Dependencies

~6–13MB
~162K SLoC