nixos/aesmd: add option environment

This commit is contained in:
Vincent Haupert 2022-11-29 16:25:11 +01:00
parent 4e937f0d6b
commit dbff3c22c1
2 changed files with 21 additions and 2 deletions

View File

@ -25,6 +25,16 @@ in
default = false;
description = lib.mdDoc "Whether to build the PSW package in debug mode.";
};
environment = mkOption {
type = with types; attrsOf str;
default = { };
description = mdDoc "Additional environment variables to pass to the AESM service.";
# Example environment variable for `sgx-azure-dcap-client` provider library
example = {
AZDCAP_COLLATERAL_VERSION = "v2";
AZDCAP_DEBUG_LOG_LEVEL = "INFO";
};
};
quoteProviderLibrary = mkOption {
type = with types; nullOr path;
default = null;
@ -104,7 +114,7 @@ in
NAME = "aesm_service";
AESM_PATH = storeAesmFolder;
LD_LIBRARY_PATH = makeLibraryPath [ cfg.quoteProviderLibrary ];
};
} // cfg.environment;
# Make sure any of the SGX application enclave devices is available
unitConfig.AssertPathExists = [

View File

@ -28,7 +28,12 @@
specialisation = {
withQuoteProvider.configuration = { ... }: {
services.aesmd.quoteProviderLibrary = pkgs.sgx-azure-dcap-client;
services.aesmd = {
quoteProviderLibrary = pkgs.sgx-azure-dcap-client;
environment = {
AZDCAP_DEBUG_LOG_LEVEL = "INFO";
};
};
};
};
};
@ -89,5 +94,9 @@
ld_library_path = machine.succeed(f"xargs -0 -L1 -a /proc/{main_pid}/environ | grep LD_LIBRARY_PATH")
assert ld_library_path.startswith("LD_LIBRARY_PATH=${pkgs.sgx-azure-dcap-client}/lib:"), \
"LD_LIBRARY_PATH is not set to the configured quote provider library"
with subtest("aesmd.service with quote provider library has set AZDCAP_DEBUG_LOG_LEVEL"):
azdcp_debug_log_level = machine.succeed(f"xargs -0 -L1 -a /proc/{main_pid}/environ | grep AZDCAP_DEBUG_LOG_LEVEL")
assert azdcp_debug_log_level == "AZDCAP_DEBUG_LOG_LEVEL=INFO\n", "AZDCAP_DEBUG_LOG_LEVEL is not set to INFO"
'';
}