Update README to explain the new Occlum.json format

2020-06-05 04:14:38 +00:00 · 2020-06-05 04:14:38 +00:00 · 37ca75da47
commit 37ca75da47
parent ffbae880f2
1 changed files with 28 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -65,10 +65,16 @@ The `occlum run` command starts up an Occlum SGX enclave, which, behind the scen
 Occlum can be configured easily via a config file named `Occlum.json`, which is generated by the `occlum init` command in the Occlum context directory. The user can modify `Occlum.json` to config Occlum. A sample of `Occlum.json` is shown below. Some comments are added to provide a brief explanation.
 ```
 {
-    // Virtual memory
-    "vm": {
-        // The size of memory available for use by LibOS processes
-        "user_space_size": "128MB"
+    // Resource limits
+    "resource_limits": {
+        // The total size of enclave memory available to LibOS processes
+        "user_space_size": "256MB",
+        // The heap size of LibOS kernel
+        "kernel_space_heap_size": "32MB",
+        // The stack size of LibOS kernel
+        "kernel_space_stack_size": "1MB",
+        // The max number of LibOS threads/processes
+        "max_num_of_threads": 32
    },
    // Process
    "process": {
@ -79,6 +85,14 @@ Occlum can be configured easily via a config file named `Occlum.json`, which is
        // The max size of memory by mmap syscall
        "default_mmap_size": "32MB"
    },
+    // Entry points
+    //
+    // Entry points specify all valid path prefixes for <path> in `occlum run
+    // <path> <args>`. This prevents outside attackers from executing arbitrary
+    // commands inside an Occlum-powered enclave.
+    "entry_points": [
+        "/bin"
+    ],
    // Environment variables
    //
    // This gives a list of environment variables for the "root"
@ -96,14 +110,16 @@ Occlum can be configured easily via a config file named `Occlum.json`, which is
            "EXAMPLE"
        ]
    },
-    // Entry points
-    //
-    // Entry points specify all valid path prefixes for <path> in `occlum run
-    // <path> <args>`. This prevents outside attackers from executing arbitrary
-    // commands inside an Occlum-powered enclave.
-    "entry_points": [
-        "/bin"
-    ],
+    // Enclave metadata
+    "metadata": {
+        // Enclave signature structure's ISVPRODID field
+        "product_id": 0,
+        // Enclave signature structure's ISVSVN field
+        "version_number": 0,
+        // Whether the enclave is debuggable through special SGX instructions.
+        // For production enclave, it is IMPORTANT to set this value to false.
+        "debuggable": true
+    },
    // Mount points and their file systems
    //
    // Limitation: configuring mount points by modifying this config file is not