Skip to main content

CLI reference

After you've compiled your app with ego-go, use the ego tool to sign, run, and examine your enclave app.

Usage:

ego <command> [arguments]

Commands:

  • sign: Sign an executable built with ego-go
  • run: Run a signed executable in standalone mode
  • marblerun: Run a signed executable as a MarbleRun Marble
  • bundle: Bundle a signed executable with the current EGo runtime into a single executable
  • signerid: Print the SignerID of a signed executable
  • uniqueid: Print the UniqueID of a signed executable
  • env: Run a command in the EGo environment
  • install: Install drivers and other components

ego sign

Sign an executable built with ego-go

Synopsis

Sign an executable built with ego-go. Executables must be signed before they can be run in an enclave.

ego sign [executable | config.json]

Examples

  ego sign <executable>
Generates a new key "private.pem" and a default configuration "enclave.json" in the current directory and signs the executable.

ego sign
Searches in the current directory for "enclave.json" and signs the therein provided executable.

ego sign <config.json>
Signs an executable according to a given configuration.

Options

  -h, --help   help for sign

ego run

Run a signed executable in standalone mode

Synopsis

Run a signed executable in an enclave. You can pass arbitrary arguments to the enclave.

Environment variables are only readable from within the enclave if they start with EDG_.

Set OE_SIMULATION=1 to run in simulation mode. Set EDG_LOG_FORMAT=json to enable JSON-structured logs for EGo's startup code.

ego run <executable> [args...]

ego marblerun

Run a signed executable as a MarbleRun Marble

Synopsis

Run a signed executable as a MarbleRun Marble. Requires a running MarbleRun Coordinator instance. Environment variables are only readable from within the enclave if they start with EDG_ and will be extended/overwritten with the ones specified in the manifest.

Requires the following configuration environment variables: EDG_MARBLE_COORDINATOR_ADDR The Coordinator address EDG_MARBLE_TYPE The type of this Marble (as specified in the manifest) EDG_MARBLE_DNS_NAMES The alternative DNS names for this Marble's TLS certificate EDG_MARBLE_UUID_FILE The location where this Marble will store its UUID

Set OE_SIMULATION=1 to run in simulation mode. Set EDG_LOG_FORMAT=json to enable JSON-structured logs for EGo's startup code.

ego marblerun <executable>

Options

  -h, --help   help for marblerun

ego bundle

Bundle a signed executable with the current EGo runtime into a single executable

Synopsis

Bundles a signed executable with the current EGo runtime into a single all-in-one executable.

Use this option to run your enclave on systems that don't have EGo installed or have a different version.

Note that the SGX driver and libraries still need to be installed on the target system to execute the bundled executable without issues.

If no output filename is specified, the output binary will be created with the same name as the source executable, appended with -bundle.

ego bundle <executable> [output]

Options

  -h, --help   help for bundle

ego signerid

Print the SignerID of a signed executable

Synopsis

Print the SignerID either from a signed executable or by reading a key file.

ego signerid <executable | key.pem>

Options

  -h, --help   help for signerid

ego uniqueid

Print the UniqueID of a signed executable

Synopsis

Print the UniqueID of a signed executable.

ego uniqueid <executable>

Options

  -h, --help   help for uniqueid

ego env

Run a command in the EGo environment

Synopsis

Run a command within the EGo environment.

ego env ...

Examples

  ego env make
Builds a Go project that uses a Makefile.

ego install

Install drivers and other components

Synopsis

Install drivers and other components. The components that you can install depend on your operating system and its version. Use "ego install" to list the available components for your system.

ego install [component]

Options

  -h, --help   help for install