Skip to content

Add ability to fortanix-vme-runner to run raw ELF files in simulation mode #860

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Taowyoo merged 3 commits into from
Feb 3, 2026
Merged

Add ability to fortanix-vme-runner to run raw ELF files in simulation mode #860

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
44e5e57
Add ability to fortanix-vme-runner to run raw ELF files in simulation…
Jan 21, 2026
912d4db
Merge branch 'master' into jb/fortanix-vme-runner-raw-elf-sim
Taowyoo Jan 30, 2026
86c6b16
feat: create `read_eif_with_metadata` helper function for EIF parsing…
Taowyoo Feb 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions fortanix-vme/fortanix-vme-eif/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ use tempfile::{self, NamedTempFile};
mod initramfs;
mod error;

pub mod eif_types {
pub use aws_nitro_enclaves_image_format::defs::{EifIdentityInfo, EifHeader, EifSectionHeader};
}

pub use error::Error;
pub use aws_nitro_enclaves_image_format::defs::EifSectionType;

Expand Down
53 changes: 38 additions & 15 deletions fortanix-vme/fortanix-vme-runner/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
use clap::Parser;
use fortanix_vme_eif::FtxEif;
use fortanix_vme_eif::{eif_types::EifIdentityInfo, FtxEif};
use fortanix_vme_abi::SERVER_PORT;
use fortanix_vme_runner::{EnclaveRunner, NitroEnclaves, Platform, Simulator, SimulatorArgs};
use nitro_cli::common::commands_parser::{RunEnclavesArgs as NitroArgs};
use std::convert::TryFrom;
use std::fs::File;
use std::io::{BufReader, Error as IoError, ErrorKind as IoErrorKind, Write};
use std::io::{BufReader, Error as IoError, ErrorKind as IoErrorKind, Read, Seek, Write};
use std::os::unix::fs::OpenOptionsExt;
use std::path::PathBuf;

Expand All @@ -30,6 +30,10 @@ struct Cli {
#[arg(short, long)]
simulate: bool,

/// `ENCLAVE_FILE` points to an ELF, not an EIF (only available in simulation mode)
#[arg(long, requires("simulate"))]
elf: bool,

#[arg(short, long)]
verbose: bool,

Expand Down Expand Up @@ -111,31 +115,50 @@ fn create_runner<P: Platform + 'static>() -> EnclaveRunner<P> {
}

fn main() {
struct ReadEifResult<T> {
eif: FtxEif<T>,
metadata: EifIdentityInfo,
}
fn read_eif(enclave_file: &str) -> ReadEifResult<impl Read + Seek> {
let f = File::open(enclave_file).expect("Failed to open enclave file");
let mut eif = FtxEif::new(BufReader::new(f));
let metadata = eif.metadata().expect("Failed to parse metadata");
ReadEifResult { eif, metadata }
}
Copy link
Contributor

@sardok sardok Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice to have ReadEifResult & read_eif in lib.rs. The runner in mono repo would be using fortanix-vme-runner as library.

Copy link
Collaborator

@Taowyoo Taowyoo Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added a commit for this, please review and approve @sardok


let cli = Cli::parse();
let eif = File::open(&cli.enclave_file).expect("Failed to open enclave file");
let mut eif = FtxEif::new(BufReader::new(eif));
let metadata = eif.metadata()
.expect("Failed to parse metadata");

if cli.simulate {
env_logger::init();

//TODO also extract env/cmd file and make sure the application is executed with this
//context
let elf = eif.application()
.expect("Failed to parse enclave file");
let elf_path = create_elf(elf)
.expect("Failed to create executable file");
let elf_path: PathBuf;
let img_name;

if cli.elf {
elf_path = cli.enclave_file.into();
img_name = elf_path.file_name().unwrap_or_default().display().to_string();
} else {
let ReadEifResult { mut eif, metadata } = read_eif(&cli.enclave_file);
//TODO also extract env/cmd file and make sure the application is executed with this
//context
let elf = eif.application()
.expect("Failed to parse enclave file");
elf_path = create_elf(elf)
.expect("Failed to create executable file");

img_name = metadata.img_name;

log(&cli, &format!("Simulating enclave as {}", elf_path.display()));
}

log(&cli, &format!("Simulating enclave as {}", elf_path.display()));
let mut runner: EnclaveRunner<Simulator> = create_runner();
let args = SimulatorArgs::new(elf_path);
runner.run_enclave(args, metadata.img_name, cli.args).expect("Failed to run enclave");
runner.run_enclave(args, img_name, cli.args).expect("Failed to run enclave");
runner.wait();
} else {
let mut runner: EnclaveRunner<NitroEnclaves> = create_runner();
let args: NitroArgs = TryFrom::try_from(&cli).expect("Failed to parse arguments");
runner.run_enclave(args, metadata.img_name, cli.args).expect("Failed to run enclave");
runner.run_enclave(args, read_eif(&cli.enclave_file).metadata.img_name, cli.args).expect("Failed to run enclave");
runner.wait();
};
}