Logo trust|me

Containers and GuestOSes

Containers and guest operating systems

Each container has a corresponding configuration file defining its key features. Every container runs a certain operating system, which also has to be defined in a configuration file. Note that several containers may run the same operating system.

Both container and OS configuration file formats are composed of several key: value lines. A detailed description of the container configuration can be found here; the guestOS configuration is described here.

Basic trust|me operation

trust|me is operated using a socket-based interface. This interface is used by the control command-line tool, which is installed together with trust|me. It is available from the privileged container (core0) and the debugging shell of CML. This tool is just for basic usage and demonstration of the control interface. For productive use cases an implementation of the protobuf-based control interface should be used, for instance in a web-based UI.

The control tool allows administration and configuration of the trust|me platform, such as creating and starting containers, running a given command inside a container, etc. The available actions are listed below.

Usually, container specific commands use the container-uuid as parameter to identify the corresponding container. However, for convenience also the container name could be used. However, if you have several containers with the same name, always the first matching one is used. In that case, you have to specify the UUID to address all containers.