Gordon King

I don't think the `dev. signing` should be bound to this process, it adds another layer of complexity while being coupled with `dev. private key`, the signing tool just need...

Based on our discussion and review, this proposal contains some implicit requirements to signing facility and it looks not compatible with the protocol which described in [SGX Developer Reference](https://download.01.org/intel-sgx/sgx-linux/2.11/docs/Intel_SGX_Developer_Reference_Linux_2.11_Open_Source.pdf) P20,...

Please refer to the two-steps signing feature request gramineproject/graphene#2617 as well, you can find an attached screenshot over there. thanks.

It is great to explore this possiblity, thanks.

This feature is expected to add a Redis backed memory service for durable objects. the memory persistent API needs to get satisfied. In addition, it is special as it extends...

Yes, it is a feature request. The Inclavare is a first container runtime that focus on managing trusted containers in Intel SGX enclave. they are a major player of Confidential...

@dimakuv it is for `allowed files` and yes, a manifest option would be sufficient for users to enable this mode for writable file-back mapping in untrusted memory address space. thanks.

@mythi Thank you for the experiments. It is good to know that the getenv(...) can get updated environment variable values at runtime. Additionally, to keep the token refreshed periodically (5mins),...

@mythi We can of course offer various solutions with corresponding limitations to our customers. However, if we want to make our solution applicable to production environment, we must evaluate those...