Borys Popławski

I think we should finally add some tool for pretty printing sigstructs, that would be much more useful. I don't think we need a separate Python API, existing functionality covers...

I think the problem is that you have one server holding all PF keys, which then forwards those keys to different enclaves. If you do that, then it's also your...

@dimakuv how does A and M have both the same `mrsignerA`??

> Because M stole manifest file of A So I can send an arbitrary `(mrenclave, mrsigner, PFkey)` tuple to the server and it gets accepted? That sounds like a big...

But why does your server allows anyone to change keys of other parties without verification?

>> But why does your server allows anyone to change keys of other parties without verification? >> > Our server like a task manager with upper level architecture. We simplified...

> The main problem with this approach is that hash(plaintext-file) reveals the information about the file Also this gives an oracle - given a plaintext (file) you can tell whether...

> would everyone be ok with just ignoring the syscall and returning 0 ? Definitely not, if something depends on it, it would break horribly. > there's no second process...

What's the issue here? Why would writing anything to `stderr` be considered an error? Debug logging is often done this way. Also this seems like https://github.com/gramineproject/gramine/issues/21 and in this case...

@lead4good `enclave_size` is enough (but `512GB` enclave is prooooobably not something you want to do). Btw `pal_internal_mem_size` is deprecated as of current master (but it's still there in Gramine v1.3.x,...