Dmitrii Kuvaiskii
Dmitrii Kuvaiskii
@mkow Sure. These are details which we can hash out while working on this. Ideally, as Borys mentions, we have a tool that by default pretty-prints all relevant SIGSTRUCT fields...
@vijaydhanraj Do you think it's doable and pretty simple to implement? Not right now of course, but in some near future.
@kailun-qin I don't think there are any blockers. We simply didn't have time to work on this. If you (or someone else) can pick it up and implement quickly --...
@kailun-qin Let's continue the discussion in your PR #847. Generally, I don't like your current approach, see my comments in that PR.
@AgentRX Let me see if I understand your attack scenario correctly. - You have the "base image" (e.g., Python interpreter) with the generic manifest like this: ``` sgx.enclave_size = "4G"...
If the flows I outlined above are correct, then I think you need to **harden the Secret Provisioning server**. The main problem is that the Secret Provisioning server updates keys...
Unrelated to the current discussion of these attack scenarios: We had a meeting today where we discussed the idea of hashed + encrypted Protected Files. Gramine developers are fine with...
> Good news. Will your team implement it or we can participate in developing? Our team will implement it. Currently Pawel is working on the Protected Files rewrite (the new...
> It could be great to allow use hash for unprotected files. The main problem with this approach is that `hash(plaintext-file)` reveals the information about the file: an attacker may...
Since we changed the name, we should also use `gramineproject.io` instead of the old `grapheneproject.io`.