Dmitrii Kuvaiskii
Dmitrii Kuvaiskii
> How would would we decide which apps are ok/safe to run, if they are not reflected in manifest (hence MRENCLAVE)? I guess the logic will be something like this:...
> ou can read /proc/pid/cmdline or something inside Gramine to get the current running app. Also you probably know already which app is currently running, so I really don't see...
> But the code handling remove attestation could just handle this - it knows when / in what app it runs What are we talking about? Sorry, I am confused...
> You can have any data appended (possibly encrypted) and embed hash of it in user data. But how are you gonna check it? We currently use `sgx_report.user_data` for the...
> My point is that this is not a security feature (as explained before)... I guess I agree with this. It doesn't really add more security. It just makes attestation...
> As I said, you can append any data and send it together with the report. The data can be anything, including the binary name - you just verify that...
Thanks @DL8 for the great overview! Let me summarize the important hardware-enforced properties of the new CONFIGID field: 1. CONFIGID is a new measurement field that can contain arbitrary data...
> 1. A different key is derived per `CONFIGSVN` @DL8 Did you make a typo here? Did you mean "...derived per `CONFIGID`"? > Is `ISVPRODID` exposed to the enclave? If...
Ok, so now we all agree that the main benefit of `CONFIGID` is for local file sealing -- so that only the instance of the enclave that was started with...
We're starting to go in circles... We still have a group of people (myself, @mkow, @boryspoplawski, @BFuhry) that doesn't see the necessity in KSS (other than convenience). > 1. The...