Dmitrii Kuvaiskii

Jenkins, test this please

> What's the point of the split? If the 2nd struct is copied into LibOS, then it can be const as well. Purely for clear separation. Doesn't have to be...

Cool data race bug! No idea why it is not triggered on x86-64; it should happen. @boryspoplawski Isn't it better to ask the `execve`-ing thread to wait until Async thread...

Got it, thanks for the clarification about userspace vs kernel (Gramine internal) space. I didn't realize this.

> 1. Remove distlib Why is this needed? > 2. Increase enclave size This is actually the manifest of this problem: https://github.com/gramineproject/gramine/pull/938. So we should restrict the number of threads...

@DL8 You can look at this function and its comment: https://github.com/gramineproject/gramine/blob/master/common/src/protected_files/protected_files.c#L142-L145 Basically, yes, we mix a random value (nonce) with the KDK (key derivation key) to generate a newly derived...

> What about keys derived by the application (read directly from key derivation APIs)? What are these key derivation APIs? We don't expose such things in Gramine to the app.

@DL8 I see your point now. But this new helper `key_parameters` is... well, extremely hard to explain to users. At some point, Gramine needs to put limits on how configurable...

When you run this step: ``` gramine-sgx-pf-crypt encrypt -w files/wrap-key -i datasets/cd-sem -o datasets/cd-sem-enc ``` The `gramine-sgx-pf-crypt` tool must say something like `Make sure that you put the file under...

You specified `003efc4c8819de47ff11b5a0af7ba09aee7f5fc1` as the Gramine commit hash. I don't see such hash in Gramine. Are you sure that's a correct one? What version of Gramine are you actually using?