Dmitrii Kuvaiskii
Dmitrii Kuvaiskii
> This is only the case for a specific implementation of specific PAL. Well, it's the case for all PALs currently, but that should not affect the overall arch design....
Agreed with your logic. > I guess we could add a manifest option for initial, virtualized uid. Yes, sounds like everyone is fine with this approach.
@anjalirx-intel @jinengandhi-intel Have you re-tried this test again after we agreed to update Stress-ng version? See discussion in https://github.com/oscarlab/graphene/issues/2419#issuecomment-878004114.
My assumption is that the new stress-ng version may fix this issue (since it looks related to the root cause of #2419). Anyway, assigning P1 for now and hope this...
@mkow Is this still relevant?
This should be still the case in current master (though I didn't verify). It's unclear though if applications use such patterns (using both read/write accesses and mmap accesses at the...
I agree that the "generate CSR in an enclave, send to a CA, receive the RA-TLS-enhanced certificate back" proposed by @g2flyer is reasonable. We can implement this, though I currently...
@prakashngit What about the alternative approach of a central attestation entity: https://github.com/oscarlab/graphene/issues/2208#issuecomment-810490870?
> I have a problem running the graphene commands above using absolute paths. You can't use different kinds of paths (absolute vs relative) when encrypting protected files (via `pf-crypt`) and...
> Otherwise I'd say it's another issue I noticed some time ago but never had time to investigate closer: if the app won't close all the handles explicitly and just...