Dmitrii Kuvaiskii

Regarding the manifest syntax. I highly dislike the hack of `fs.mount.pf.allowed_files` proposed by Pawel. I think users must be forced to create per-file mount points in cases like this ("several...

Regarding the **renaming** feature: - Renaming of/to Trusted Files doesn't make sense and must be disallowed - Renaming of Allowed Files must only be allowed to another Allowed File (i.e.,...

I agree that maybe we can just rename everything :) I dislike the historical `allowed`, `trusted` and `protected` words. If redesigning this from scratch, I would go with two boolean...

I like Borys's suggestion: `allowed` -> `passthrough` `trusted` -> `hashed` (I don't like `measured` -- this word is associated with SGX measurements) `protected` -> `encrypted` I agree with Michal that...

How do we go about auto-generated `sgx.trusted_files.sha256` items? Where do we put these hash values? Like this? ``` [fs.mount.root] path = "/" uri = "file:./" shielding= "trusted" files = [...

I dislike solution number 3. What would we do with Trusted Files? Have a separate set of functions for them too? And how do we implement `DkStreamChangeName()` then? Do we...

> I'm almost convinced, but what worries me is that solution number 1 is breaking the precedent that "only PAL does crypto". Is that meaningful? Do you have any comment...

I confirm this. Me and Anjali (@anjalirai-intel) had a debug session. Neither of us has any clue why this discrepancy happens. @woju ?

Quick update: @woju said that it's hard to explain because Python's distribution for each OS distro (Ubuntu, CentOS, Arch, etc.) is slightly different, and those path finding routines are different...

@g302ge I looked at our Protected Files code, and I don't see any bug in there. I'm unsure why your code wouldn't flush the content of the file. In your...