Dmitrii Kuvaiskii

icon indicating a website link https://dimakuv.github.io/ icon indicating an email [email protected]

icon company AWS icon location Dresden, Germany icon location Low-level programming, OS kernels, security, confidential computing, CPUs

Results 681 comments of Dmitrii Kuvaiskii

`Nginx` performance degradation in `Gramine-SGX` attributed to SHA256 hashing

> Why rlimit? 1. Because this would also allow applications (that can be modified to use Gramine-specific features) to adjust this limit at run time. Instead of having to calculate...

`Nginx` performance degradation in `Gramine-SGX` attributed to SHA256 hashing

> And I'm not sure anyone will actually modify the app to dynamically adjust this, people usually just use some existing apps like nginx already mentioned here? We see more...

`Nginx` performance degradation in `Gramine-SGX` attributed to SHA256 hashing

@sahason There are actually two algorithms at play: 1. On the open of the file, the whole file is read and its hash is compared against the one in `sgx.trusted_files`....

Gramine runtime does not build dcap on debian

> Any particular reason for enabling dcap only for Ubuntu? > > From git blame, seems like the if statement I removed for my local experiment should be more like:...

Gramine runtime does not build dcap on debian

@szymek156 Thanks for this exploration! Can you try adding these lines: https://github.com/gramineproject/gsc/blob/fcf96546f4a23a4e6bcc6a14d80cf1521c018fc9/templates/debian/Dockerfile.compile.template#L44-L45 To the Dockerfile.build file, somewhere after here: https://github.com/gramineproject/gsc/blob/fcf96546f4a23a4e6bcc6a14d80cf1521c018fc9/templates/debian/Dockerfile.build.template#L47 I think your original suspicion is correct, and we miss...

Gramine runtime does not build dcap on debian

> Maybe installing `libsgx-dcap-default-qpl-dev` was a mistake on a first place? No, this sounds correct. > The file already exists (as expected) and dpkg expects user interaction, but will not...

Gramine runtime does not build dcap on debian

Hm, isn't it enough to add `libsgx-dcap-default-qpl-dev` to this line: https://github.com/gramineproject/gsc/blob/3168b08b36d6367488d1e02ae9a378b570ac0afa/templates/debian/Dockerfile.compile.template#L45

Gramine runtime does not build dcap on debian

Btw, officially Intel SGX SDK/PSW/DCAP is *not* supported on Debian, at least I don't see the corresponding packages here: https://download.01.org/intel-sgx/sgx_repo So I'm not sure it would be correct for GSC...

Gramine runtime does not build dcap on debian

@szymek156 Looks like you found a recently introduced regression bug in GSC. I created PR https://github.com/gramineproject/gsc/pull/216 to fix it. Can you try it?

Gramine runtime does not build dcap on debian

@szymek156 I'm also not sure :) Could it be that this line that installs the DCAP QuoteVerification package also installs the QPL-dev package? https://github.com/gramineproject/gsc/blob/3168b08b36d6367488d1e02ae9a378b570ac0afa/templates/debian/Dockerfile.compile.template#L45