180protocol icon indicating copy to clipboard operation
180protocol copied to clipboard

Published 20 hours ago verified publisher icon 180Protocol

Modify aggregation workflows to support multiple enclave frameworks

Open shukpa opened this issue 3 years ago • 6 comments

Is your feature request related to a problem? Please describe. Support multiple enclave messaging frameworls

Describe the solution you'd like Currently only R3 Conclave is supported for messaging and runtime for enclaves. We need to create a layer of abstraction over Conclave specific primitives within our workflows. This will allow us to plug into the enclave messaging layer and runtimes (Conclave, Anjuna).

Edit 23/06/2022 After research on several frameworks we have decieded to build the first non-Conclave integration with Anjuna.io

shukpa avatar Feb 11 '22 11:02 shukpa

As it has been decided to move towards "Enarx" from "Conclave" as confidential computing component, the primary things needed to be considered as below. -> Some plug-in kind of interface needs to be developed between corda network & TEE(Trusted Execution Environment) -> Rust & WASM(web-assembly Runtime) technologies needs to be added into whole tech-stack of product. Majority of the source is available as Rust implementation. -> The core benefit of using Enarx is to support both "SEV" & "SGX" hardwares as TEE without having different implementation for both different interface. Both type of TEE could be supported internally into ENARX by "shim" management. -> Things to figure out is Enarx available as production ready or Still in Beta mode. -> Also needs some research about a way to bind web-assembly runtime to different modules created with different technologies like Java, Go, C++.
-> As of now Enarx docs suggest testing of "keeps"(Enclave) is available, but procedure to achieve that testing implementation is not clear. So need to work on that to find out.

hiteshvpatel256 avatar Feb 22 '22 05:02 hiteshvpatel256

"Wasmtime" needs to studied thoroughly to take advantage of Enarx platform & it's components.

hiteshvpatel256 avatar Feb 25 '22 05:02 hiteshvpatel256

Moving toward "CCF" (https://github.com/microsoft/CCF) to investigate confidential computing part and resolve current use case problem.

hiteshvpatel256 avatar Mar 01 '22 06:03 hiteshvpatel256

Enarx Updates: Able to run sample application from WASMTIME. Now need to find out reason for not loading assembly module(Sample applicatin) into ENARX Keeps. Note: WASMTIME is runtime where standalone assembly script can be executed as application. we can build this asembly script by converting regular code written(into java, c++, rust, go) with help of wasm32-wasi tool Need to find out weather Enarx load assembly script with WASMTIME, if not then what similar execution environment it uses to load assembly module

hiteshvpatel256 avatar Mar 03 '22 14:03 hiteshvpatel256

Apache Teaclave Updates:

  • Able to run teaclave services in simulation environment. Service side architecture is still unknown & log management module for running services needs to be identified further.
  • Sample application works fine with teaclave platform. Also client side SDK works fine & manageable with api given into main repo.
  • Teaclave front-end service & client service communicate with RPC channel. No explanation provided in docs for working of teaclave services & data flow between those services.
  • Attestation services will only work with SGX platform, but current experience with AZURE cloud VM instance deployment points to broken build process because of unresolved dependencies.

hiteshvpatel256 avatar Mar 14 '22 15:03 hiteshvpatel256

Enarx Updates:

  • Not generating build with steps given in documentation for Azure SGX VM instance. Giving some sort of compile error related to wasmdlr files.
  • With local machine, it generates build but not loading KVM module for simulation mode.

hiteshvpatel256 avatar Mar 14 '22 15:03 hiteshvpatel256