ipex-llm icon indicating copy to clipboard operation
ipex-llm copied to clipboard

Published 20 hours ago verified publisher icon intel-analytics

[PPML] Gramine MREnclave Enhancement

Open Uxito-Ada opened this issue 1 year ago • 0 comments

Description

Upgrade gramine SGX enclave to MREnclave, which is signed with hash values, and can be registered and attested by AS.

1. Why the change?

Eliminate the leakage risk caused by the insecurity of k8s secret. After the upgrade, no secret is needed to be hard-coded in the secure-argvs file anymore and every enclave can be attested, which makes users' enclave key and app safer.

2. User API changes

encalve-key.pem should not be mounted into container anymore.

3. Summary of the change

Implement a more secure PPML workflow and enhance Gramine through MREnclave. PPML Workflow with MREnclave

4. How to test?

Github action.

Uxito-Ada avatar Aug 25 '22 08:08 Uxito-Ada