sgx-lkl icon indicating copy to clipboard operation
sgx-lkl copied to clipboard

Published 20 hours ago verified publisher icon lsds

Re-structure SGX-LKL options with respect to attestation

Open davidchisnall opened this issue 4 years ago • 2 comments

We need to clean up the configuration options of SGX-LKL:

  1. We should go over the options supported by sgx-lkl-run and remove ones that are no longer necessary.

  2. The remaining ones should be divided into three groups:

    a. Debug options, which are only available in the DEBUG build of SGX-LKL.

    b. Host options, which only impact the operation of the launcher but otherwise have no correctness implications for the enclave.

    c. Enclave options, which impact the behaviour of the enclave and therefore their values must be included in the attestation. Only the parameters in this category are exposed in the attestation

  3. In addition, we need to support JSON configuration files for (i) the host configuration options (a+b) and enclave app_config (c). In RELEASE mode, the enclave app_config is the only permitted way to set enclave options (c).

@letmaik @wintersteiger does this capture it?

davidchisnall avatar Apr 29 '20 10:04 davidchisnall

We should have clear documentations for things we put inside app config, with indications of which ones are in the dynamic attestation report.

jxyang avatar May 26 '20 00:05 jxyang

Yes, that's why we're doing this. It has to be absolutely clear what's attested and checked, and what's just copied over from/to the host.

wintersteiger avatar May 26 '20 09:05 wintersteiger