CCF A network without any entries in `public:ccf.gov.nodes.snp.uvm_endorsements` does not accept SNP nodes on the basis of hardcoded roots of trust

A network without any entries in `public:ccf.gov.nodes.snp.uvm_endorsements` does not accept SNP nodes on the basis of hardcoded roots of trust

Open achamayou opened this issue 1 year ago • 7 comments

verify_uvm_endorsements() checks endorsements against both internal hardcoded roots of trust, and entries in the public:ccf.gov.nodes.snp.uvm_endorsements map. Only attestations endorsed collateral meeting both requirements are currently allowed through.

This means that a network being updated to SGX requires a governance action to set at least one entry in public:ccf.gov.nodes.snp.uvm_endorsements before nodes can join.

Sep 16 '24 16:09 achamayou

CCF CCF copied to clipboard

A network without any entries in `public:ccf.gov.nodes.snp.uvm_endorsements` does not accept SNP nodes on the basis of hardcoded roots of trust

CCF
CCF copied to clipboard