Michał Kowalczyk
Michał Kowalczyk
> overriding the host versions This is a wrong/misleading term, as Gramine is not overriding anything. It's a separate operating system, and the plan is to _emulate_ these files based...
Hmm, I think I like the (a bit unrelated) idea of supporting inlining of small files into manifests, but we should probably discuss it more, there may be reasons against...
> Woju's proposal of hard-coded sgx.trusted_files.content is rejected: Wait, it wasn't rejected overall, it's just completely unrelated to this specific issue, and it was rejected *as a solution for it*....
Also, on the security of this: - Just saying out loud what's obvious: we should implement only the part of the configs which are really used by common apps and...
How does 4. work with both messages? Will we wait for responses for both? (original lock + cancel msg) Overall it seems like an ok solution for now.
> This is to minimize the TCB and thereby reduce loss if some parts of the code are compromised. [...] This whole paragraph seems to be based on incorrect assumptions...
> We do want to establish a secure channel, but TLS is an overkill in this specific case I agree, and it's similar with other places where we use TLS...
> except that it doesn't change across builds/versions Hmm, but you need to also check the version and refuse to communicate with old ones (with security bugs). But I guess...
@donporter still under discussion and we don't plan to implement this soon. It's just an RFC to discuss the idea and see what others think ;)
> One immediate comment: we need backwards-compatibility in our manifest file. Would it be acceptable if instead of keeping the compatibility in Gramine itself we published a tool to automatically...