Michał Kowalczyk
Michał Kowalczyk
> Actually, isn't it what our execve() emulation supposed to do? See https://github.com/gramineproject/gramine/blob/9774ce1ca8551b868c1ca6c423dfcf1b010115d4/LibOS/shim/src/sys/shim_exec.c#L32?plain. I think it's more than this, because you also need to e.g. reset all FDs. But maybe...
> Similarly, the workload owners will specify resource requests/limits, including how much EPC they request. The latter is void today but maybe one day we'll have per app/container EPC usage...
> That's what my comment tried to say too. The limits are not controlled today but afaik the cgroups is in plans. Maybe one day each container will get their...
> The same enclave binary may be executed in the context of two different processes (they might even belong to different users). They will have the same MRSIGNER and MRENCLAVE,...
> 3. Consistent naming in the SGX PAL for code that runs in and out of the enclave Including both function and file names. An example of confusing naming: `enclave_entry.S`...
@lejunzhu: This method is super unreliable and hard to maintain, we don't plan to go in this direction.
> ## Gramine commit hash: > > Latest Master Which commit is "latest master"? You are aware that next week this will be a completely different one? ;)
We could, although it has a pretty low priority.
> Multiple versions installed together, for signing It's not actually for signing, only for _verification_ of MRENCLAVE of an enclave created by someone else. > Metapackage depending on graphene-direct and...
This is mostly a question to @woju, i.e. whether there's anything left to be implemented from it.