oasisprotocol
Support for per-role quote policies
Add support for per-role quote policies in addition to the existing general policy (which would become the "default" policy for roles that don't have an override). This would allow a more relaxed general policy but stricter requirements for nodes that can access the key manager (eg. compute/observer nodes).
So existing: https://github.com/oasisprotocol/oasis-core/blob/aeffe3bd6ce9f62ddf3487225ec58e31bd616259/go/common/node/sgx.go#L35-L36
becomes the "default policy", and we add additional PerRolePolicy map[node.RolesMask]*quote.Policy?
This would allow a more relaxed general policy but stricter requirements for nodes that can access the key manager (eg. compute/observer nodes).
Who will be then validated against this "relaxed" policy given that we currently only register compute, observer or keymanager (that all access or are keymanagers)?
Given this changes consensus validation rules (breaking), I assume I have to gate it behind future version? Also obviously all struct changes should be backward compatible...
becomes the "default policy", and we add additional PerRolePolicy map[node.RolesMask]*quote.Policy?
Yes, something like that.
Who will be then validated against this "relaxed" policy
Clients (that do not register). And then a more strict policy for compute and observer nodes.
Given this changes consensus validation rules (breaking), I assume I have to gate it behind future version? Also obviously all struct changes should be backward compatible...
Yes. This is why the existing policy field is reused and only new fields are introduced. So you don't really need additional versioning and can just gate this extra "per-role policy" field being set on the feature (and be careful to fail in the same way as we do currently if a non-existent field is set).