Peter Pietzuch
Peter Pietzuch
If you build OE with FLC doesn't that break enclave creation on a non-FLC machine? The OE documentation says that this needs to be picked at build time. I think...
Yeah, OE distinguishes between these cases: https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/Contributors/building_oe_sdk.md#1-determine-the-sgx-support-level-on-your-developmenttarget-system They provide only binaries with FLC support.
I think that we should decide this based on the requirements of the cryptsetup replacement. @mikbras?
> That's right, key release policies would have to know about that encoding. In a pinch, strings are also numerically comparable (lexicographically), which, for instance, would work fine for version...
I didn't mean to change the JSON parser but, as part of the schema, we would say that particular fields in the app_config, which we know may be large, must...
I don’t understand. Doesn’t JSON parsing only parse values in quotes as strings?
Well, at some point, SGX-LKL specific code needs to interpret the parsed values and check ranges etc. This code will understand that some fields are strings and others are numbers,...
Checking version/security numbers is the obvious one. In addition, there may be "safe" ranges for allocated memory amounts etc. Perhaps we should first come up with a full specification of...
Note that we have `SGXLKL_ASSERT` for assertions.
@wintersteiger conceptually it makes sense to me to have a struct that contains the full app_config, the way it has passed attestation. Or do I misunderstand your proposal?