Christoph M. Wintersteiger

The OE instructions for non-FLC systems include `-DHAS_QUOTE_PROVIDER=OFF`, so it's disabled at build time.

Intel says it's easy to check FLC support at runtime: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/816625 > `cpuid -r -1` > > find the 0x00000007 line and content of ecx, if ecx's 2nd bit from...

Further: JSON does not support integers greater than 2^53, so many integers will have to be encoded into strings. I've started doing that consistently by hex-encoding all integers into strings....

That's right, key release policies would have to know about that encoding. In a pinch, strings are also numerically comparable (lexicographically), which, for instance, would work fine for version numbers.

That would complicate the parser and serializer code, making them harder to review for security and to predict for attestation purposes. I definitely don't want to treat some settings different...

That requires a change to at least one of the JSON parsers, which now also needs a list of keys that are expect to be strings (or worse, either string...

Yes, strings are quoted, but I don't understand your question. We have to check that they contain valid numbers (also in the parser), but it's the same for all numbers.

Yes, that's what the JSON parser (or our callback therein) does, but it does it in the same way for all numbers. I don't think this would have a major...

That's a very good idea indeed! I think it would be helpful to have such examples in discussions/meetings with others too, so it makes sense to actually go through a...

This discussion has run a bit dry, we should think about this at some point and see whether we can make the config format truly canonical. Some notes from an...