Christoph M. Wintersteiger
Christoph M. Wintersteiger
While trying to extract attestation evidence (the endorsements part to be precise) via `oe_get_evidence`, OE calls mbedTLS functions, which in turn call `calloc` and not `oe_calloc` ([here](https://github.com/openenclave/openenclave/blob/85971a67f89efcdc37446bd96bb10fb75dede0b6/enclave/crypto/cert.c#L59), where `mbedtls_calloc ==...
This adds a number of checks that ensure pointers into shared memory from the host don't point into enclave memory. Also adds a check to ensure the enclave is initialized...
This adds proper tracing options, which removes the need for `getenv` calls in the enclave. Fixes #780. Goes with https://github.com/lsds/sgx-lkl-musl/pull/36.
All code that depends on the memory shared between host and enclave needs to be reviewed thoroughly. There were no checks to ensure shared memory regions reside outside of enclave...
@letmaik previously summarized: Dynamic attestation relies on extra data being passed to the enclave start function which then becomes part of the final MRENCLAVE hash and can be used in...
Formatting
This fixes a few code formatting violations in recently added code. Many of the header files are also not formatted correctly (not fixed here). Do we have consensus on the...
From #115 via #103: We should support the full ELF stack layout for maximum compatiblity. @davidchisnall says: >We should probably mirror the layout mandated by the amd64 ELF psABI here...
When the enclave configuration is read from EEID, we may decide not to require all settings to be specified in the EEID, so that the enclave will fill in the...
This took a bit more moving of structs than I hoped, but I think this is the right way to expose the node config to applications.
This adds support for custom ACME challenge handlers, which is required as there is no standardized interface for installing challenge responses, e.g. for dns-01 challenges. Most of this is straightforward,...