[Docs] Ensure that insecure options are clearly marked as such #2454
Conversation
There was a problem hiding this comment.
Reviewed 3 of 3 files at r1.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: ITL) (waiting on @mkow)
a discussion (no related file):
I'm still not sure about one option: sgx.debug. Is it actually possible to set it to true and accidentally ship such an enclave? This will be visible in the attestation, but maybe that's not enough?
It is possible. But I don't see a problem -- it is reflected during remote attestation, and a good verification library will throw some huge warning or something like this.
Documentation/manifest-syntax.rst, line 477 at r1 (raw file):
sgx.trusted_files.[identifier] = "[URI]" This syntax specifies the files to be cryptographically hashed build-time, and
at build time?
There was a problem hiding this comment.
Reviewable status: 2 of 3 files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: ITL), "fixup! " found in commit messages' one-liners (waiting on @dimakuv and @mkow)
Documentation/manifest-syntax.rst, line 477 at r1 (raw file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
at build time?
Done.
There was a problem hiding this comment.
Reviewed 2 of 3 files at r1, 1 of 1 files at r2.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from different teams (1 more required, approved so far: ITL), "fixup! " found in commit messages' one-liners (waiting on @dimakuv and @mkow)
There was a problem hiding this comment.
Reviewed 1 of 1 files at r2.
Reviewable status: all files reviewed, all discussions resolved, "fixup! " found in commit messages' one-liners
Signed-off-by: Michał Kowalczyk <[email protected]>
Signed-off-by: Michał Kowalczyk <[email protected]>
dimakuv
force-pushed
the
mkow/secure-defaults
branch
from
e237da4 to
8f77a8e
Compare
There was a problem hiding this comment.
Reviewed 1 of 1 files at r3.
Reviewable status:complete! all files reviewed, all discussions resolved
Description of the changes
I'm still not sure about one option:
sgx.debug. Is it actually possible to set it totrueand accidentally ship such an enclave? This will be visible in the attestation, but maybe that's not enough?In the future it would be good to have some kind of warning banner at the start of Graphene if it's insecure, which would be enabled in all debug builds, when using insecure/non-prod manifest settings, etc.
ps. I squashed in a few formatting fixes, reST was broken in a few places.
This change is