Keymanager: Final steps for policy support #1846

Yawning · 2019-06-25T09:17:24Z

TODO: split into sub-issues

Things that didn't get done as part of #1824...

Write a policy signing tool.
Reinitialize the enclave more often (keymanager/worker: Be better about re-initializing the enclave state #1812).
Figure out how we are going to pass each enclave all of the currently valid MRENCLAVE/MRSIGNER pairs.
Figure out how to test/deploy this.
- Need a mock MRSIGNER/MRENCLAVE for non-sgx enclave builds.
- Need test threshold-multisig keys.
- Need to change lots of devops.

Lower priority (can be delayed till we stop doing dump/restore on update):

Estimated cost: > 14 days (Realistically, no idea, depends on what the new deployment process looks like.)

ravenac95 · 2019-06-27T19:43:02Z

Which parts of this, if any, are required before a Testnet deployment?

Yawning · 2021-06-10T12:32:00Z

This is basically done, and has been done for a long time.

Yawning added p:1 Priority: core feature c:key management Category: key management c:security Category: security sensitive labels Jun 25, 2019

Yawning mentioned this issue Jun 25, 2019

Add key manager policy support #1824

Merged

15 tasks

kostko added the epic Epic (costed tracking issue) label Jul 30, 2019

peterjgilbert assigned Yawning Aug 13, 2019

Yawning assigned matevz Aug 21, 2019

matevz mentioned this issue Sep 5, 2019

keymanager policy: Tooling for generating&signing #2033

Merged

kostko mentioned this issue Jan 6, 2020

Add key manager policy document submission #2516

Closed

kostko unassigned matevz Jun 2, 2020

Yawning closed this as completed Jun 10, 2021

Provide feedback