Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add acceptable enclave quote statuses to SGX constraints #4055

Closed
kostko opened this issue Jun 18, 2021 · 0 comments · Fixed by #4396
Closed

Add acceptable enclave quote statuses to SGX constraints #4055

kostko opened this issue Jun 18, 2021 · 0 comments · Fixed by #4396
Assignees
@Yawning
Labels
c:breaking/consensus Category: breaking consensus changes c:common Category: common libraries c:registry Category: entity/node/runtime registry service

Comments

@kostko
Copy link
Member

kostko commented Jun 18, 2021
edited
Loading

The CapabilityTEE verification should support enforcement of enclave quote statuses by extending sgx.Constraints to include a field which specifies what is acceptable (could even be strict/non-strict similar to OASIS_STRICT_AVR_VERIFY in runtimes). Note that currently the runtimes can enforce this when establishing secure sessions which is sufficient for security purposes, but it would be useful if one could prevent non-compliant nodes from not even being scheduled. Otherwise this will result in those nodes triggering failures.
@kostko kostko added c:registry Category: entity/node/runtime registry service c:common Category: common libraries c:breaking/consensus Category: breaking consensus changes labels Jun 18, 2021
@Yawning Yawning self-assigned this Dec 10, 2021
@Yawning Yawning mentioned this issue Dec 13, 2021
Merged
2 tasks
@kostko kostko linked a pull request Dec 14, 2021 that will close this issue
runtime: Enclave quote status related cleanups/improvements #4396
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Yawning Yawning

Labels
c:breaking/consensus Category: breaking consensus changes c:common Category: common libraries c:registry Category: entity/node/runtime registry service
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

runtime: Enclave quote status related cleanups/improvements oasisprotocol/oasis-core
2 participants
@kostko @Yawning