tylerfanelli
commented
4 months ago @thomas-fossati I'm not a contributor to this repository, so I'm unable to add the labels open source software and attestation architectures.
Open tylerfanelli opened 4 months ago
tylerfanelli
commented
4 months ago @thomas-fossati I'm not a contributor to this repository, so I'm unable to add the labels open source software and attestation architectures.
thomas-fossati
commented
4 months ago @thomas-fossati I'm not a contributor to this repository, so I'm unable to add the labels
open source softwareandattestation architectures.
Done!
A couple of points on the logistics:
Thanks for an excellent proposal!
tylerfanelli
commented
4 months ago
- I have pencilled you in on the 7th of May, if that doesn't work for any reason let us know.
Thanks, will do.
- How much time do you need (including Q&A)?
Probably about 30-45 min?
muhammad-usama-sardar
commented
3 months ago
keybrokeris still in its infancy, but I'd like to present its architecture to the Attestation SIG if given the opportunity.
Sounds very interesting. We have a very recently accepted project within the CCC Attestation SIG to work on the formalization of the CoCo KBS protocol. Related to that, what I would like to be emphasized in the talk is the following:
tylerfanelli
commented
3 months ago
- Motivation: Given a well-known CoCo KBS attestation protocol, why is there a need for VirTEE keybroker? or in other words, what exactly is missing in CoCo KBS attestation protocol that VirTEE would help in improving the ecosystem? or maybe what is the limitation of CoCo KBS attestation protocol that you are trying to address via VirTEE?
keybroker follows the KBS protocol. Most of its differences lie in reference value handling and registration. I'm actually experimenting with porting keybroker as a backend for coco-kbs (a replacement of attestation-service for our needs).
- Attestation Protocol: How is the secure channel established in VirTEE? Does it use pre-handshake attestation/post-handshake attestation/intra-handshake attestation? or by infancy, did you mean that it is only the architecture that you would like to present?
I'm not sure what you mean when you refer to VirTEE in this scenario. VirTEE is simply an organization to host open source TEE projects. If you're referring to keybroker, since it uses the KBS protocol, the secure channel establishment follows the method of coco-kbs.
gkostal
commented
1 month ago @tylerfanelli - thank you so much for presenting on 6/18/24. Can you possibly share your slides from the presentation so they can be added to the meeting materials in this repo? You can either submit a PR to this repo, or you can share the slides with me, and I can create a PR on your behalf.
tylerfanelli
commented
1 month ago @gkostal Thanks for allowing me to present! I can create a PR with the slides.
I recently spoke at the latest CCC TAC meeting on how we're building confidential computing support in existing container projects:
https://youtu.be/hSQC9GWvK-M?list=PLmfkUJc39uMjaB_I1dYW72I44kr9QzG_B&t=3355
In that presentation, I spoke a bit about the remote attestation server we built to support this work, known as
keybroker.keybrokeris still in its infancy, but I'd like to present its architecture to the Attestation SIG if given the opportunity.keybrokerwill become an official VirTEE-supported project at some point.https://github.com/tylerfanelli/keybroker
In the meantime, I will add some documentation to the
keybrokerrepository showing its architecture; and specifically, what it does different than existing attestation server implementations.