jxyang
commented
4 years ago We should have clear documentations for things we put inside app config, with indications of which ones are in the dynamic attestation report.
Open davidchisnall opened 4 years ago
jxyang
commented
4 years ago We should have clear documentations for things we put inside app config, with indications of which ones are in the dynamic attestation report.
wintersteiger
commented
4 years ago Yes, that's why we're doing this. It has to be absolutely clear what's attested and checked, and what's just copied over from/to the host.
We need to clean up the configuration options of SGX-LKL:
We should go over the options supported by
sgx-lkl-runand remove ones that are no longer necessary.The remaining ones should be divided into three groups:
a. Debug options, which are only available in the DEBUG build of SGX-LKL.
b. Host options, which only impact the operation of the launcher but otherwise have no correctness implications for the enclave.
c. Enclave options, which impact the behaviour of the enclave and therefore their values must be included in the attestation. Only the parameters in this category are exposed in the attestation
In addition, we need to support JSON configuration files for (i) the host configuration options (a+b) and enclave app_config (c). In RELEASE mode, the enclave app_config is the only permitted way to set enclave options (c).
@letmaik @wintersteiger does this capture it?