Without an orchestrator, while it did share its private key, nonce, and symmetric key, the master enclave previously did not share its public key with other enclaves in the cluster, making the enclaves' public keys inconsistent. This PR enables sharing of the master enclave public key to all other enclaves upon rabit init.
This PR also contains a slight reordering of the distr-training.py demo to perform attestation after initializing rabit. This is necessary to ensure that each Python process started by rabit (given n nodes, Rabit will start n Python processes, each running distr-training.py) has the same nonce. Without this change, the enclaves will have inconsistent nonces at the time of attestation, meaning that each Python process will end up having a different nonce, as an enclave sends its nonce to its respective Python process during attestation. Each Python process's having a difference nonce will cause signature verification issues.
Without an orchestrator, while it did share its private key, nonce, and symmetric key, the master enclave previously did not share its public key with other enclaves in the cluster, making the enclaves' public keys inconsistent. This PR enables sharing of the master enclave public key to all other enclaves upon rabit init.
This PR also contains a slight reordering of the
distr-training.pydemo to perform attestation after initializing rabit. This is necessary to ensure that each Python process started by rabit (given n nodes, Rabit will start n Python processes, each runningdistr-training.py) has the same nonce. Without this change, the enclaves will have inconsistent nonces at the time of attestation, meaning that each Python process will end up having a different nonce, as an enclave sends its nonce to its respective Python process during attestation. Each Python process's having a difference nonce will cause signature verification issues.Fixes #137 Fixes #141