DragonDev1906
commented
1 year ago Sure, will do that tomorrow.
Closed dot-asm closed 1 year ago
DragonDev1906
commented
1 year ago Sure, will do that tomorrow.
DragonDev1906
commented
1 year ago Assuming that I don't need to specify anything in environment variables or similar: I've not had an issue running the sgx-asm branch in SGX (tested what I used in the other issue: Signing and Verifying this signature. Though apparently it now works with 1 allowed thread without specifying the no-threads feature.
So it behaves as expected from what I could tell.
Whether that has actually applied the hardening: I don't know, I assume it does given the line in build.rs, but I don't know what exactly to look for in the resulting binary I get after compiling (I assume you've checked that it does the hardening when building the rust crate).
dot-asm
commented
1 year ago I've not had an issue running the sgx-asm branch in SGX
Thanks!
Whether that has actually applied the hardening: I don't know
If you compare performance, you should observe >2x penalty. Just in case, keep in mind that LVI hardening is about "gadgets", i.e. it is all components' responsibility to pull in the same direction. A component that does public-key cryptography has do it to protect the secret-key component.
dot-asm
commented
1 year ago Committed. Thanks!
@DragonDev1906, could you take it for a spin in actual SGX environment?