Remove the Root Enclaves

veracruz-project / veracruz

Main repository for the Veracruz privacy-preserving compute project, an adopted project of the Confidential Compute Consortium (CCC).

https://veracruz-project.com

MIT License

191 stars 39 forks source link

Remove the Root Enclaves #165

Closed dreemkiller closed 2 years ago

dreemkiller commented 3 years ago

Requested feature Remove the Root enclaves from the project

Motivation With the new CA Attestation flow (#122), the root enclaves are no longer needed. They complicate attestation flow, user understanding, and add instability on the AWS Nitro platform.

dreemkiller commented 2 years ago

This has now been done for Trustzone with #205

dreemkiller commented 2 years ago

The remaining platforms that still use root enclaves are SGX, Linux, and (maybe) Icecap (@nspin to confirm)

Since SGX will be removed for version 2, we may not remove the root enclave from it. Still need to do it for Linux and perhaps Icecap.

dominic-mulligan-arm commented 2 years ago

This is now complete.