Transition our PSA-Attestation client activity to use PARSEC

veracruz-project / veracruz

Main repository for the Veracruz privacy-preserving compute project, an adopted project of the Confidential Compute Consortium (CCC).

https://veracruz-project.com

MIT License

189 stars 39 forks source link

Transition our PSA-Attestation client activity to use PARSEC #641

Open dreemkiller opened 1 year ago

dreemkiller commented 1 year ago

Requested feature

Start using PARSEC for our psa-attestation client

Motivation Using CCC projects is a priority, so this makes sense. Also, our current psa-attestation client code is quite hacky.

Additional context There may be some complications on this as we do a few dirty things with psa-attestation, so the transition might not be completely straightforward.

egrimley-arm commented 1 year ago

If Parsec is built with certain features, it depends on psa-crypto, which indirectly uses libmbedtls.a, which is also indirectly used by the mbedtls crate. Will this cause problems for us?

dreemkiller commented 1 year ago

Possibly, especially if they are different versions. In the past, when we've had these problems (when we supported TrustZone, the OPTEE OS included an older version of mbedtls that didn't contain the psa-crypto API we were using), we linked against both versions, but changed the symbol names (using the objcopy --redefine-syms flag) so that both versions could be linked.

Another possibility: get PARSEC to use the mbedtls Rust Crate directly instead of relying on calls directly to the libmbedtls.a file.