Remove duplication of the AWS Nitro Root certificate

veracruz-project / veracruz

Main repository for the Veracruz privacy-preserving compute project, an adopted project of the Confidential Compute Consortium (CCC).

https://veracruz-project.com

MIT License

190 stars 39 forks source link

Remove duplication of the AWS Nitro Root certificate #71

Open dreemkiller opened 3 years ago

dreemkiller commented 3 years ago

Requested feature Remove duplication of the AWS Nitro Root enclave certificate in the code.

Motivation The certificate is currently hard-coded in two locations in the code: In the tabasco server, and in the nitro-root-enclave. This value is not expected to change, ever (the certificate's expiry is 2049, and if we need to change it, something VERY VERY BAD has happened at AWS). However, having it in two locations is messy and unnecessary.

dominic-mulligan-arm commented 3 years ago

I think it's better if this hardcoding is removed entirely, and we use include_bytes! 1, or similar, to read the content of the certificate in at compile time only once.