Git Product home page Git Product logo

Comments (6)

Yawning avatar Yawning commented on July 26, 2024

While I have no problems with this idea in theory, what safeguards beyond "Dont' do that then" do you propose to prevent the debug enclave from being accidentally deployed?

from oasis-core.

kostko avatar kostko commented on July 26, 2024

Agree that switching this on by accident is a problem. I guess the same could be said for the existing uses of OASIS_UNSAFE_SKIP_KM_POLICY. Any suggestions?

We could only allow this in either non-SGX builds (still can be dangerous though as you also want non-SGX clients to authenticate the EnclaveRPC channel to the key manager) or when allowing debug enclaves is enabled through OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES (as this requires use of unsafe flags all over the place).

from oasis-core.

Yawning avatar Yawning commented on July 26, 2024

Probably only for debug enclaves?

from oasis-core.

nhynes avatar nhynes commented on July 26, 2024

It's hard to link anything in the code itself to the enclave being in debug mode, as that's assigned only after the application is compiled. I think an easy thing to do would be to expose the debug-ness in the core.RuntimeInfo query and have the runtime host compare that to its own debug-ness.

from oasis-core.

kostko avatar kostko commented on July 26, 2024

only after the application is compiled

The thing with our runtimes is that they can be in either debug mode in which case they only accept debug quotes or in non-debug mode in case they only accept non-debug quotes. This depends on the build-time OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES flag and is also reflected in oasis_core_runtime::BUILD_INFO.is_secure. The runtime will also not process any requests in case the attestation is invalid (including checking the debug-ness of itself).

Reporting the is_secure status in addition to this mechanism (as is done for the key manager runtime) as part of the runtime connection handshake would probably be useful for the node to report a better error message.

If we require OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES to be set in order for OASIS_UNSAFE_SKIP_KM_POLICY to take effect that would prevent one accidentally building a non-debug runtime which skips policy checks.

from oasis-core.

kostko avatar kostko commented on July 26, 2024

This is now implemented in #4878, please take a look.

from oasis-core.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.