aa: Rename Occlum attester to SGX attester and add Gramine support to it #167
Conversation
mythi
force-pushed
the
sgx-dcap-attester
branch
2 times, most recently
from
a05268d
to
6bdc7fb
Compare
mythi
requested review from
jiangliu,
arronwy,
lumjjb and
Xynnn007
as code owners
| } | ||
| } | ||
| SgxLibOsType::Gramine => { | ||
| std::fs::write("/dev/attestation/user_report_data", report_data_bin)?; |
There was a problem hiding this comment.
Do we also need occlum_dcap dependency if gramine is the libos? I mean if not, we can avoid bringing occlum_dcap to decrease the footprint.
There was a problem hiding this comment.
we don't need it but I did not want to introduce new features but keep only one "SGX DCAP" feature.
There was a problem hiding this comment.
Ok. Let's handle this in future when footprint is actually an obstacle for enclave-cc.
I just rebased to fix merge conflicts. Let's see the results now. Update: Seems to be OK: https://github.com/confidential-containers/guest-components/actions/runs/5573122545/jobs/10179974921?pr=167 |
|
Hi @mythi Can you rebase this PR? |
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
SGX DCAP Attester checks that the evidence passed in is base64 encoded SHA384 and fails if the base64 decoded input does not match the expected length. Therefore, "test".into() won't work and errors. Fix by using the same hasher as the KBS protocol. Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
done |
No description provided.