You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GSC license (what to do with Li Lei's contributions)
First, Dmitrii will try to contact Li through his private email (DONE, no response yet).
Mona will ask what is the policy of Intel regarding past employees (DONE, Mona can ack on behalf of Li).
In the worst case, we check line by line Li's contributions (WON'T BE NEEDED).
Woju & Don: the Gramine page, see NSF grant and new Intel logo gramineproject.io#7
Pending on Michal's review and decision. UPDATE: merged.
Benny: Gramine + Alpine
Woju: Packaging with Alpine -- we have build instructions in the Gramine repo, so one can build packages manually. There are no Alpine packages shipped by us.
Woju: You don't need Intel PSW for Alpine if you're running Gramine inside the Docker container, because Gramine talks to PSW through the AESM socket, so Intel PSW can be on the host and Gramine can be inside -- SGX attestation will work.
UPDATE from Dmitrii: this is true only for the EPID attestation. The ECDSA/DCAP attestation in Gramine also uses the Intel PSW's shared library libsgx_dcap_quoteverify.so (part of the package libsgx-dcap-quote-verify), and this library must live inside the Docker container, thus must also be re-built under Alpine. This is the main problem...
UPDATE2 from Dmitrii + Woju on 24. Aug 2023: in many scenarios, the verification library libsgx_dcap_quoteverify.so is not required by the SGX application -- the SGX application only needs a way to get the SGX Quote from the underlying host's Architectural Enclaves (which could be communicated with via the AESM socket). So, unless you need to run the verifier in the enclave itself (to attest another enclave), then you don't need this library.
Benny: Is there any plan to document all these notes about Alpine support currently?
Woju: There was no plan. Need to find the time/person to write this...
Woju: the best is to look at our CI code. E.g. PSW AESM socket is exposed like this:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Agenda
(please write your proposed agenda items in comments under this discussion)
GSC license (what to do with Li Lei's contributions)
First, Dmitrii will try to contact Li through his private email (DONE, no response yet).
Mona will ask what is the policy of Intel regarding past employees (DONE, Mona can ack on behalf of Li).
In the worst case, we check line by line Li's contributions (WON'T BE NEEDED).
Woju & Don: the Gramine page, see NSF grant and new Intel logo gramineproject.io#7
Pending on Michal's review and decision. UPDATE: merged.
Benny: Gramine + Alpine
Woju: Packaging with Alpine -- we have build instructions in the Gramine repo, so one can build packages manually. There are no Alpine packages shipped by us.
Woju: You don't need Intel PSW for Alpine if you're running Gramine inside the Docker container, because Gramine talks to PSW through the AESM socket, so Intel PSW can be on the host and Gramine can be inside -- SGX attestation will work.
libsgx_dcap_quoteverify.so
(part of the packagelibsgx-dcap-quote-verify
), and this library must live inside the Docker container, thus must also be re-built under Alpine. This is the main problem...libsgx_dcap_quoteverify.so
is not required by the SGX application -- the SGX application only needs a way to get the SGX Quote from the underlying host's Architectural Enclaves (which could be communicated with via the AESM socket). So, unless you need to run the verifier in the enclave itself (to attest another enclave), then you don't need this library.Benny: Is there any plan to document all these notes about Alpine support currently?
gramine/.ci/lib/config-docker.jenkinsfile
Line 20 in 028d580
Beta Was this translation helpful? Give feedback.
All reactions