Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[python] Remove unneeded attrs in get_mrenclave_and_manifest() #1550

Merged
merged 1 commit into from
Sep 13, 2023
Merged

[python] Remove unneeded attrs in get_mrenclave_and_manifest() #1550

merged 1 commit into from
Sep 13, 2023

Conversation

dimakuv
Copy link

@dimakuv dimakuv commented Sep 13, 2023
edited
Loading

Description of the changes

The only enclave attributes required for the SGX enclave measurement are the enclave size and the number of enclave threads. Other attributes such as ISV_PROD_ID, ISV_SVN, XFRM are not included in the measurement.

This commit is extracted from #881.

How to test this PR?

E.g., manually build the Helloworld example.

This change is Reviewable

@dimakuv dimakuv mentioned this pull request Sep 13, 2023
Merged
kailun-qin
kailun-qin requested changes Sep 13, 2023
View reviewed changes
Copy link
Contributor

@kailun-qin kailun-qin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: Intel) (waiting on @dimakuv)

-- commits line 5 at r1:
What about edmm_enable then?

Code quote:

  The only enclave attributes required for the SGX enclave measurement are
  the enclave size and the number of enclave threads. Other attributes

@dimakuv dimakuv force-pushed the dimakuv/rm-unneeded-attrs-for-mrenclave branch from ce93272 to 9b49c1e Compare September 13, 2023 08:42
dimakuv
dimakuv commented Sep 13, 2023
View reviewed changes
Copy link
Author

@dimakuv dimakuv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: Intel) (waiting on @kailun-qin)

-- commits line 5 at r1:

Previously, kailun-qin (Kailun Qin) wrote…

What about edmm_enable then?

Done, forgot to add in the text.

For those curious: enabling EDMM modifies what enclave pages are EADDed to the initial enclave image, and thus the EDMM option modifies the SGX enclave measurement (MRENCLAVE). So it is considered as one of the factors.

kailun-qin
kailun-qin approved these changes Sep 13, 2023
View reviewed changes
Copy link
Contributor

@kailun-qin kailun-qin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed all commit messages.
Reviewable status: all files reviewed, all discussions resolved, not enough approvals from maintainers (1 more required), not enough approvals from different teams (1 more required, approved so far: Intel)

mkow
mkow approved these changes Sep 13, 2023
View reviewed changes
Copy link
Member

@mkow mkow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

[python] Remove unneeded attrs in get_mrenclave_and_manifest()
dc92067 
The only enclave attributes required for the SGX enclave measurement are
the enclave size, the number of enclave threads and whether EDMM is
enabled. Other attributes such as ISV_PROD_ID, ISV_SVN, XFRM are not
included in the measurement.

Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
@dimakuv dimakuv force-pushed the dimakuv/rm-unneeded-attrs-for-mrenclave branch from 9b49c1e to dc92067 Compare September 13, 2023 14:15
kailun-qin
kailun-qin approved these changes Sep 13, 2023
View reviewed changes
Copy link
Contributor

@kailun-qin kailun-qin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

@dimakuv dimakuv merged commit dc92067 into master Sep 13, 2023
@dimakuv dimakuv deleted the dimakuv/rm-unneeded-attrs-for-mrenclave branch September 13, 2023 17:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kailun-qin kailun-qin kailun-qin approved these changes

@mkow mkow mkow approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dimakuv @mkow @kailun-qin