You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The SCAI doc mentions an SGX-attested build of a binary with -fstack-protector, and I'm left wondering what the specified process is for checking the evidence in the SCAI predicate with an SGX quote. Is the environment evidence collection and evidence bundle format for attestation verification not part of the spec? This seems really close to CoRIM and its reference-values triple, but it's missing the evidence->reference checking description.
The text was updated successfully, but these errors were encountered:
I am not too familiar with CoRIM, but you can collect additional environment attestations in conjunction with SCAI. Let me know if it doesn't make much sense.
The SCAI doc mentions an SGX-attested build of a binary with -fstack-protector, and I'm left wondering what the specified process is for checking the evidence in the SCAI predicate with an SGX quote. Is the environment evidence collection and evidence bundle format for attestation verification not part of the spec? This seems really close to CoRIM and its reference-values triple, but it's missing the evidence->reference checking description.
The text was updated successfully, but these errors were encountered: