This repository has been archived by the owner on May 3, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 27
Enarx components
Mike Bursell edited this page Jul 4, 2019
·
8 revisions
Enarx comprises the following components:
- Attestation
- Enarx API & core
- Enarx runtime
- Management
The following components are relevant or related to Enarx:
- Developer tools
- TLSSock
An application which is going to run w/in Enarx needs to attest two things:
- The hardware enclave.
- A measurement of the Enarx run-time. This means that Red Hat may need to launch a service to abstract attestation. The way that this works is that the client requests attestation from Enarx. Enarx supplies a blob. The client forwards this to Red Hat. Red Hat will then complete attestation of the h/w environment and translate the measurements of Enarx into a something which allows you to identify the specific version of Enarx.
From the client’s point of view, the attestation steps of Enarx end up with the following two cryptographically validated assertions:
- The enclave type and version;
- The Enarx version and integrity. The attestation processes associated with the various hardware architectures are very different: providing a common mechanism to abstract this is expected to be a major part of the work associated with this project.