Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bootstrap trust issues #181

Closed
guyz opened this issue May 14, 2020 · 1 comment
Closed

Fix bootstrap trust issues #181

guyz opened this issue May 14, 2020 · 1 comment
Assignees
@Cashmaney
Labels
dev Critical path development tasks
Milestone
CosmWasm Inside S...

Comments

@guyz
Copy link
Contributor

guyz commented May 14, 2020
edited by toml01
Loading

When a bootstrap nodes creates the seed, it needs to prove that:

  1. That seed was properly generated inside of the enclave.
  2. The seed that's being relayed to other nodes in the future is this same seed.

(2) is trivial (Thanks Tom!) since the bootstrap node creates a private/pubkey that will be used in the key agreement protocol with new nodes. So that limits the bootstrap (and later on other nodes) from running this from anywhere but their enclave.

As to (1), the bootstrap nodes needs to publish the remote attestation certificate to prove their seed/identity keypair were generated inside of the enclave.

Every future node (node 2, 3, ...) should validate this certificate.

Open question: What happens if someone runs a different enclave code and generates a RA that supposedly creates a seed? This should not be possible but we need to check this.
@Cashmaney Cashmaney mentioned this issue May 14, 2020
Closed
@assafmo assafmo added the dev Critical path development tasks label May 20, 2020
@reuvenpo
Copy link
Contributor

Open question: What happens if someone runs a different enclave code and generates a RA that supposedly creates a seed? This should not be possible but we need to check this.

Isn't this what MRENCLAVE is for?

@Cashmaney Cashmaney mentioned this issue May 25, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Cashmaney Cashmaney

Labels
dev Critical path development tasks
Projects
None yet
Milestone
CosmWasm Inside SGX With Encryption
Development

No branches or pull requests
4 participants
@guyz @Cashmaney @assafmo @reuvenpo