-
Notifications
You must be signed in to change notification settings - Fork 180
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Pal/Linux-SGX] Add
sgx.protected_mr{enclave,signer}_files
manifest…
… options Previously, only `sgx.protected_files` were available in the manifest. This kind of protected files needs a provisioned master (wrap) key. But sometimes it is enough to seal files on the same platform for later usage by the same enclave or by enclaves of the same signer: this is the SGX sealing feature. This commit adds two more options to support SGX sealing: `sgx.protected_mrenclave_files` and `sgx.protected_mrsigner_files`. Similarly to `sgx.protected_files`, these new options specify lists of files that are encrypted by the SGX key generated via SGX instruction `EGETKEY(SEAL_KEY)`, bound to the MRENCLAVE/MRSIGNER enclave measurement (so that only instances of the same enclave/only enclaves with the same signer may decrypt protected files). Documentation is updated to reflect this. A corresponding LibOS test is added. As a side-effect, read/write utilities are extracted into a separate helper file `rw_file.c`. Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
- Loading branch information
Showing
16 changed files
with
542 additions
and
180 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.