You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Investigate how to handle Simulation libs (i.e. how to get _sim.a)
We were hoping to utilize the links key with a hw and sim crate. This didn't pan out as cargo will look at optional dependencies for link collision since features are additive. From cargos perspective both crates could be used together. We decided to fall back to determining the link name at build time.
Get a spreadsheet w/ all the APIs and structs and which belong to which (as we're doing archives)
sdk.bin
or are packages sufficient) - @jcape #87Add required intel headers to source (via submodule) - @awygle(moved to Consider vendoring or building SGX SDK binaries with rust crates #37)Investigate nice way to add required intel binaries (enclave .a files w/ mitigations) - @nick-mobilecoin(moved to Consider vendoring or building SGX SDK binaries with rust crates #37)_sim.a
)We were hoping to utilize the links key with a hw and sim crate. This didn't pan out as cargo will look at optional dependencies for link collision since features are additive. From cargos perspective both crates could be used together. We decided to fall back to determining the link name at build time.
Trust Verification Librfary. 3.9 from https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
Provides
sgx_tvl_verify_qve_report_and_identity()
for enclaves to verify a Qve REPORT, but not a quote.OpenMP for use inside of enclave. From
sdk/Makefile.source
libsgx_omp.a is listed as a trusted libraryProtected code loader. From https://github.com/intel/linux-sgx-pcl, this is intended to prevent reverse engineering an enclave binary built with closed source code.
C++ API of https://github.com/protocolbuffers/protobuf for use in an enclave.
Looking at the symbols they all appear to be mangled C++ with no C API
Quote provider library. Per https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/qpl/qpl_api.txt this is used to talk to a PCCS or similar.
During initial development without it only local attestation was possible, however there is no need to talk directly to it if using the sgx interface for quote generation.
QCNL is the quote collateral network library. It is used by
libdcap_quoteprov.so
for talking to a Provisioning Certificate Caching Service (PCCS). See https://download.01.org/intel-sgx/sgx-dcap/1.14/linux/docs/SGX_DCAP_Caching_Service_Design_Guide.pdfUsed for interfacing with the Provisioning Certificate Enclave, used by
libsgx_dcap_ql.so
Used for interfacing with the Quoting Enclave, used by
libsgx_dcap_ql.so
Used for Trusted Domain Extensions attestation, https://www.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf
Used by
qgs
an executable that is built with DCAP libraries. Think it stands for quote generation service.Used for Trusted Domain Extensions attestation.
The text was updated successfully, but these errors were encountered: