Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor existing SGX documentation and instructions for configuring DCAP attestation #669

Merged
merged 1 commit into from
Dec 4, 2023
Merged

Refactor existing SGX documentation and instructions for configuring DCAP attestation #669

merged 1 commit into from
Dec 4, 2023

Conversation

ptrus
Copy link
Member

@ptrus ptrus commented Dec 1, 2023
edited
Loading

Initial (very rough) update to SGX docs to refactor old/legacy stuff and add dcap/pcs based attestation.

Changes:

  • recommend updating the kernel instead of manually installing the legacy out-of-tree driver
    • removed instructions on installing the legacy driver
  • split AESM service section into 2 parts (AESM PCS Attestation and AESM (legacy) EPID attestation)
  • remove instructions on how to run the docker image via different container runners (imo just cluttered the docs, we can link to somewhere else for this)
  • moved /dev noexec into the troubleshooting section as generally it should be setup correctly on newer systems

TODO:

  • testing the documentation and cleaning up

@netlify Netlify
Copy link

netlify bot commented Dec 1, 2023
edited
Loading

Deploy Preview for trusting-archimedes-14c863 ready!

Name Link
🔨 Latest commit 930a13d
🔍 Latest deploy log https://app.netlify.com/sites/trusting-archimedes-14c863/deploys/656df8d8c6a36100086ba523
😎 Deploy Preview https://deploy-preview-669--trusting-archimedes-14c863.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@ptrus ptrus changed the title wip WIP: refactor existing SGX documentation and instructions for configuring PCS Dec 1, 2023
@ptrus ptrus force-pushed the ptrus/feature/dcap-attestation branch 4 times, most recently from 03d9ad3 to 458183b Compare December 1, 2023 17:35
kostko
kostko reviewed Dec 1, 2023
View reviewed changes
docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md Outdated Show resolved Hide resolved
docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md Outdated Show resolved Hide resolved
docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md Outdated Show resolved Hide resolved
docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md Outdated Show resolved Hide resolved
docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md Outdated Show resolved Hide resolved
docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md Outdated Show resolved Hide resolved
docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md Outdated
@@ -30,8 +30,8 @@ set the BIOS settings as follows:
- **Turbo Mode**: DISABLE
- **CPU AES**: ENABLE

To test if your settings are correct, you may use the [attestation tool]
([binary]) for testing remote attestation against Intel SGX's
To test if your settings are correct, you may use the [attestation tool]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this tool only works for EPID currently.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Moved this tool at the end of the guide (i think it makes morse sense there) and mentioned that it only supports EPID currently.

Would it be straightforward to also add support for DCAP?

docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md Outdated Show resolved Hide resolved
docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md Outdated Show resolved Hide resolved
@ptrus ptrus force-pushed the ptrus/feature/dcap-attestation branch from 458183b to 4febb44 Compare December 2, 2023 12:19
@ptrus ptrus force-pushed the ptrus/feature/dcap-attestation branch 2 times, most recently from 4866b80 to 4e726af Compare December 4, 2023 14:01
@ptrus ptrus changed the title WIP: refactor existing SGX documentation and instructions for configuring PCS Refactor existing SGX documentation and instructions for configuring PCS Dec 4, 2023
@ptrus ptrus force-pushed the ptrus/feature/dcap-attestation branch from 4e726af to 15d9814 Compare December 4, 2023 14:08
@ptrus ptrus changed the title Refactor existing SGX documentation and instructions for configuring PCS Refactor existing SGX documentation and instructions for configuring DCAP attestation Dec 4, 2023
@ptrus ptrus marked this pull request as ready for review December 4, 2023 15:29
@ptrus ptrus force-pushed the ptrus/feature/dcap-attestation branch from 15d9814 to da52070 Compare December 4, 2023 15:39
kostko
kostko approved these changes Dec 4, 2023
View reviewed changes
Copy link
Member

@kostko kostko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, looks good to me now!

docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md Outdated Show resolved Hide resolved
@ptrus ptrus force-pushed the ptrus/feature/dcap-attestation branch from da52070 to 930a13d Compare December 4, 2023 16:05
@ptrus ptrus merged commit dd46b4a into main Dec 4, 2023
6 checks passed
@ptrus ptrus deleted the ptrus/feature/dcap-attestation branch December 4, 2023 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kostko kostko kostko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ptrus @kostko