Skip to content

Commit

Permalink
Update the 'secure logging' claim (it's not really about security at …
Browse files Browse the repository at this point in the history
…all)

Bug: 379850380
Change-Id: Iab8db5a664e3a1ae62b926af5547f909b3eb462c
  • Loading branch information
andrisaar committed Nov 26, 2024
1 parent f9cecf7 commit adc01b0
Showing 1 changed file with 16 additions and 6 deletions.
22 changes: 16 additions & 6 deletions docs/tr/claim/75606.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,20 @@
# Oak binaries with secure logging
# Oak Functions binaries with logging from Wasm disabled

Claim UUID: 75606\
Claim ID: 75606\
Link to self:
https://github.com/project-oak/oak/blob/main/docs/tr/claim/75606.md

An endorsement that doesn't have this claim means the underlying binary doesn't
log securely. This is intended to discriminate between e.g.
`oak_functions_container` (would have the claim) or
`oak_functions_insecure_container` (would not have the claim).
Oak Functions API provides a
[`Log` method](https://github.com/project-oak/oak/blob/main/proto/oak_functions/sdk/oak_functions_wasm.proto#L56)
that the (untrusted) Wasm code can use for arbitrary logging.

As this can provide a way to exfiltrate data, Oak provides pairs of Oak
Functions binaries:

- `oak_functions_container` and `oak_functions_enclave_app` _disables_ logging
from Wasm code (`Log` calls are dropped)
- `oak_functions_insecure_container` and `oak_functions_insecure_enclave_app`
forward `Log` calls to the system log, making them visible.

Endorsements containing this claim assert that no logging from Wasm code happens
in the underlyinb binary.

0 comments on commit adc01b0

Please sign in to comment.