[Feature] New Enclave Attestation Method with ECDSA. #764
Comments
|
Any change to the enclave is not trivial when you have to deal with encrypted data migration, so I'd like yo hear from the Infra committee about this. Is this going to open the possibility for new hardwares to be used? Will this cut costs for node runners? |
|
CC: @moonstash This will NOT reduce costs on the hardware end but definitely gives operators more hardware choices, as new cloud providers are starting to provision the use of the new Xeon Silver/Gold/Platinum Chipsets from the 3rd gen. Since SGX is currently only supported on Server Hardware, it would be nice to open provisions for new SGX chips.| But I would like to understand how hard this would be to implement in parallel with the current method? Or if its at all possible? Because we need both of those to support wide range of hardware. IMO on the feature request list : |
|
My thoughts.
What else does this do? While enigma has not yet said they are committing to updating to the new generation of SGX, In my view, making an update like this allows for some node runners to slowly transition to hardware that works with the new SGX from intel, on the 3rd Generation Scalable processors. My Questions
|
@mohammedpatla
@moonstash |
|
If multithreading is the thing being pushed for the new update then we can have that as a priority over this feature. But otherwise, I think as far as infrastructure is concerned this Feature request should be seriously considered for the next upgrade provided we are backward compatible. |
Another reason why this might be more important to do, sooner than later. Intel discontinued the E-2288g which was the highest tier processor supported for SGX on secret. It was discontinued to use those facilities to make newer generation CPUs. Trying to figure out if the lower tier ones are getting discontinued but still concerned about this recent development. |
|
It appears the xeon e line is discontinued now. |
|
@assafmo Just to reiterate on this, the Infrasture committee has evaluated this to be very important, currently only the This would be plus one for IBC hardfork. CC: @moonstash EDIT:- to clarify since its going out of market (and already limited supply) we need to run other processors which takes away the ability to run nodes on the same hardware due to hyperthreading being disabled. |
Not sure I understood the sentence, Mohammed. just to clarify Secret SGX runs on any 21xxG and 22xxG processors, though it needs HyperThreading disabled on all processors with less than 8 cores. But yes, they are ALL being discontinued. Again, the SGX module needs to able to be run on a different machine from the Cosmos SDK. This will enable greater flexibility on which platforms can host the chain. |
|
Is this being a target for v1 or v2 of IBC @assafmo |
|
v2. It's kinda a lot of work. |
I am opening this feature request to add a new method for enclave registration using the new SGX attestation method: Elliptic Curve Digital Signature Algorithm (ECDSA) Attestation.
This was introduced with the new 3rd gen scalable Intel CPU's (Xeon's) Intel Link
Currently, we use the SGX - EPID method to attest certificates. It would be nice if both these were supported, as this would add all the new-gen CPU's to be supported to run the network while still being backward compatible.
This would provide more available server-grade hardware to run Secret Nodes.
The text was updated successfully, but these errors were encountered: