You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At some point we need to start signing enclaves with our production SGX keys. This isn't too difficult in theory, however the fortanix tooling (sgxs-sign) does not support signatures with a HSM.
As it is unacceptable to be carting around our signing key as a PEM file, this likely will require extending the tooling or writing our own.
Estimated cost: 1 sprint
The text was updated successfully, but these errors were encountered:
For my future reference more than anything else MRSIGNER is derived from the SHA256 digest of the little endian representation of the modulus. Valid signing keys are always 3072 bit RSA keys, with the exponent set to 3.
The majority of the work required to support this has been done via #2893. The remaining concerns are primarily policy based, as the node will happily accept detached per-generated SIGSTRUCTs when instantiating enclaves.
At some point we need to start signing enclaves with our production SGX keys. This isn't too difficult in theory, however the fortanix tooling (
sgxs-sign
) does not support signatures with a HSM.As it is unacceptable to be carting around our signing key as a PEM file, this likely will require extending the tooling or writing our own.
Estimated cost: 1 sprint
The text was updated successfully, but these errors were encountered: