22. August 2023 #1498
dimakuv
started this conversation in
Meeting notes
22. August 2023
#1498
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Agenda
(please write your proposed agenda items in comments under this discussion)
GSC license (what to do with Li Lei's contributions)
First, Dmitrii will try to contact Li through his private email (DONE, no response yet).
Mona will ask what is the policy of Intel regarding past employees (DONE, Mona can ack on behalf of Li).
In the worst case, we check line by line Li's contributions (WON'T BE NEEDED).
Woju & Don: the Gramine page, see NSF grant and new Intel logo gramineproject.io#7
Pending on Michal's review and decision. UPDATE: merged.
Benny: Gramine + Alpine
Woju: Packaging with Alpine -- we have build instructions in the Gramine repo, so one can build packages manually. There are no Alpine packages shipped by us.
Woju: You don't need Intel PSW for Alpine if you're running Gramine inside the Docker container, because Gramine talks to PSW through the AESM socket, so Intel PSW can be on the host and Gramine can be inside -- SGX attestation will work.
libsgx_dcap_quoteverify.so(part of the packagelibsgx-dcap-quote-verify), and this library must live inside the Docker container, thus must also be re-built under Alpine. This is the main problem...libsgx_dcap_quoteverify.sois not required by the SGX application -- the SGX application only needs a way to get the SGX Quote from the underlying host's Architectural Enclaves (which could be communicated with via the AESM socket). So, unless you need to run the verifier in the enclave itself (to attest another enclave), then you don't need this library.Benny: Is there any plan to document all these notes about Alpine support currently?
gramine/.ci/lib/config-docker.jenkinsfile
Line 20 in 028d580
Beta Was this translation helpful? Give feedback.
All reactions