Next features #22
Description
SGX
Remaining works:
- (@heavenboy8) To discussion with @grydz: I think the collateral verification are currently partial here. More code is required.
- (@heavenboy8) We compute the fingerprint of the cert public key in DER format. Which is not the same format than the python version. We are stuck by the Rust interface of openssl. Do we agree? Make the same change in the python lib?
- The
sgx_quote/verify.pyis just printing the error without raising them. We need to change that - I've changed the lib type (
Cargo.toml) ofsgx_pck_extension. Is it still working in python? - Can we not depend from the intel library? Make easier to compile and to work with the lib (for example KMS dependency)
- (@grydz) Add support Azure
- (@heavenboy8) Remove openssl from sgx_quote
- (@grydz) Remove openssl from ratls et ratls-certtool
- Implement functions in quote structure instead of outer functions
- (@heavenboy8) The key for the RATLS cert add parameters to say how to generate the keys : from signer, from mrenclave, random, ...
- (@heavenboy8) Discuss ratls-certtool arguments
- (@grydz) Review design
RAFS
Remaining works:
- Support SGX (only SEV for now)
- Bundle the quote and the key inside the same file (as the ratls certificate does)
SEV
Remaning works:
- Why the check of the
cert_ucodefails? - Compute measurement
- Validate author_id, key_id, family_id, etc.
- Need to test this code on another SEV platform (not just AWS...)
- Use a suitable dedicated OID for
SEV_RATLS_EXTENSION