23. January 2024

[dimakuv]

Agenda

(please write your proposed agenda items in comments under this discussion)

• Dmitrii: discuss [Docs] Examples exception to the Charter #1670 and [CI-Examples] Change the license of all examples to BSD-3-clause #1657 (non-LGPL license for examples)
  • Some Intel folks are stuck on these legalities, and the discussion in [Docs] Examples exception to the Charter #1670 is going nowhere, need a bump
  • (discussed very briefly, as [CI-Examples] Change the license of all examples to BSD-3-clause #1657 is merged already)

Misc topics

Dmitrii: eventfd single-process design

Michal: fine if all seen apps use single-process design.

Michal and Woju: would prefer to remove the insecure__ version of eventfd completely.

• Michal will take a look and give a more concrete feedback.

Michal is not sure that Dmitrii's design (of re-using the host-backed eventfd objects for notifications) is truly secure.

• Can't the fact that the notification came be considered by the app as a control-flow decision?
  • TODO(Dmitrii): think about this; how do we protect against spurious notifications from host-backed eventfds?
  • UPDATE(Dmitrii): looking into each of the applications and their usage of eventfd, see comments in [LibOS] Add secure implementation of eventfd #1728

Woju: adopting gramine-scaffolding (aka SCAG)

Woju: will create a new repo under gramineproject; initial empty commit; one huge PR with all SCAG there.

• DONE: https://github.com/gramineproject/gramine-scaffolding/tree/master
• DONE: Adoption review of gramine-scaffolding gramine-scaffolding#1

Woju: expectation is that this will be reviewed in ~1 month.

Kailun: why one huge PR? Can we split into smaller ones?

• Actually, Woju can submit one huge PR, and other reviewers will take a look and decide whether to split it. (DONE)

Woju: manifest verification (gramine-manifest-check)

This PR: #1726

Woju: we can do two things:

1. Publish a standalone tool.
2. Publish a JSON schema. Then everyone could plug it into their own libraries/scripts.

Dmitrii: no-one asked for 2. So let's concentrate on 1.

Dmitrii: Can we add args like --manifest-check to the tools gramine-manifest and gramine-sgx-sign?

• Woju: we can even make this arg enabled by default, and instead we'll have --disable-manifest-check.

  • Dmitrii: this will mean that in typical build flows, the manifest check will happen twice (first when building .manifest and then when building .manifest.sgx). But it shouldn't be a big perf overhead?

• TODO(Woju): will continue working on that PR and think what would be best.

Dmitrii: the OpenSSF Best Practices Badge

This: https://www.bestpractices.dev/en

Gramine seems to satisfy all "MUST" criteria, more or less. Seems like not too much work, and we have an Intel person who can guide this process.

Kailun: we should discuss it in the internal Intel meeting, because we already have a set of criteria that Gramine project must satisfy.

Conclusion: no-one has strong arguments against it.

[woju]

• @woju: adopting gramine-scaffolding (aka SCAG)