Replies: 1 comment 8 replies
-
|
Hm, this is a good point. In v1.3.1, we introduced this explicit manifest option And we introduced the logic of enabling pseudo-files like gramine/libos/src/fs/dev/attestation.c Lines 399 to 403 in 5bba58a But now I think that we were over-restrictive. If the underlying backend is Intel SGX, then local attestation is always accessible and doesn't care about/rely on EPID or DCAP infrastructure. So you're right, I think these files should be accessible even if |
Beta Was this translation helpful? Give feedback.
-
|
It's not a crucial bug for sure. You can currently circumvent this by just having a dummy |
Beta Was this translation helpful? Give feedback.
-
That would require me to setup PCCS stuff = = |
Beta Was this translation helpful? Give feedback.
-
|
@sammyne I don't think so, why? |
Beta Was this translation helpful? Give feedback.
-
|
#1057 -- I created a PR. |
Beta Was this translation helpful? Give feedback.
-
|
@sammyne I think @dimakuv is right and you could set |
Beta Was this translation helpful? Give feedback.
-
It's ok for v1.2 to do local attestation without setting
sgx.remote_attestation. However, after upgrade to v1.3.1, reading virtual file/dev/attestation/my_target_infowould report file not found error. Really appreciate if someone can help me out of this problem.Beta Was this translation helpful? Give feedback.
All reactions