You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 3, 2020. It is now read-only.
Rust has excellent support for SGX thanks to a ton of amazing work by people at Fortanix (cc @jethrogb). In fact, you should be able to make an experimental SGX build of the KMS by installing their Rust target and compiling the KMS to target it:
As it were, we (as in iqlusion) are going through the Intel SGX whitelisting process so we can sign enclaves. When we're through the SGX whitelisting process we'll look into what it takes to make a signed production release of Tendermint KMS that does softsign-in-SGX.
In Fortanix's EDP, one communicates with the enclave code over byte streams -- so either the SGX signing provider can be executed in a separate process and KMS would talk to it over TCP, or one would need to implement user call extensions https://edp.fortanix.com/docs/api/enclave_runner/usercalls/index.html
It could be good to have it as a middle-ground between HSM and software-only providers: https://github.com/tendermint/kms#signing-providers
The text was updated successfully, but these errors were encountered: