Skip to content
This repository has been archived by the owner on Jun 3, 2020. It is now read-only.

SGX signing provider #351

Open
tomtau opened this issue Aug 30, 2019 · 2 comments
Open

SGX signing provider #351

tomtau opened this issue Aug 30, 2019 · 2 comments

Comments

@tomtau
Copy link

tomtau commented Aug 30, 2019

It could be good to have it as a middle-ground between HSM and software-only providers: https://github.com/tendermint/kms#signing-providers

@tarcieri
Copy link
Contributor

Rust has excellent support for SGX thanks to a ton of amazing work by people at Fortanix (cc @jethrogb). In fact, you should be able to make an experimental SGX build of the KMS by installing their Rust target and compiling the KMS to target it:

https://twitter.com/i/web/status/1154521721979846657

As it were, we (as in iqlusion) are going through the Intel SGX whitelisting process so we can sign enclaves. When we're through the SGX whitelisting process we'll look into what it takes to make a signed production release of Tendermint KMS that does softsign-in-SGX.

@tomtau
Copy link
Author

tomtau commented Oct 2, 2019

Some extra thoughts:

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants