Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    John Kordich
    @johnkord
    Specifically host.h and enclave.h will be most useful to an enclave developer. You can take a look at the samples here if you'd like to learn how to use the APIs to build an enclave application: https://github.com/openenclave/openenclave/tree/master/samples
    Stefan
    @stefandeml
    Hello everybody!
    I'm wondering if anybody knows work that has been done to verify a ECDSA RA (DCAP) in the browser and establish a secure connection. Likely via a browser extension to make sure that this verifying code is correct.
    Thanks
    Stefan
    @stefandeml
    anybody able to help? :)
    John Kordich
    @johnkord
    Hey @stefandeml ! Good question, I don't think that exists yet! That would be pretty cool. Interested in building it with us? :) Which browsers interest you most for this? I've never written a browser extension before, I imagine you'd write the extension in Javascript?
    Ercan Ozturk
    @eozturk1
    Hey @stefandeml, these projects are dealing with similar concepts: http://publications.lib.chalmers.se/records/fulltext/252354/252354.pdf, https://www.ibr.cs.tu-bs.de/users/goltzsch/papers/eurosec2017-trustjs-preprint.pdf (although it seems they are not implementing the RA part in JS).
    Stefan
    @stefandeml
    @johnkord thanks for getting back. I would be very much interested in building this, indeed! With the browser extension APIs portability is getting better , so I would aim to provide an extension for all chromium based browsers + firefox. I've a crypto-engineering background and most of the recent work has been in Rust (<3). I think also for this browser extensions this could be a good fit as webassembly support is really good (and I've experience with it).
    My main goal would be to establish a secure TLS connection, while verifying that the endpoint is an enclave (+ verify a given identity of the enclave)
    I this work something you guys would also be interested in?
    John Kordich
    @johnkord
    That's awesome. I'm totally interested in this. The spec for the ECDSA quote is pretty straight forward I think: https://download.01.org/intel-sgx/dcap-1.1/linux/docs/Intel_SGX_ECDSA_QuoteGenReference_DCAP_API_Linux_1.1.pdf
    It might be a fun weekend project to prototype this!
    sword03
    @sword03
    Is there some bugs for function "fread" in open enclave?
    The program crashed when I invoke it.
    I did nothing but:
    if( ( fpub = fopen( "/home/max/rsa_pub.txt", "w" ) ) == NULL )
    {
        fprintf(stdout, " failed\n  ! could not open rsa_pub.txt for writing\n\n" );
        fflush(stdout);
        goto exit;
    }
    sword03
    @sword03

    Error message is shown below:

    2019-12-02T11:50:58.719393Z [(E)ERROR] tid(0x7f7868f84d40) | enclave.signed:path=/home/max/rsa_pub.txt oe_errno=2 [/home/jenkins/work_dir/workspace/OpenEnclave-v0.7.x_packages/syscall/mount.c oe_mount_resolve:119]
    2019-12-02T11:50:58.719423Z [(E)ERROR] tid(0x7f7868f84d40) | enclave.signed:oe_errno=2 [/home/jenkins/work_dir/workspace/OpenEnclave-v0.7.x_packages/syscall/fcntl.c oe_open:43]
    failed
    ! could not open rsa_pub.txt for writing

    Paul Allen
    @paulcallen
    @sword03 I would take a look at UsingTheIOSubsystem.md. you need to opt in to file operations through a call to oe_load_module_host_file_system() followed by a call to mount() as mentioned in the document.
    Nacho Villanueva
    @IvillanuevaItba
    image.png
    Hello! I'm having trouble installing Open Enclave in Windows 10. Whenever I try to build and run the helloworld sample project, I get the following pop up.
    image.png
    That's the console error I get
    And when I build, I get that Error Log, which I don't know if it's normal, because when it builds it seems to have built properly
    Nacho Villanueva
    @IvillanuevaItba
    Any recommendations on what I should try? Maybe I skipped something on installation, but I'm not sure. I already reinstalled it 2 times, and the Intel SGX SDK sample projects build and run normally.
    Nacho Villanueva
    @IvillanuevaItba
    Already resolved it in github issues.
    Jordan
    @jhand2
    Thanks @IvillanuevaItba! Sorry I didn't see this until it was on github. I probably would have asked you create a gh issue to preserve the answer for the future anyway :smile:
    Cole Mickens
    @colemickens
    If I use OpenEnclave and build an enclave application, can I run it in release mode on a Gen2 Azure VM?
    Or do I still need to somehow work with Intel to get a signing key to sign, as I thought was the case for SGX for some time.
    Jordan
    @jhand2

    @colemickens Azure ACC VMs support FLC (flexible launch control), which means production enclaves can be signed with any key.

    Note that if you create an enclave in debug mode, you can run it on any SGX-enabled hardware. FLC is only relevant for production enclaves. This is done by passing OE_ENCLAVE_FLAG_DEBUG with the flags to oe_create_enclave.

    Note that "which means production enclaves can be signed with any key" is almost certainly an overly simplistic understanding on my part. I'd have to do more looking into FLC to figure out exactly what it enables.
    Cole Mickens
    @colemickens
    Interesting. I understand enough of those words to understand a broad answer and what to investigate more. Thanks.
    Radhika Jandhyala
    @radhikaj

    We invite you to join us for triage meetings on Tuesdays from 10:00AM - 11:00AM PST to go over issues on the Github repo.

    Please use this Teams Meeting link

    or this phone number: +1 929-270-4006 United States, New York City (Toll) (866) 641-7188 (Toll-free) Conference ID: 526 582 229#

    Brett McLaren
    @BRMcLaren

    Hello Everyone,

    This morning an issue has affected the Open Enclave SDK CI/CD taking Windows attestation testing offline. Simulation modes and Linux based testing will still function as expected but users will not be able to merge PR's until this is resolved.

    This is being treated as a top priority and we will keep everyone in the loop as the situation progresses until resolution. Everyone’s patience is appreciated at this time.

    Brett McLaren
    @BRMcLaren

    Hello Everyone,

    We understand the root cause of the CI issues and it will take some extra time to resolve. Thanks for your patience.

    Brett McLaren
    @BRMcLaren
    CI/CD is back up and the backlog has been cleared out. Thanks for your patience.
    Edwin Beasant
    @ebeasant-arm
    Hi all - Nice to see the Gitter working: I've got a couple of questions of Open Enclave on Trustzone (and its attestation requirements), is anyone might be able to go into a little detail with me?
    John Kordich
    @johnkord
    @ebeasant-arm Hey Edwin, sorry for the delay. What are your questions? We might be able to answer them here in this gitter room :)
    Edwin Beasant
    @ebeasant-arm
    Hi there! Couple of basic ones first - Attestation under OE on OP-TEE: Is this supported currently? The website suggests that perhaps it is not, or at the very least may well be HW specific (from the porting guidelines).
    1 reply
    Amaury Chamayou
    @achamayou
    Hello, what's the best way to get Jenkins logs? I'm probably missing something super obvious, I can't seem to find them at all https://oe-jenkins-dev.westeurope.cloudapp.azure.com/blue/organizations/jenkins/Bors/detail/trying/726/pipeline
    Brett McLaren
    @BRMcLaren
    image.png
    Hello Amaury, you are actually catching us at a point where we are splitting up the pipelines to multiple servers and that's why it might seem a little confusing. If you take a look at the above, you can click the button under triggered builds. Alternatively you can take a look at the pipeline number and tunnel down through here: https://oe-jenkins-dev.westeurope.cloudapp.azure.com/job/pipelines/
    Amaury Chamayou
    @achamayou
    @BRMcLaren thank you, I found the links and the logs for my build
    antonionehme
    @antonionehme
    Hi there; does openenclave run on windows 10?
    Jorge Luis Rodríguez González
    @egroj97

    Hello all, hope you're doing well, I have been trying to set up and Open Enclave local development environment on my Windows machine and I've got a couple of questions...

    1) Can I run an Open Enclave app from my machine if I have an AMD processor?
    2) I have installed the Open Enclave nugget package as per the instruction on the repository but when running CMake I receive the error message: "NUGET_PACKAGE_PATH not defined. Please define NUGET_PACKAGE_PATH as the path to the installed Intel and DCAP Client NuGet packages." At the start, I found it weird enough and couldn't find more information on the internet, so I decided to set an environment variable with the same name for an arbitrary folder, didn't work though.

    Thanks in advance.

    1 reply
    Floris
    @floristhiant
    hi all
    1 reply
    do you know if the support of OP-TEE OS on OE SDK handle C++ ?
    in the readme, it is well written, but on the official website of OP-TEE OS, the contrary is mentionned
    is OE SDK has forked OP-TEE OS ?
    Panayiotis Charalambous
    @panaotizz
    Hi! Is it possible to run code from other libraries inside an enclave? I want to have the cp-abe library (http://acsc.cs.utexas.edu/cpabe/) run inside an enclave but im not sure if it needs the help of the kernel to retrieve it. Is there an other solution to this? Maybe add all the library files in the enclave and have the functions run from there?
    5 replies
    Chiranjib Konwar
    @chiranjibKonwar

    Hi All, I have cloned the open enclave repository from github in my ubuntu machine using the command git clone https://github.com/openenclave/openenclave.git

    Can you guys help me how to start building my applications? I am not even able to run the open enclave.

    Omnicrist
    @Omnicrist
    Hi all!
    I'm a student currently working on a project about SGX and OESDK. I am completely new at this, can someone guide me? I managed to run SGX in simulation mode, but I'm somehow unable to get OESDK running. I had a problem with the SGX driver but managed to apply a patch and now I'm able to build it. Unfortunately, I have no isgx.ko file and I don't know what to do. I tried with Ubuntu20.04, Ubuntu 18.04 (both in VMs) and now I fresh installed Ubuntu18.04 on my pc
    Felix Schuster
    @flxflx
    Hey everyone, are there currently any plans to improve I/O performance? I believe there were once plans to re-use some of the async I/O parts from CCF.
    JUN
    @yingjun-wu
    Hello everyone, I can’t find the interface to get the time when I query the api, but I see an oe_get_time function in the source code, so, how can I call it
    6yy66yy
    @6yy66yy
    Hi ! I tried to run the Hello World sample using vs Code on windows, but I encountered a problem. An error is reported in "build target": "[build] cl : error D8021: Invalid numeric parameter“/Werror” [C:\openenclave\share\openenclave\samples\helloworld\build\enclave\enclave.vcxproj]"