SGX signing provider
tomtau opened this issue · comments
It could be good to have it as a middle-ground between HSM and software-only providers: https://github.com/tendermint/kms#signing-providers
Rust has excellent support for SGX thanks to a ton of amazing work by people at Fortanix (cc @jethrogb). In fact, you should be able to make an experimental SGX build of the KMS by installing their Rust target and compiling the KMS to target it:
https://twitter.com/i/web/status/1154521721979846657
As it were, we (as in iqlusion) are going through the Intel SGX whitelisting process so we can sign enclaves. When we're through the SGX whitelisting process we'll look into what it takes to make a signed production release of Tendermint KMS that does softsign-in-SGX.
Some extra thoughts:
- In Fortanix's EDP, one communicates with the enclave code over byte streams -- so either the SGX signing provider can be executed in a separate process and KMS would talk to it over TCP, or one would need to implement user call extensions https://edp.fortanix.com/docs/api/enclave_runner/usercalls/index.html
- Keygen should be done inside an enclave -- generated secrets would ideally be sealed: https://edp.fortanix.com/docs/examples/sealing/