SGX signing provider

Question

SGX signing provider

tomtau opened this issue 5 years ago · comments

It could be good to have it as a middle-ground between HSM and software-only providers: https://github.com/tendermint/kms#signing-providers

Tony Arcieri · Answer 1 · Fri Aug 30 2019 10:19:32 GMT+0800 (China Standard Time)

Rust has excellent support for SGX thanks to a ton of amazing work by people at Fortanix (cc @jethrogb). In fact, you should be able to make an experimental SGX build of the KMS by installing their Rust target and compiling the KMS to target it:

https://twitter.com/i/web/status/1154521721979846657

As it were, we (as in iqlusion) are going through the Intel SGX whitelisting process so we can sign enclaves. When we're through the SGX whitelisting process we'll look into what it takes to make a signed production release of Tendermint KMS that does softsign-in-SGX.

Tomas Tauber · Answer 2 · Wed Oct 02 2019 17:03:23 GMT+0800 (China Standard Time)

Some extra thoughts:

In Fortanix's EDP, one communicates with the enclave code over byte streams -- so either the SGX signing provider can be executed in a separate process and KMS would talk to it over TCP, or one would need to implement user call extensions https://edp.fortanix.com/docs/api/enclave_runner/usercalls/index.html
Keygen should be done inside an enclave -- generated secrets would ideally be sealed: https://edp.fortanix.com/docs/examples/sealing/