Try   HackMD

Status Call Agenda

tags: Meetings

Jan 30th

Jan 27th

  • Announcements
    • Frederic
      • Co-founder Datavillage
      • Data collaboration platform
      • 7 people
      • Media industry
      • Process data collaboration
      • Personal data vault
      • Manage consumer data and give opportunity people to control their own data
      • Questions:
        • Started with SGX but because of the threading consider SEV
        • Mitigating the risk by logging
        • Want to make connection in and out with checks that the environment is protected
        • Give a way to test the attestation
        • Only confidential environment should be able to encrypt the data stored in an encrypted drive
        • Pull and push communication
        • Pulled data will be processed in memory
    • Jarkko
      • Got the first set of fixes
      • Waiting for the feedback
      • 5 patches from Tom and 3 from Jarkko
  • Follow ups
    • Nathaniel is OK with the workload digest be deployment digest
    • AI: Dmitri to record the terminology in the ticket about
  • Questions
    • Which bot commits Dmitri can review and approve on a regular basis?
      • Flake lock
        • Check that only flake.lock is updated
        • Check the source
  • Status
    *
  • Triage

Jan 26th

  • Announcements
    *
  • Follow ups
    • Dmitri:

      • Pinged Nathaniel and Patrick

        • How are the releases going? Do steward/drawbridge/benefice releases work OK?

        • What kind of testing do you apply in staging?

        • This question is related to the following requests:

        • Today, we were talking about lab images that are built via GitLab. We need some changes to those. Are you the right person to help with this? If you are, we were thinking of Richard pairing with you so that you can guide him on what needs to be done and how so that we spread the knowledge across the organization.

        • We noticed that the PRs that are queued but need rebase can be pushed with merge commits. Harald suggested we suppress this option. If you give me a hint on what I need to do, I can submit a PR for the ansible scripts you use for GitHub.

        • Richard was asking whether you can review his PR and whether we should try to ask Nathaniel to do it instead. https://github.com/profianinc/steward/pull/171

        • Response:

          • The releases have been working fine in Staging so far. I'm mostly just testing by pushing a testing workload to staging Drawbridge that points to staging Steward, and then deploying that on an SGX capable Kubernetes node (to actually test the Enarx attestation properly). I have actually been adding some of those tests to the script I've been writing for new releases of Steward/Drawbridge, to automatically get things tested after it's pushed to staging.
          • I can definitely help with the lab image changes. Will sync with Richard on guiding him.
          • Yes, that PR is in my queue for this week, just got delayed a bit because of the upgrade/testing scripts, but I'll try to get it done first thing tomorrow morning

      • This issue is the only one about the digests https://github.com/enarx/enarx/issues/2339

AI Patrick would open a ticket for regression testing

Jan 25th

Jan 24th

  • Announcements
    • Roman is working on the digest (related to Fosdem) - related to networking
      • AI: Will file a ticket for format of the SANs in the cert
    • AI: Dmitri to search the tickets if any for the digest
  • Bots
    • AI: Harald file an issue on Dependabot
  • Patch
    • Jarkko will do a Kernel patch for lab for Harald to test
      • The same now + the patch
  • Status
    *
  • Sprint
    • Ben will take a look at ciborium
    • Richard: for caching files for SGX read the file and then decide
      • The tool might output the date to run itself next time
      • This can be potentially used by systemd - Harald needs to check
      • CLR caching can be a design
      • Design on Thu CRL issues and the SANs format
    • Ben Threading
      • Had several meetings

Jan 23th

Jan 20th

  • Announcements:
    • Enarx 0.7.1 released - even MSFT package manager patch went through
    • Steward 0.2.0 was released
    • Drawbridge is being released 0.4.0 - Tag is ready. Please check the tag for downloads and publish
    • Benefice is being released 0.2.0 - Tag is ready. Please check the tag for downloads and publish
    • Release related questions:
      • Open question: where to put the release script for profianinc. It shoudl work for Steward, Benefice and Drawbridge without a change.
        • We should create a repo in the Profian organization.
      • Open question: where do we discuss releases of profianinc components? Rocket chat or internally?
        • We discuss Profian releases internally.
      • Open question: how to sanity test these components, are the build tests enough? Dmitri does not have an Ubuntu system to even try some components.
        • Tickets can be filed on each individual component to investigate and discuss whether their tests (as run by the CI) are adequate.
    • Ticket capturing yesterday discussion have been created: [Feature] Investigate and design a more robust release process
  • Status:
    • Ben
      • Updated crates.io page to point to modern release resources, attended wasmtime meeting and discussed threading patches with Andrew Brown and Alex Crichton
    • Harald
      • Successfully started 100 threads in KVM
    • Jarkko
      • Reviewing SNP patches from Tom Dohrmann
    • Dmitri - Schmoocon
      • Will be working on profianinc releases
      • Will upstream the script
      • Will continue working on the project automation scripts
    • Richard - Schmoocon
    • Roman - PTO
    • Nick - PTO
    • Patrick -?
      • Question: Did the Steward release work OK? Any problems detected?
        • Patrick was not in meeting, question could not be answered.

Jan 19th

  • Announcements:
  • Decision for now
    • Every 2 weeks we do Y update. We do Z releases very rarely and on demand
    • If there is a Z release we create a Y branch, cherry pick what we need and do a release from that branch
    • Open a design ticket to create the release process
    • Generate release notes in the job for profian inc. - open a ticket
    • Check where the version is used
    • Point crates.io to Enarx releases - open a ticket?

Jan 18th

  • Announcements:
    • We are starting the new sprint today!
    • Benefice
      • Thank you Patrick for fixing a lot of issues yesterday!
    • Presentation yesterday and some reflections:
      • We need a better coordination between functions to make sure things work
      • New policy: any demo must be done using Benefice and it must be working well before it can be demoed. Other work must be coordinated around those deadlines.
        • Nathaniel, Jen and Dmitri will meet to coordinate the details of how to make sure we can accomplish it but making sure demos work must become a priority.
    • Nathaniel is working on pulling the crypto used in Steward into rust crypto upstream. No solid plan, this is just heads up.
  • Open question:
    • Who and when (how regularly or in which cases) should test demos in Benefice? Who owns the process (i.e. who is accountable) and who actually does the testing (or runs automation)?
      • Nick
      • We need more intuitive arrangement on try.enarxe.dev to demonstrate what is going on - open a ticket for Nick
    • How can we make sure that the knowledge is not that siloed so that when a person is away someone else can step in to solve the issues?
  • Decisions
    • Make a release with the latest change 0.7.1
    • Look into the release of Benefice, Steward and Drawbridge
      • Benefice, Steward and Drawbridge releases (how to do them)
      • What is the process?
      • Bump the release and make a tag (Roman)
      • Management decision about testing
      • We will start with Steward
        • Pre-release
        • Then let Patrick know to deploy into staging
        • Patrick tests there
        • Then we do the formal tag/release
  • Status
    • Richard
      • Has a PR for Enarx - will wait after the release
    • Ben
      • PR for the release script - merge before the release
    • Harald
      • Has a PR that Nathaniel should review
    • Dmitri
      • PRs in the board
      • Release + Steward release

Jan 17th

  • Announcements:
    • 0.7.0 release is out! Congratulations to the team!
    • Webinar is today! meeting is short today, just 25 min.
    • PTOs and Travel:
      • Nick is still on PTO
      • Roman is on PTO this week
      • Richard is on PTO and then at Schmoocon
      • Dmitri is at Schmoocon on Friday
    • Sprint is starting on Wednesday
    • Proposed main themes for the sprint/release
      • Threading - Harald and Ben
      • CRL - finish CRL verification - Richard
      • Continue implementing shared workflows focusing on project managmwent and sprint planning this time.
      • Continue refining shared crate and decide the scope.
      • UPM memory feature for Linux Kernel

Jan 16th

https://github.com/enarx/homebrew-enarx/commit/3911818ca761281023d6b78a52feaf087ba959bf
https://github.com/microsoft/winget-pkgs/pull/78892
e74f4d4c5d996fa3f51cbb03259275a12f6ef84b

​​​​ * Update to Steward and benefice: Patrick?
​​​​     * Let us know when it is OK to try
​​​​ * Summary of the retrospective meeting
​​​​     * https://hackmd.io/14ihXp7zQkCKAWQ9SuEDJQ
​​​​     * Next steps:
​​​​         * Review
​​​​         * Automation
​​​​         * Sprint planning
  • Demos
  • Introductions
    • Ankita Pareek
      • Dmitri will have a call
  • Status
    • Harald
      • PRs for automation, refactored PR alignment for testing with Dmitri
      • Debudding Dmitri's system and threading
    • Richard
      • CRL validation and TCB
    • Ben
      • Finish the rebasing of WASM Time
        • Ping Dan Gohman, scheduel a meeting
    • Jarko
      • Reviewing patches
      • Feedback to Tom
      • Has to work the TPM per Linus's request
    • Dmitri
      • Release
      • Release process
      • Automation

Jan 13th

  • Ben

    • Merged Harold's PR
    • Threading - no progress
    • Updated the release script

  • Richard

    • SGX CRL working!
    • AMD CRL validation is success but there are some differences.
    • Patrick will review the PR
    • Will open a ticket for infra to refresh the CRL caches on lab machines

  • Harald

    • Initial shared crate PR for common code
    • Found solution for KVM ship with less global variables and implemented a global allocator - for threading
    • Debugged Dmitri's machine
      • ELF header alignments is different
      • Experimenting with a revised ELF loader

  • Jarkko

    • Reviewing Tom's patches
    • ioctl kvm crate - kvm_ioctls crate
      • May try to do the extension to the crate
    • Support of UPM memory for Enarx
    • And also for Kernel

  • Dmitri

    • AI turn this into a ticket 2362
    • How to create ticket. The flow:
      • Create a feature ticket. If it is a priority feature we move it into the Priority bucket
      • Under the feature create a list of the tasks sub tickets with check boxes. Do not turn all into the tickets right away, just those that you think we can work on in the sprint. Move those into scheduled (might be automated). As you start working on it move it in Progress

  • Summary

    • Release Enarx as is
    • Richard makes a PR with CRL validation turned off
    • Patrick release Steward
    • Patrick update Drawbridge
    • Patrick update Benefice
    • Testing today
      • Binaries from release
        • install binary (rpm/deb/..)
        • enarx platform info

Jan 12th

  • Harald
    • PR is not reviewed
    • AI: Dmitri to ping Jarkko PR 2429
    • KVM threading
  • Richard
    • CRLs for Steward - made changes, discovered a bug
      • Will seek Patrick's help
    • Working on TCB
    • Need to talk to Roman and Patrick
      • Update CRLs on the lab machines
      • Review form Roman is pending
      • Test are waiting for the CRLs to to updated
      • AI: Harald will update the machines and rerun the tests
    • AI: Update the mac system to latest system after the release
  • Roman
    • AI: Patrick will update Steward
    • Built a tool to scan memory
    • No VFS for next 2 weeks
  • Ben
  • Patrick
    *
  • Dmitri

Jan 11th

  • Samay Gandhi
    • Introduction
  • Tom Dohrmann
    • Working on the Kernel patch with Jarkko
    • Tom will send the patches after the call Jarkko test and review immediately
  • Roman
    • Release blocker
    • Richard will help Roman with workload subject name in the cert
    • There is not enough time to release VFS
  • Harald
    • The lazy memory is still in review
      • Ben and Jarkko
    • Multi - threading in the shims
      • AI: Jarkko will create an account for Harald in a week
  • Jarkko
    • Will send a patch set to the main mailing list within a couple of weeks
  • Richard
    • Richard will update the PR with the comments and repost
      • Roman will review
      • Harald will update the test configuration after a ping
    • Will file a ticket for the shared internal crate to export common structures and elements - under enarx in crates directory
  • Ben
    • Reviewing PRs
      • Lazy mapping
    • WASMTime PR
      • Moving forward
    • Dry run of the release
  • Release blocker
  • Dmitri
    • Will approve the request and we will see if it breaks things
    • Will continue with the nix-update PRs

Jan 10th

  • Release
    • Decision to add file key support back to the toml without the version string.
      • AI: communicate to Nathaniel and Nick

Richard Zak Need a release name, a castle usually.

​​​​ * 
​​​​ * AI: Make Github coderowner's group to have permissions on crates.io to publish the crates
​​​​ * v0.7.0-rc1
​​​​ * https://github.com/enarx/enarx/blob/main/.github/workflows/release.yml#L1-L370

  • Questions for Harald

    • Merkle trees Patent
    • Lazy memory mapping patent is there anything patentable?

  • Workflows

    • Is this used? https://github.com/enarx/create-pull-request
      • How? Where?
    • Decision about the external workflows
      • AI: Update the text and communicate the decision
        • We decided that we will continue to rely on the shared workflows. We will for now continue our efforts to consolidate and reuse them. Once we finish consolidation, we can look at the external workflows we leverage (see ./gihub/.github/workflows/nix-update.yml for example) and pin them to a specific revision/commit for security reasons. The concern is that these actions run privileged in our repository and if they are tempered with they can potentially introduce malicious code into our trees.
        • We decided to permanently remove (i.e. delete) https://github.com/enarx/create-pull-request repository.
      • AI: Remove create-pull-request fork - delete
    • Automerge:
    • nix-update - where are we?
    • Next workflow to improve

Jan 9th

  • Demos
    • Harald - demo of the performance optimizations
      • Startup time
      • Web assembly (about 50%)
      • On top of the WA another ~17%
      • We need a good benchmark
        • linpack on WASMTime
        • Need to check if 'simd' is turned on
    • Ben - Threads but not upstream
    • Roman -
  • Top level subjects to discuss
    • When do we do a release? Can we do it super fast before the demo so that we have the same code for demo and people trying?
    • The TOML versioning
      • We assume the old format is V1
      • We require the new format to be V2 and have a version key
    • We have a script
    • We need Roman's PR
    • We do the Wasmtime update - serparate PR Roman
    • SGX and RSA updates - Roman
    • Designs - any objections to start pushing HackMD documents to Designs repository?
    • Reflection on how we operate (maybe moved to Tuesday).
      • Share observations and reflections
        • What do we do well?
        • What we do not do well?
      • Identify opportunities
        • Where and how do we want to improve?
      • Plan action
        • Formulate specific actions based on what we want to improve
        • Define how we would measure our improvement
  • Other:

Jan 6th

  • Nathaniel
  • Richard
    • Team is reviewing the PRs, responding
    • Responded to PR reviews
    • Added unit tests
    • Started looking into fuzzing
    • Richard and Roman will sync on
  • Roman
    • Flame graph PR was merged
    • We need Development/Debug/Operational Logging Epic
      • AI:
        • Create a category in the project
        • File a design ticket
    • Fixing the deadlock in the tests
      • Will be extracted into a separate PR
    • Removed pre-open sockets
    • For now we copy paste because the WASMtime is being rewritten
  • Ben
    • Dig into the the bindeps and saw that there are more complications
    • Working WASI PRs, plan to send them out today
  • Nick
    • I'm working with Jen on the landing page for the Azure webinar.
  • Dmitri
    • RUST
    • workflow-jobs
    • Proposal for naming convention
    • Automerge
      • PRs were sent

Jan 5th

  • Richard
  • Roman
    • VFS, updated the chat with the new networking API
    • Got deadlock in testing - might be a problem with testing framework
    • Need to create a presentation for Fosdem, needs to be done with the presentation
    • There is a tracing PR that needs to be reviewed
      • Blocked on SGX CI
      • Patrick will take a look
      • Nick will help with UI part to make a demo nicer
  • Ben
    • Solution to WASMTime requires restructuring to three repos
      • Coming along well
    • Reviewing flame graph
    • Bindeps issue - filing right now
  • Jarkko
    • sending fixes for the SNP patches
    • SNP patch set for init
    • Will setup time with Harald
  • Patrick
    • Tooling seems to be working fine. Software is ready. HSMs need to be distributed.
    • Automerge:
      • GitHub's doc is insufficient
      • contents: write permission
  • Nick
    • Preparing for Fosdem
    • Will be talking about attestation
    • Need to clean-up code for examples
    • Will schedule a meeting about chat tools and platforms
  • Dmitri
    • Automerge - the PRs will do
    • Working on automation for the task tracking
    • GraphQl question

Jan 4rd

  • Ben
    • Got the upgrade, many PRs have been unblocked
    • Bindeps - Ben will file an issue
  • Richard
  • Nick
    • Waiting for Patrick to produce a build with Harold's work
  • Jarkko
    • UPM and init
    • Do we still run Debian?
      • Will be asked on Monday
  • Nathaniel
    • PR for Richard
    • AI:
      • DP add to the doc:
        • Steward will get a short lived cert and will issue keep certs for half time and will shut itself down after half timer
  • Dmitri
    • Hyper and ASN1 are fuzzed
    • Attestation reports are not fuzzed
      • We need to fuzz the validators - Richard talk to Ben

Jan 3rd

  • Ben
    • We had few PRs that we blocked on changes to cargo
    • Today will unblock the PRs
    • WASMTime
      • Will be a multistep process
  • Richard
    • CRLs PRs
    • PR for Steward
    • Updated unit test
    • Implemented CRL revocation
    • Nathaniel will review
  • Jarkko
    • Focusing on the init
    • Q: new syscall
  • Nathaniel
    • Catching up
  • Nick
  • Patrick
    • HSM software, coming along
  • Dmitri
    • Automation workflows
    • Tasks tracking
    • Enabling
  • Harald - PTO
  • Roman - PTO

Year in review

  • We were on-boarding Roman
  • Harald did a lot of threading work and lazy memory management
  • Richard did a bit with Steward, WASI support in Tokio
  • Roman refactored sallyport, vfs, drawbridge
  • Ben - RUST community, CLI
  • Patrick - service are in production
  • Jarkko - Kernel work, had so much pain with Kernel
  • Nick - community building

Lack of maturity in WASI is the concern - goal for the year
Performance will be important
Stability is getting better but we need to keep it this way
Time-based releases

Attestation
TOML changes

Happy New Year!

Past meetings

Dec 23th Christmas Demo Day

  • Harald (Demo)
    • Workload with the lazy memory is much more performant
    • Next: Threading SEV-SNP in shims
  • Roman (Demo)
  • Ben
    • WASMTime has a plan
    • Will put together a PoC with the extension traits
    • Roman's PR was accepted for cargo, working on related activities
    • Next: to continue + E2E test
  • Richard
    • Have 2 PRs - have CRL bundled
      • Unit test still fail because of the cache directory argument
      • Need review from Harald, will not review it today
    • Next: Steward to support the additional data
  • Nick
    • We got > 1000 stars!
  • Patrick
    • Dealing infra work and HSMs
  • Dmitri

Dec 22th

  • Roman
    • Made workspace work, broke support for Windows and Mac and then fixed it
    • Simplified our CI setup
    • cargo PR updated as requested, adding the test case
    • VFS implementation, going well, hope to finish today
  • Patrick
    • Changes in the repo setup is overwritten by the Terraform
    • Create a CI to capture drift in Terraform configuration and create an issue with the delta to discuss
  • Ben
    • Staring at the WASMtime
      • Opt 1: Have a similar interface
      • Opt 2: Duplicate the whole code for Windows and not Windows
    • Reviewing patches
  • Jarkko
    • First set of UPM patches done
    • Rebuilding the machines
    • There are things to test
    • No news on the AMD patch
  • Richard
    • Workign more on CRLs, working on the unit tests
      • Remove the test
  • Harald
    • Fixed the workspace issue today
    • Got all the shims and tests
    • Stopped implementing threading in the shims
    • Switched to the lazy memory
      • Plan to have something in a week
  • Nick
    • Almost at a 1000 stars
    • Opening outreachy in Feb
  • Dmitri
    *

Dec 21th

  • PR for permissions
    • PR for Enarx was merged
    • We will start with enarx repo and sort the right permissions
  • Branch rules
    • Linux should use the fork also
      • For now it can be an exception
  • Pull request target - is run in the context of the target repo. Run on all PR activities.
    • Patrick will create a PR with pull request target for nix updates. We will start with the release.yml.
    • If it works it addresses the concerns with the * branch protections
  • Status
    • Jarkko
      • Almost through emails and will focus UPM
    • Harald
      • Researched SNP attestation with TCB, filed issue with Steward. Filed a PR.
      • We can in future switch to the crate that AMD created
      • VMSA
      • Finished the PR for the lazy memory mapping.
        • Pushed a version for Patrick and .net demo
      • Page fault exceptions
      • "Anyhow" version mismatch
        • The main cargo lock is not updated
        • The cargo TOML and the cargo lock are different
    • Ben
      • Cargo dependency
        • Cargo crate has the dependency
        • You can have a lock file to define of dependencies
        • We have test crates to make sure we have the right dependencies
        • We agree to share the same dependency checks as the main build
        • Roman will submit a PR
          • Will remove the duplication in dependabot
      • Continuing with the threads feature, addressing comments, working on PR. ETA hopefully today.
    • Roman
      • Cargo PR - in review
      • VFS PR
        • vfs crate that Nathaniel put together
          • did not want to have shared implementation
        • Duplicating code for now
        • Removing Key FS
    • Richard
      • Have the SGX tests passing except one
      • One test is left
      • The parsing of the updated report is failing
      • Harald opened and issue https://github.com/enarx/enarx/issues/2418
        • To avoid the incompletely written files
        • Create helper functions
        • Harald will open an issue about CRL refresh

Dec 20th

  • Richard and Harald
    • Attestation situation
    • Richard found a way to do it
      • Unit test is still failing
  • Ben and Roman
    • The deployment action
      • Nothing blocked
  • Harald's Big patch
    • Lazy memory handling PR is still there, big
      • Ben is reviewing it
    • Cleaning things in Enarx
      • spin crate instead of spinning
    • KVM shim threading and lazy memory map implementation is next
  • Roman's patches
    • Updated cargo PR and other missing things
    • Got back to the VFS work
    • Maybe submit without Key FS and then re-enable it not to block on the cargo bug.
  • Ben's WASMTime work
    • Not blocked just paused
  • Jarkko
    • Getting through emails
    • Not responded to AMD yet
  • Nick
    • Finishing projects for FOSDEM
    • Harald will build a new artifact
  • Next steps with shared workflow
    • Reviews - not all has been merged
    • automerge - do we want to do it?
    • Do we want to combine several:
      • commisery
      • addtoprojects
      • automerge
      • We need to define the repos where these would go
        • suggestion = all

Dec 19th

  • Demos
    • Roman: flame graph
    • Nick: recordings for the Jan Azure and Intel webinar
    • Dmitri: docs, HackMD, design repo, scripts
  • Status
    • Ben
      • Wasm
      • End-to-End test
    • Roman
      • Will put together a design
        • Will send links to how docker does it
      • VFS
    • Richard
      • PR needs reviews
        • Harald to review
      • Certificate extensions
    • Harald
      • New big PR is coming
      • Might be getting sick
    • Jarkko - sick
    • Dmitri
      • Workflows

Dec 16th

  • Ben
    • Wanted to update nix.flake - close and reopen PR
    • Harald has a PR
      • Why there are many states?
        • There are many levels
        • WASM is at CSSA 0
        • When there is an exception you can increase the CSSA and enter the same environment
        • In 1 you handle the sys calls of 0
        • In 2 you handle sallyport calls
        • A page fault can happen in sallyport so it is handled in the next level - 3
  • Status update on designs:
    • Are we OK with the updated designs?
      • OK
    • Are there new designs ready for discussion?
      • Nothing other than the testing covered below
  • Status update on features:
    • Harald
      • Current PR is the preparation for the main stuff
    • Ben
      • Helping with PRs
      • Rust release update
      • Closed nix flake PR
      • WasmTime PR still working on this
      • A new github action to automatically publish to Drawbridge and execute https://github.com/enarx/enarx/issues/2390
        • Will have a general outline
        • For now just putting together an action
        • Will try to demo on Monday
        • The action will be used in:
          • Any codex
            • We will deploy to a temp registry
          • In enarx - we will have an integration test
            • Runs once a day using a staging Drawbridge instance
            • When we have the flake update this would be triggered
          • In Drawbridge
            • When
          • In Steward
    • Roman
      • Last week of interns wrapping up their work
      • VFS - waiting for review on the cargo team, need more reviews. Will address comments.
        • Ben will help to make the reviews
      • Can't merge the work since it depends on the cargo PR. The earliest is Monday.
      • Action: Roman will put together a design for the end-to-end testing describing the flow and actions needed
    • Richard
      • Discussion about the files in the directory that is used to prepare content that goes into the cert extension - suggestion selectively clean it.
      • Has permissions problems with SGX2 machine
      • Decision: to use the sub-OIDs for each element separately instead packing everything in the single ASN1. This makes the code cleaner and avoids double encoding.
        • Ask Nathaniel
      • Decision: create ASN blob on the host from the set of elements that needs to be passed in so that we do not need to assample it every time
      • There is no DER conversion in the SGX case in the code.
    • Jarkko
      • Sick.
  • Topics on Dmitri's agenda:
    • Practices at the website
    • Design repositories
    • Shared scripts
    • Shared workflows
    • Rocket chat

Dec 15th

Canceled due low attendance

Dec 14th

  • Status of Harald's - deferred
  • Design discussion tomorrow - deferred
  • Steward attestation design - Richard done
  • Discussion about CRLs for certs issues from Steward
    • Suggestion not to do CRLs and caching of those
    • Suggestion to use OCSP and must staple extensions
      • Do not trust a cert until there is a trusted OCSP staple here.
    • Steward should be stateless
    • Any revocation requires state
    • We need to discuss this further
  • Review exiting gaps - deferred
  • Are we ready to flip document status?
    • No objections with the procedural docs
    • Roman will review the designs before tomorrow
    • Dmitri will help with the cleanup of the Steward doc
  • Tweaks to the workflows
    • Do the nix one VFS - nix flow and model after that
    • Dmitri will work on the workflows today and tomorrow
    • We will sync on Friday
  • Current state cleanup
    • Dmitri to refresh the projects
    • Jarkko will update the issues and create new issues as planned
Last changed by 
Enarx
0
854

Read more

Project Management Practices

Author Period State Dmitri Pal January, 2023 :red_circle: Draft Overview Current document describes our intended project management practices for the Enarx, Steward, Drawbridge and related projects and components under Enarx and Profianinc organizations on GitHub.

Jan 27, 2023
Full Provisioning Flow with Attestation

Author Period State Dmitri Pal December 2022 <span style="color: red;">Draft</span> High level architecture This document describes the detailed architecture of the Enarx attestation workflow. For a more high-level view and concepts related to the Confidential Computing Attestation flow please read the following document.

Jan 26, 2023
Design Session Agenda

Upcoming meetings Jan 26th Design of the digest and SANsDeployment vs. ApplicationApplication is the instance of the software Deployment is the configuration of the application The instance of the group of applications requires verification of the peer application Proposal to have application digest and deployment digest

Jan 26, 2023
Release process instructions

Author Period State Dmitri Pal January 2023 :red_circle: Draft Step-by-step release process instructions Preparation

Jan 19, 2023
Read more from Enarx
Published on HackMD