Try โ€‚โ€‰HackMD

Design Session Agenda

tags: Meetings

Upcoming meetings

Jan 26th

  • Design of the digest and SANs

    • Deployment vs. Application
      • Application is the instance of the software
      • Deployment is the configuration of the application
    • The instance of the group of applications requires verification of the peer application
    • Proposal to have application digest and deployment digest
    • The problem is with versioning of the applications
    • Configuration of the applications
      • So the trust would be of the application not of its digest
      • When IO is enabled or raw TCP is enabled, the workload will be marked as insecure
      • Suggestion to not allow raw TCP and IO in the release build
      • Have a test Steward
      • Have a test command that always works with the test Steward
      • Specify test root CA for the enarx.toml

    `<conf>
    steward = "attest.profian.com"

    [test]
    use test
    steward = "localhost:1234"`

    two different commands: enarx deploy and enarx test
    enarx deploy would fail if anything is insecure
    Wasmtime has run command so preference is to have enarx run instead of deploy

    enarx run
    enarx run โ€“test
    enarx run โ€“unsafe :)
    just like Rust

    Allow overriding the config over
    enarx test can be a plugin to the enarx binary
    Have a plugin for testing
    Allow you to get logs from your application
    Will read toml and allow to override and will use test and you can use TCP
    Extract NIL back end int other test package

    Write down that we can extract NIL back end in future
    Maybe we can't d it because of the cargo test so maybe we should keep
    Enarx test is a separate binary

    Plugin - ability to overwrite Steward in the toml file
    For MVP we can make it a subcommand

    Summary
    The main enarx will have features that will be turned off by default. These features would allow (if turned on at compile time) IO or raw TCP. They will be not compiled. There will be another binary with those

    All will be in one binary with the release and debug versions

    Roman will create a summary in a ticket

  • Update cache command

    • Metacommand will be smart enough to run what command under the hood
    • We run registration on the boot

Dec 22th

Topic Owner Required Participants
Shared workflows Dmitri Roman, Ben, Patrick
E2E Tests and automation Dmitri Ben, Roman, Patrick
Network policy Roman Harald, Ben, Nathaniel
 

Build a package and do enarx run
Deploy the workload somewhere
Then involve Steward
Have a testing environment
Or start the containers

Full transcript of the call.

Template

Date

Topic Owner Required Participants
<Give a breif summary of the design topic to discuss> <Your name> <List people who are crucial for the discussion>
 

Past meetings

Dec 15th

Topic Owner Required Participants
Canceled
Last changed by 
โ€‰
Enarx
0
166

Read more

Status Call Agenda

Jan 30th AnnouncementsNew column is created in projects to hold regular PRs Demos - do we have any? * Updates from the team Harald

Jan 30, 2023
Project Management Practices

Author Period State Dmitri Pal January, 2023 :red_circle: Draft Overview Current document describes our intended project management practices for the Enarx, Steward, Drawbridge and related projects and components under Enarx and Profianinc organizations on GitHub.

Jan 27, 2023
Full Provisioning Flow with Attestation

Author Period State Dmitri Pal December 2022 &lt;span style=&quot;color: red;&quot;&gt;Draft&lt;/span&gt; High level architecture This document describes the detailed architecture of the Enarx attestation workflow. For a more high-level view and concepts related to the Confidential Computing Attestation flow please read the following document.

Jan 26, 2023
Release process instructions

Author Period State Dmitri Pal January 2023 :red_circle: Draft Step-by-step release process instructions Preparation

Jan 19, 2023
Read more from Enarx
Published on HackMD