You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@teaclave.apache.org by GitBox <gi...@apache.org> on 2022/03/29 23:41:13 UTC

[GitHub] [incubator-teaclave-sgx-sdk] dingelish opened a new pull request #377: feat: new feature gate `initenv` to disable env ocalls on demand

dingelish opened a new pull request #377:
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377


   we need a way to construct "0 ocall enclave" and this is the first move: make the env var access optional in sgx_tstd.
   
   new feature gate proposed `initenv` which is by default open (backward compatible). disable this feature could statically remove `ocall::initenv` and `ocall::initargs`.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave-sgx-sdk] volcano0dr commented on pull request #377: feat: new feature gate `initenv` to disable env ocalls on demand

Posted by GitBox <gi...@apache.org>.

volcano0dr commented on pull request #377:
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377#issuecomment-1084200763


   I think constructing an "0-call enclaves" enclave can be implemented by using `sgx_no_tstd` instead of `sgx_tstd`. So feature gate `env` is not a way to use to construct an "0-call enclaves".
   
   The current implementation is that environment variables are passed into the enclave from the normal world when the enclave is created, and there is no `ocall` to query and set environment variables while the enclave is running. Feature gate `env` can be used to control whether the enclave accepts environment variables from the normal world. When feature gate `env` is disabled, the enclave does not accept environment variables from the normal world, and the enclave can initialize custom trusted environment variables with method `initenv`.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave-sgx-sdk] volcano0dr edited a comment on pull request #377: feat: new feature gate `initenv` to disable env ocalls on demand

Posted by GitBox <gi...@apache.org>.

volcano0dr edited a comment on pull request #377:
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377#issuecomment-1084200763


   I think constructing an "0 ocall enclaves" enclave can be implemented by using `sgx_no_tstd` instead of `sgx_tstd`. So feature gate `env` is not a way to use to construct an "0 ocall enclaves".
   
   The current implementation is that environment variables are passed into the enclave from the normal world when the enclave is created, and there is no `ocall` to query and set environment variables while the enclave is running. Feature gate `env` can be used to control whether the enclave accepts environment variables from the normal world. When feature gate `env` is disabled, the enclave does not accept environment variables from the normal world, and the enclave can initialize custom trusted environment variables with method `initenv`.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org