-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow enclave updates: migrate state to updated mrenclave #85
Labels
S0-AttestationHandler
Core Component
Comments
brenzi
changed the title
migrate state to updated mrenclave
allow enclave updates: migrate state to updated mrenclave
Feb 5, 2020
decision:
migration process:
If new workers join, they will need access to all former enclaves to recreate state from genesis (or use snapshotting?) implications:
questions:
|
We should test onchain runtime upgrades as well, as trouble with encointer#42 showed |
7 tasks
foundations are laid: integritee-network/pallets#201 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since the implementation of #47, we can't update enclave code after the state has been initialized because the state encryption key will only be shared with other enclaves with the same MRENCLAVE.
How will we migrate state securely when MRENCLAVE changes?
How can new enclave version convince the old one to provide it with the state? On-chain governance?
PoS voting
We could instantiate a democracy module inside the enclave and let all users vote anonymously on an upgrade of mrenclave. The majority stake wins. the old enclave would then share its state encryption key with any worker enclave that has the new MRENCLAVE
on-chain voting
the enclave registry knows nothing about the users of a worker enclave, so it could only have the workers vote, which doesn't reflect the stakeholder value in "incognito" tokens
MRSIGNER vendor key
The SGX-standard way would be to work with MRSIGNER instead of MRENCLAVE. But this would introduce centralizeation with the VENDOR holding the key for enclave signing.
sudo + update pallet
the immediate shortcut would be to use the sudo pallet which is already part of sgx-runtime. at a later stage, this could be replaced by the democracy pallet (PoS voting, see above)
We would need a special pallet just to register allowed MRENCLAVEs as an ordered update list:
mu-ra would then query that registry when another worker requests provisioning
The text was updated successfully, but these errors were encountered: