Sealing and Unsealing using _sgx_mrenclave (different platform) #1842
-
Hey Gramine team just wanted to confirm something, According to the documentation:
And also while skimming through this discussion here: Came to the conclusion that if an enclave app encrypts some file A using the _sgx_mrenclave key on the fs.mount specification in manifest, and then even if the same enclave code (same MRENCLAVE measurement) tries to use (unseal) that encrypted file A but on different machine (so different CPU -> different SGX Platform), it won't actually work right?
Did I got it right? Thank you in advance! EDIT: Process A assumes RA-TLS when sharing this secure data between two enclaves. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Right, it won't be able to unseal the data on another platform.
Yes, a migration process (e.g., unseal-transfer-reseal) is needed. |
Beta Was this translation helpful? Give feedback.
Right, it won't be able to unseal the data on another platform.
Yes, a migration process (e.g., unseal-transfer-reseal) is needed.