Integrity docs #189
Integrity docs #189
Conversation
docs/src/integrity/integrity.rst
Outdated
|
|
||
| Overview | ||
| -------- | ||
| The main idea behind integrity support is to tag each step of computation with a MAC, attached by the enclave worker when it has completed its computation. |
There was a problem hiding this comment.
Can you elaborate on what exactly the MAC is over?
There was a problem hiding this comment.
See new commit
There was a problem hiding this comment.
Would be good to elaborate a bit further on what is MAC'd over -- maybe for example you can explain what is in each LogEntry, similar to what we say in the "Building Blocks" section of this document (but of course with the updated fields)
There was a problem hiding this comment.
Added the flatbuffers schema explicitly and a short description of each object in 2db9389
docs/src/integrity/integrity.rst
Outdated
|
|
||
| Enclave Code | ||
| ^^^^^^^^^^^^ | ||
| In the enclave code (C++), modifications were made to the ``FlatbuffersWriters.cpp`` file. |
There was a problem hiding this comment.
Modifications were also made to FlatbuffersReaders for the during-execution integrity checks: checking whether all blocks that were outputted from the previous ecall indeed were received by the subsequent ecall.
There was a problem hiding this comment.
Can you also add a section about the during-execution checks and post-verification checks?
There was a problem hiding this comment.
Can you elaborate on this? I think I wrote a little about the post verification checks in the part about the "Scala / Job Verification Engine Code" which outlines the reconstruction of the executed and expected. Do you want me to explain more in this section?
There was a problem hiding this comment.
Yeah I think it'd be good to either have a separate section or to add to the "Overview" section a bit about the during-execution integrity checks and the post-verification checks, i.e. say that as part of integrity we perform checks during execution and post-execution. In particular, maybe we can talk about what each is checking for.
There was a problem hiding this comment.
Added a little more detail in commit 2db9389
No description provided.