[Bug 2030595] Review Request: sgx-aesm-service - SGX Architectural Enclave Service Manager

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2030595



--- Comment #6 from Paolo Bonzini <pbonzini@xxxxxxxxxx> ---
The bundled 3rd party libraries cannot be replaced with the system libraries,
because enclaves cannot use the system libraries (all code must be linked
statically and signed).  See for example ENCLAVE_CFLAGS and ENCLAVE_CXXFLAGS in
buildenv.mk, which include -ffreestanding -nostdinc -nostdinc++, and
ENCLAVE_LDFLAGS which includes the linker flag -eenclave_entry.

However, these should be open source and limited to the minimum necessary. 
Based on my analysis of the build process:

* the static binary-only libraries in external/ should be removed from the
sources tarball and should not be used during the build process.

* OpenSSL should be built from source, and the OpenSSL sources should be passed
through the "hobble-openssl" script from the Fedora OpenSSL package.  The
script removes certain patented algorithms from the tarball.

* No network access should be done during the build (see for example
external/sgxssl/prepare_sgxssl.sh); all sources should be included in the
tarball.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
https://bugzilla.redhat.com/show_bug.cgi?id=2030595
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux