Skip to content

2024‐11‐27‐CFCC‐Minutes

Aditya P. Gurajada edited this page Nov 27, 2024 · 20 revisions

Certifier Framework Monthly Meeting

Date: Wed, Nov 27, 2024, (4th Wed of each month) Time: 6-7 am PST

Meeting Link: https://zoom-lfx.platform.linuxfoundation.org/meeting/99864751424?password=3b15fe50-d16c-40af-8e2f-b6b1b5e7124d

(You should be able to join as 'guest' using your mail-ID.)

NOTE: Last meeting for 2024.

  • Dec meeting cancelled as it falls on Christmas Day
  • Next meeting will be on Wed 22nd Jan 2025

Attendees

  • Community: Aditya Gurajada, John Manferdelli, Chris Ramming
  • Broadcom: Ye Li, Rado Gerganov
  • Samsung: Bokdeuk Jeong
  • Others: Ashish Pandey, Pari Patel (Univ of Missouri)
  • Data Village: Arne Goeteyn,
  • Jacob Lagerros (London, Open-Source Silicon computing, startup founder)

Short meeting; low attendance. Several updates from John.

Agenda

  • Aditya: #250: Follow-up with John to push the intern project proposal further. Started email thread with John

    • Brought this up today. John's re-thinking this application-idea as we need a client h/w.
      • For applications: John was thinking of requires on one-side a client-device enabled w/CC of some kind
      • With upcoming ideas, John is thinking about the Android port angle (see below).
  • Team: Noted couple of new issues and did a bit of updates / scrubbing.

  • John will write-up intern project proposal for application on simulated enclave.

    • Ye to help wordsmith proposal to a concrete project idea.
    • Aditya to facilitate organizing this into a formal project proposal w/CCC.

Status Updates

  • (John):

    • Gave talk to Germany Academy of Science. May work together to use CC to secure Factory Floors.

      • Looking for languages to grant permissions
      • Investigating moving CFCC to embedded systems: Need to add code to existing library to work w/embedded systems
      • Timeline tbd; More details in Feb 2025
    • Writing applications: No client h/w. Looking for porting to Android & iOS (iPhone).

      • "Port" to Android may start in 12/2024. Will need adding some primitives
    • Exploring NSF grants to fund some newer initiatives around CFCC

    • SecureChannel between 2 CC containers w/CFCC: Currently it's integrated protected channel

      • Looking into ACL'ed APIs on secure Channel: So we can open up a Secure Channel and use APIs w/ACLs
        • ACLs may work on executable-code and / or identity for who's using the APIs.
      • Need to investigate which "standard" ACL library / plumbing to use. Something 'standard' will be needed.
        • John was thinking about using Berkeley protocols, but this area needs further investigation
    • TBD: CI support for these planned upcoming ports to Android / iOS

    • Ask Samsung: Is there any updates on their CC on ARM - John Needs real ARM h/w for client-device to test stuff.

    • For factory floor automation, some will be Arm machines.

  • (Ye): Merged #257 into /main

    • Submitted #259 for review: Add cppcheck static analysis:

      • This also address #251. Fixed as part of this PR.
      • For now, we don't need need input from UCB Keystone team.
        • Ye "fixed" in a hard-way to get stuff compiling, and removed double-definitions. Fixes problem for cppcheck. (Keystone code had multiple definitions in src and test code.)
        • (Aditya had pinged them earlier; no response, yet.)
    • CCC 2025 Call for Papers is open: Summit is on June 17-18, 2025, SFO:

      • Submit talks by ** Jan 17th **

Pending items from past backlog list

  • Ye - investigate and come-up with a recommendation for a static analysis tool to be implemented in our repo

  • Rado -- investigate and come-up with a recommendation for a dynamic analysis tool to be implemented in our repo

  • Aditya -- once the tools / processes are identified, will coordinate with Ye & Rado to implement the dev/Ci-processes required.

  • Aditya -- follow-up on code-level cleanup items for Ubuntu-Linux, sev-simulator changes

  • Aditya will take John's recent writeup on Quantum safe crypto algorithms and update Wiki. Work w/ John to finalize.

  • Ye investigated static analysis tooling. Resolved issue #251. Need input from Keystone folks. Aditya to connect Keystone folks & Ye to drive this further.

    • (9/25/2024): Ye said he will try to charge-ahead w/local builds to overcome Keystone build issues. Change is not big; but would be better if it's verified by UCB Keystone folks.

    • (Aditya) Pushed off email to UCB Keystone owners asking for engineer to work with Ye on issue #251

    • 9/25/2024: Alex from UCB is trying to reach Dayeol Lee.

  • Rado will try to push on integrating sanitizers into CFCC builds... back-burner work.

Action Items

  • (Bokdeuk) Open up a discussion item asking for more info on necessity of using keys provided by local device.

  • (Bokdeuk) Follow-up on #247 to get responses from @jlmucb

  • Ashish: Put-up a Discussion note explaining arch description of s/w components and their plan on how-to integrate with CFCC.