Remote Attestation
13 views
Skip to first unread message
Thomas Crowley
Mar 15, 2022, 3:54:26 PM3/15/22
to Gramine Users
I have integrated the Remote Attestation example into my code and the server function, ra_tls_create_key_and_crt_der hangs, about 50% of the time. After a little digging I think it is hanging on the mbedtls_rsa_gen_key call in create_key_and_crt. I have not seen anyone else reporting these issues. The only thing I can think of is my server application is multithreaded and gramine does not build mbedtls in multithreaded mode. Has anyone else seen this issue? Could the single thread mode of mbdtls cause this? If so any hints on compiling it in multithread mode?
Thank you
Tom
Michał Kowalczyk
Mar 18, 2022, 11:29:17 AM3/18/22
to Thomas Crowley, Gramine Users
Hi,
Your analysis is correct, but it's not only about mbedtls, but also
about the library code itself. See
https://gramine.readthedocs.io/en/latest/attestation.html - it says that
the library is not thread-safe and the user needs to ensure proper
locking ;)
Whether it should or not be thread-safe: I don't know, so far we didn't
have any use-case where someone would call it from multiple threads, but
this maybe something to consider...
Best,
Michał
Your analysis is correct, but it's not only about mbedtls, but also
about the library code itself. See
https://gramine.readthedocs.io/en/latest/attestation.html - it says that
the library is not thread-safe and the user needs to ensure proper
locking ;)
Whether it should or not be thread-safe: I don't know, so far we didn't
have any use-case where someone would call it from multiple threads, but
this maybe something to consider...
Best,
Michał
Reply all
Reply to author
Forward
0 new messages