I would like for trusted execution environments to be supported in wasi runtimes.
Which would be the right standards committee to propose this to Wasi, Webassembly, Wasix or even somewhere else?
Does anyone know of any previous work/ thoughts in that direction?
Hello Paul, This is something we are currently trying to figure out currently at Klave. TEEs have inherent constraints (OS and host untrusted, etc.) and for good reasons. Therefore clearly all WASI interfaces would not be able to be implemented as per the ABI. I suppose naive implementation could be done for TEEs (forwarding call to host for instance) but would come at a great price in terms of security. I believe the approach that should be taken is to pick and choose WASI interface that would make sense to implement in the TEEs (Crypto for instance, etc.) and for the rest leverage on the component model to allow specific sets of APIs to be described and implemented to meet the need of the TEEs. You can find previous thoughts on that topic here https://blog.enarx.dev/language-support-for-wasi-2/ and if you want to know more about how we are currently tackling that at klave, here: https://klave.com/.
Last updated: Dec 23 2024 at 12:05 UTC