Stream: general

Topic: trusted execution environments


view this post on Zulip Paul Scheduikat (Dec 13 2023 at 03:29):

I would like for trusted execution environments to be supported in wasi runtimes.

Which would be the right standards committee to propose this to Wasi, Webassembly, Wasix or even somewhere else?

Does anyone know of any previous work/ thoughts in that direction?

view this post on Zulip Etienne Bossé (Dec 13 2023 at 10:24):

Hello Paul, This is something we are currently trying to figure out currently at Klave. TEEs have inherent constraints (OS and host untrusted, etc.) and for good reasons. Therefore clearly all WASI interfaces would not be able to be implemented as per the ABI. I suppose naive implementation could be done for TEEs (forwarding call to host for instance) but would come at a great price in terms of security. I believe the approach that should be taken is to pick and choose WASI interface that would make sense to implement in the TEEs (Crypto for instance, etc.) and for the rest leverage on the component model to allow specific sets of APIs to be described and implemented to meet the need of the TEEs. You can find previous thoughts on that topic here https://blog.enarx.dev/language-support-for-wasi-2/ and if you want to know more about how we are currently tackling that at klave, here: https://klave.com/.

In the previous blog post, we analysed the popularity/desirability of various programming languages for WebAssembly/WASI among wasmtime users. The Enarx project uses wasmtime as a runtime and, in principle, if an application works on wasmtime, then it should work equally well on Enarx. Good support for WebAssembly/WASI
Unlock new business use cases and valuable insights with honest computing.

Last updated: Dec 23 2024 at 12:05 UTC