You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're trying to write a Golang wrapper on top of Gramine's RA-TLS verification module. While trying to show the errors to the user, we discovered that most of the SGX errors, although logged, are abstracted in the verification function and only a few errors are reported.
What was the design decision behind this approach? What are your thoughts about returning the original error to the user so that it can be handled accordingly? Would it involve too large a change, or some other factors are involved?
One use case of having more verbose return values is to know why the attestation verification failed, and every user might not have access to stdout/stderr for logs.
For example: we might want to handle SGX_QL_QV_RESULT_SW_HARDENING_NEEDED according to our use case but MBEDTLS_ERR_X509_CERT_VERIFY_FAILED doesn't give enough information about the error.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
We're trying to write a Golang wrapper on top of Gramine's RA-TLS verification module. While trying to show the errors to the user, we discovered that most of the SGX errors, although logged, are abstracted in the verification function and only a few errors are reported.
What was the design decision behind this approach? What are your thoughts about returning the original error to the user so that it can be handled accordingly? Would it involve too large a change, or some other factors are involved?
One use case of having more verbose return values is to know why the attestation verification failed, and every user might not have access to stdout/stderr for logs.
For example: we might want to handle
SGX_QL_QV_RESULT_SW_HARDENING_NEEDED
according to our use case butMBEDTLS_ERR_X509_CERT_VERIFY_FAILED
doesn't give enough information about the error.Beta Was this translation helpful? Give feedback.
All reactions