optee, openenclave: added custom key path parameter #238
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openenclave, optee: added key manager enclaves openenclave, optee: added command line interfaces ci: updated x86 target for openenclave ci: added aarch64 target for op-tee ci: added x86 target for nixos doc: added enclave.md depends: added libyubikey, libusb and libykpiv sha: added sha1 and hmac for authentication with yubikey tests: added sha1 and hmac address: added wrapper for address from account pub key example: added wrapper test: added wrapper to bip44_test [feat] added yubikey for storage config, cmake, seal, tests: added yubikey support seal: added encrypted blobs to software encryption such, spvnode, wallet: updated software encryption tests: added encrypted blobs doc: added yubikey.md [feat] added NanoPC-T6 enclave ci: added NanoPC-T6 support for op-tee doc: updated enclave.md optee: added rk3588-nanopi6-common.dtsi.patch optee: added nanopi6.h.patch
updated sign-x86_64-macos artifact name added verbose to sign-x86_64_macos actions
optee: updated patch format
edtubbs
force-pushed
the
0.1.4-dev-enclave-keypath
branch
8 times, most recently
from
cde8a01 to
1eb3100
Compare
optee, openenclave: added yubikey option to hosts optee, openenclave: added random shared secret for totp optee, openenclave: updated yubikey to optional if auth token is supplied optee, openenclave: updated totp to optional if password is supplied optee, openenclave: updated totp check from string to integer optee, openenclave: updated to confirm password optee: updated delegate key to store and export extended key optee: updated host to prompt as necessary and removed option openenclave: added password as mnemonic passphrase openenclave: added auth token option to host and parameter to enclave openenclave: added oeseal_gcmaes for enclave sealing openenclave: added data_t and updated enclave parameters openenclave: removed simulated oe_seal_wrap and oe_unseal_wrap header: added utils for hex/bin conversion ci: removed patches now applied during make or un-necessary ci: updated to OP-TEE repo and branch to master ci: updated to build libdogecoin separately for host and enclave doc: updated enclaves.md
edtubbs
force-pushed
the
0.1.4-dev-enclave-keypath
branch
from
1eb3100 to
0227f77
Compare
xanimo
approved these changes
Jan 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update OpenEnclave and OP-TEE key management enclaves to support custom key paths, optional YubiKey usage, and password-based authentication. Added a random shared secret for TOTP, extended keys for delegation, and improved host prompts for user input.
The OpenEnclave key management enclave now supports secure sealing. Unnecessary CI patches were removed, and the workflow was updated to the latest OP-TEE master branch. Documentation in
enclaves.mdhas been updated to reflect these changes.Merge after #232.