Glossary¶
- PAL
Platform Adaptation Layer
PAL is the layer of Graphene that implements a narrow Drawbridge-like ABI interface (with function names starting with the Dk prefix)
See also
https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/asplos2011-drawbridge.pdf
Whenever Graphene requires a service from the host platform (memory allocation, thread management and synchronization, file system and network stacks, etc.), it calls the corresponding PAL functionality. The PAL ABI is host-platform agnostic and is backed by the host-platform specific PAL, for example, the Linux-SGX PAL.
- RA-TLS
A library to augment classic SSL/TLS sessions with Remote Attestation. RA-TLS extends the SSL/TLS handshake protocol to force one endpoint into verifying the SGX Quote embedded into the other endpoint’s certificate chain. RA-TLS is designed to be a drop-in replacement for classic SSL/TLS libraries.
See also
- Secret Provisioning
Secret provisioning is a mechanism to deliver secrets (such as encryption keys, passwords, etc.) from a remote trusted party inside a TEE. It is typically built on top of a Secure Channel.
See also
- Secure Channel
Secure channels are communication channels for trusted transmission of arbitrary data between a TEE and a remote trusted party or between two TEEs. They are typically built on top of the classic TLS/SSL channels.
See also
- SGX
- Software Guard Extensions is a set of instructions on Intel processors for creating Trusted Execution Environments (TEE). See Introduction to SGX.
- Thread Control Block
Todo
TBD