Extending Pytorch example to support secret provisioning after the enclave application starts

[norratheppsu]

Hello,

I've been playing around the Pytorch example and now am trying to adapt it to perform a private inference service from the service user's perspective (e.g., making sure that the cloud will not store their private data used for inference).

I noticed that the current pytorch example performs secret provisioning before the enclavized application starts (by setting SECRET_PROVISION_CONSTRUCTOR to 1) but what I want is for the service user to be able to attest this service after the enclave starts. I suppose I have to modify SECRET_PROVISION_CONSTRUCTOR but am not sure how.

Is it possible with the existing secret provisioning libraries? It would be best if this can be done at Python-level code.

Thank you in advance,

[kailun-qin]

but what I want is for the service user to be able to attest this service after the enclave starts
Is it possible with the existing secret provisioning libraries? It would be best if this can be done at Python-level code.

Note that besides non-programmatic APIs (based on environment variables), Gramine's secret provisioning libraries also provide programmatic APIs (pls see https://github.com/gramineproject/gramine/blob/master/tools/sgx/ra-tls/secret_prov.h). You might also want to check out this example: https://github.com/gramineproject/gramine/tree/master/CI-Examples/ra-tls-secret-prov/secret_prov.

For your specific case, you can integrate secret provisioning libraries into your python code using e.g., FFI.

[norratheppsu]

I see. I suppose there's no example that implements this Python (or other languages) wrapper for secret provisioning libraries yet?

[kailun-qin]

Right, there isn't one yet.

[norratheppsu]

I'm closing this. Thanks again @kailun-qin!