![]() Go to the detailed view of an image, and select the ENCLAVE tab.To view the MRENCLAVE values in the Fortanix CCM UI: On hardware without that support, the initial enclave image includes zeroed pages for unallocated memory. On the hardware that supports dynamically adding pages to an enclave, pages for unallocated memory are not included in the initial enclave image, so the enclave can start faster. This allows you to run the same converted container on both SGX1 and SGX2 hardware. The converted container will have two different MRENCLAVE values corresponding to SGX1 and SGX2 respectively. After the application is converted, the application will have both SGX1 and SGX2 signatures, and the correct signature would be used depending on the hardware available. When an application is converted, the converter app supports signing and running the application in both SGX1 and SGX2 hardware. Once an image of an application is created, it will be pushed to the specified location in the Output Image Name of the application. If the user is entering a different tag value, then it can either be different values or the same. The Source Image tag and Output Image tag are optional fields and by default, the tag value is “latest” internally. ![]() CPU count - CPU count is the number of CPUs dedicated to an enclave out of all the CPUs available to the host machine.If you selected the Image Type as AWS Nitro, enter the following details: Thread count – Change the thread count to support the application.Memory size – Choose the memory size from the drop-down to change the memory size of the enclave.This number should be incremented if security-relevant change is made to the application. ISVSVN is a numeric security version to be assigned to the Enclave.A user must choose a unique value in the range of 0-65535 for their applications. ISVPRODID is a numeric product identifier.If you selected the Image Type as Intel SGX, enter the following details:.Enter the image Tag which is the tag value of the Docker image.If you have not saved any Registry Credentials, then manually enter the registry credentials for the Output image name.If you have added a registry in a particular account as described in the article User's Guide: Image Registryof Fortanix CCM, then the check box Use saved credentials will be selected by default and the registry names for the output image will be filled automatically for the Add Registry Credentials fields.Since the input image is stored in a public registry, there is no need to provide credentials for the input image. Here, the registry credentials are the credentials needed to access the private docker registry where the image will be pushed. ![]()
0 Comments
Leave a Reply. |