diff --git a/Documentation/manifest-syntax.rst b/Documentation/manifest-syntax.rst index e82a91f9f8..68ffd3900f 100644 --- a/Documentation/manifest-syntax.rst +++ b/Documentation/manifest-syntax.rst @@ -663,10 +663,10 @@ expected to be encrypted in the PF format). New files created in an encrypted mount are also automatically treated as encrypted. .. warning:: - The current implementation assumes that each encrypted file is reachable - through a single path in Gramine. If the same encrypted file on host can be - reached through multiple paths in Gramine (e.g. because of host-level - symlinks, or multiple Gramine mounts), data loss may occur. + The current implementation assumes that ``type = "encrypted"`` mounts do not + overlap on host, i.e. there are no host files reachable through more than one + ``type = "encrypted"`` mount. Otherwise, changes made to such files might not + be correctly persisted by Gramine. Note that path size of an encrypted file is limited to 512 bytes and filename size is limited to 260 bytes. diff --git a/LibOS/shim/include/shim_fs_encrypted.h b/LibOS/shim/include/shim_fs_encrypted.h index 2805f814c9..8c7126e561 100644 --- a/LibOS/shim/include/shim_fs_encrypted.h +++ b/LibOS/shim/include/shim_fs_encrypted.h @@ -172,6 +172,8 @@ int encrypted_file_get_size(struct shim_encrypted_file* enc, file_off_t* out_siz int encrypted_file_set_size(struct shim_encrypted_file* enc, file_off_t size); int parse_pf_key(const char* key_str, pf_key_t* pf_key); + +/* TODO: This function is used only by a feature deprecated in v1.2, remove two versions later. */ int dump_pf_key(const pf_key_t* pf_key, char* buf, size_t buf_size); #endif /* SHIM_FS_ENCRYPTED_ */ diff --git a/LibOS/shim/test/regression/attestation.c b/LibOS/shim/test/regression/attestation.c index 7b8a5296aa..938917620f 100644 --- a/LibOS/shim/test/regression/attestation.c +++ b/LibOS/shim/test/regression/attestation.c @@ -143,8 +143,9 @@ static int write_key(const char* key) { * Test the deprecated `/dev/attestation/protected_files_key` file (and setting the initial key * using deprecated `sgx.insecure__protected_files_key` manifest syntax). * - * TODO: remove this part of the test when these deprecated interfaces are removed. The new way of - * setting keys (`/dev/attestation/keys`, `fs.insecure__keys`) is already tested in `keys.c`. + * TODO: remove this part of the test when these deprecated interfaces are removed (two versions + * after v1.2). The new way of setting keys (`/dev/attestation/keys`, `fs.insecure__keys`) is + * already tested in `keys.c`. */ static int test_protected_files_key(void) { int ret = expect_key(MANIFEST_KEY);