2025‐3‐26‐CFCC‐Minutes

Date: Wed, Mar 26, 2025, (4th Wed of each month) Next: Wed, Apr 23, 2025

Time: 6-7 am PST

Meeting Link: https://zoom-lfx.platform.linuxfoundation.org/meeting/99864751424?password=3b15fe50-d16c-40af-8e2f-b6b1b5e7124d

(You should be able to join as 'guest' using your mail-ID.)

Attendees

• Community: Aditya Gurajada, John Manferdelli, Chris Ramming
• Broadcom: Ye Li, Rado Gerganov
• Samsung: Bokdeuk Jeong
• Univ of Missouri: Ashish Pandey, Pari Patel, Bishwas Wagle, Mauro Lemus, Prof. Calyam
• Paul Howard, ARM, TAC members at CCC, Project liason for CFCC
• Data Village: Arne Goeteyn,
• Jacob Lagerros (London, Open-Source Silicon computing, startup founder)
• Sakul Gupta, Micron

---

Agenda

• Get updates and discuss John's work in repo to refactor code.

Updates

• John presented at TAC annual review of CFCC project - updates?

• Issue #261 Update OpenSSF Best Practices badge

• Issue #262 Issue while executing simple_app_python from sample_apps

• John's starting to include the new acl library in the branch acl_lib. In the course of doing this, he noticed almost none of the certifier make files work without significant changes related to protobuf.

• Making things work with recent protobuf versions: There are almost no changes just to introduce C++17 (Change C++14 to C++17 in the CFLAGS definition and fix a byte conflict introduced by a new byte definition in std).

  • All the significant changes happen because of the new protobuf. There is no half measure.
  • The make files either all work or none of them work. When they work, everything works. When they don't, nothing works.
  • As I made changes, I made them dependent on a new variable: NEWPROTOBUF. When it is undefined the makes act the same way they used to.
  • There is one small additional change so far in naming which protobuf versions are acceptable in one of the scripts).
  • We may consider checking in everything with NEWPROTOBUF undefined and then checking it in with it defined but you can't do any new testing with it undefined.
  • So this, along with the C++17 change, seems purely cosmetic.

• New Library: This is separable but right now it is independent of the Certifier.

  • Making it part of the Certifier will be a separate checkin and will involve getting rid of some duplicate definitions.
  • The independent prototype does not affect the current operation of the CF. The prototype was finished in another repository and factoring it into smaller checkins does not seem worthwhile.

• Updates from U.Missouri on plans to use CFCC

  • Volunteer Edge Computing: Use resources that are locally available (Linux or Cloud-VMs)
  • To run scientific workloads, for now BioInformatics w/l - Lots of data crunching
    • Goal: Cost-effective + Security built-in.
  • Ashish walked-thru their arch pptx. Active discussions & feedback provided by Ye.

• Welcome Paul, Solution Arch from ARM.

  • Now rep from ARM to TAC, took on CFCC as a liason volunteer for CFCC
  • Role: Conduit between CFCC community and CCC/TAC.
  • Charter: Written charter exists for liason. Helping with annual review
  • Interested in overlap between CFCC and other CCC/TAC-projects, which have stuff to do w/attestation.
    • E.g., Veraison
  • Interested in CFCC's standards effort - Ecosystem harmonization - Should work directly w/John

Pending items from past backlog list

• Rado Reassigned to Ye - To investigate and come-up with a recommendation for a dynamic analysis tool to be implemented in our repo

  • 1/29/2025: Revisited. (CFCC wanted us to do this kind of pre-check working.) Pending for now ...

• Aditya -- once the tools / processes are identified, will coordinate with Ye & Rado to implement the dev/Ci-processes required.

• Aditya -- follow-up on code-level cleanup items for Ubuntu-Linux, sev-simulator changes

• Aditya will take John's recent writeup on Quantum safe crypto algorithms and update Wiki. Work w/ John to finalize.

• Rado will try to push on integrating sanitizers into CFCC builds... back-burner work. (Rado's busy; won't be done any time soon.)

• Pari (Univ of Missouri): Trying to create multi-server communication with few diff Linux VMs.

Action Items

• UM: Issues:
  • How to create clients in diff machines. Guide docs are not proper.
    • Ye pointed Ashish to this doc in our repo, simple-App-Under-Gramine-SEV
    • Need better example / docs for nested attestation usages
  • Create required issues for things that need improvement; code-, feature-, usability or docs.