Allow enclave updates on productive systems

[clangenb]

This is not handled yet, and updated enclave binary will currently result in a new sidechain.

On-chain enclave registry

When we register an enclave it is always shard == mrenclave, this means if you update an enclave, it will also change the shard, and you lose track of the enclaves on chain if they update. So we might want to introduce some logic on the parentchain, which enforces a certain mrenclave after a certain block or something.

Encrypted file I/O

This is actually not that big of a problem, SGX seal data does use by default the MRSIGNER parameter, which means that different enclaves signed by the same software vendor can all read sealed data: https://github.com/apache/incubator-teaclave-sgx-sdk/blob/c3d82372dff81e5bafb07f71bc8ad532d06b504e/sgx_tseal/src/seal.rs#L183. Hence, and updated enclave should be able to read data sealed by an old enclave.

Some more info about mrsigner and sealing:

• https://insujang.github.io/2017-10-09/intel-sgx-sealing/
• https://sgx101.gitbook.io/sgx101/sgx-bootstrap/sealing

caveat: MRSIGNER isn't the policy we want to follow, because it gives power to leak data to the enclave signer. See #88

How to do an upgrade on a running system?

WIP: https://integritee.atlassian.net/wiki/spaces/INTEGRITEE/pages/544866336/teerex+V2

[brenzi]

this actually duplicates #85