topic Hi Adil, in Intel® Software Guard Extensions (Intel® SGX)

Query about EGETKEY

AAhma10 — Fri, 09 Dec 2016 08:19:50 GMT

Hi,

As far as I understand, the EGETKEY command which is used to get a bunch of different keys uses some sort of hardware key to generate the sub-keys? Is that correct? If yes, are the hardware keys the same for each SGX machine or are they different per-machine?

Thanks!

Adil

Hi,

Surenthar_S_Intel — Mon, 12 Dec 2016 04:55:49 GMT

Hi,

The Intel® SGX Architecture provides the hardware instructions, EREPORT and EGETKEY, to support attestation and sealing. The EREPORT instruction provides an evidence structure that is cryptographically bound to the hardware for consumption by attestation verifiers. EGETKEY provides enclave software with access to the “Report” and “Seal” keys used in the attestation and sealing process. EGETKEY provides access to persistent Sealing Keys that enclave software can use to encrypt and integrity-protect data.

When invoking EGETKEY, the enclave selects criteria, or a policy, for which enclaves may access this sealing key. These policies are useful for controlling the accessibility of sensitive data to future versions of the enclave.

Intel® SGX supports two policies for Seal Keys:
Sealing to the Enclave Identity
Sealing to the Sealing Identity

Please refer the below link for more information

Introduction to Intel® SGX Sealing - https://software.intel.com/en-us/blogs/2016/05/04/introduction-to-intel-sgx-sealing
Innovative Technology for CPU Based Attestation and Sealing (4.SEALING) - https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealing

-Surenthar

Hi,

AAhma10 — Tue, 13 Dec 2016 06:26:02 GMT

Hi,

Thanks for the answer. Sorry if my question was unclear but I was wondering if one could get the same SGX seal key per different enclaves running on different SGX machines? I know that EGETKEY uses a hardware key to create its seal key alongwith either enclave information or signer's key. But is that hardware key different per machine or the same which could essentially mean that we can theoretically get the same key if we run the same enclave on different machines.

Thanks!

Adil

Hi Adil,

Huorong_L_ — Tue, 13 Dec 2016 08:40:14 GMT

Hi Adil,

AFAIK, all keys are device independent, i.e. on different machine(CPU) the same enclave will get different keys using EGETKEY.

Hi Adil,

Surenthar_S_Intel — Thu, 15 Dec 2016 03:03:36 GMT

Hi Adil,

SGX seal keys are unique to the platform. Two different systems will not derive the same key from the same enclave.

-Surenthar

Okay, that answers my

AAhma10 — Thu, 15 Dec 2016 03:48:45 GMT

Okay, that answers my question. Thanks a lot for the replies!

Adil

Hi @selvaraj,

Anandakumar — Thu, 08 Aug 2019 11:02:57 GMT

Hi @selvaraj,

While sgx_create_report, which key is used to generated sgx_msc_t (CMAC value of report data) ?

How QE(Quoting Enclave) Verifies the CMAC value!?

Is that key accessible to both app enclave and QE?

thanks!