topic @Scott R. As you suggested, I in Intel® Software Guard Extensions (Intel® SGX)

SGX Attestation (Windows)

bashar__golam — Wed, 03 Apr 2019 21:32:08 GMT

I am new in Intel SGX and doing an academic project. I built an app with performing random number from ecall. Now, I need to perform a simple attestation thus it proves i am using enclave (Intel SGX). How to perform it?

enclave { /*.edl file */

from "sgx_tstdc.edl" i

mport *; trusted { public void foo([out] int *a);

};

Hi Golam.

Scott_R_Intel — Wed, 03 Apr 2019 21:36:21 GMT

Hi Golam.

We have a full end-to-end remote attestation whitepaper as well its associated sample available on GitHub.

https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example

https://github.com/intel/sgx-ra-sample

Regards.

Scott

Hi Scott,

bashar__golam — Wed, 03 Apr 2019 21:45:39 GMT

Hi Scott,

Thanks for reply. But, I don't need to perform Remote Attestation. I just need to proof that I am using SGX. Can you please give a link or sample code that might be like this (A solution having 3 enclaves. encalve 1 and enclave 2 perform that user is using SGX and enclave3 is what i given above). I am working in Windows OS.

Hi again Golam.

Scott_R_Intel — Thu, 04 Apr 2019 12:18:10 GMT

Hi again Golam.

My apologies that I misunderstood.

If I understand correctly now, and looking at some of your other questions, I think you should take a look at the LocalAttestation sample project included with the SGX SDK. In it, there are three enclaves, each of which attest to each other and then make secure calls to each other.

Hope this helps.

Scott

@Scott R. As you suggested, I

kh__Naveen — Tue, 23 Apr 2019 09:23:45 GMT

@Scott R. As you suggested, I am looking at the local attestation example provided in the SDK.

AFAIK to verify 2 enclaves locally, one enclave needs to generate a report on itself and provide the same to the other enclave. The other enclaves derives a key by calling some API and only then it can decrypt the report and check if the other enclave is genuine. But in this example I dont see any code doing that. Could you please point out where exactly in the code is it being done? The only code which was related to verification of the enclave was this -

//Function that is used to verify the trust of the other enclave
//Each enclave can have its own way verifying the peer enclave identity
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
    if(!peer_enclave_identity)
    {
        return INVALID_PARAMETER_ERROR;
    }
    if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
        // || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
    {
        return ENCLAVE_TRUST_ERROR;
    }
    else
    {
        return SUCCESS;
    }
}

Quote:Scott R. (Intel) wrote:

kh__Naveen — Tue, 23 Apr 2019 20:34:08 GMT

Scott R. (Intel) wrote:
Hi again Golam.
My apologies that I misunderstood.
If I understand correctly now, and looking at some of your other questions, I think you should take a look at the LocalAttestation sample project included with the SGX SDK. In it, there are three enclaves, each of which attest to each other and then make secure calls to each other.
Hope this helps.
Scott

Dear Scott, could you please reply to my query in the previous post. It would be of great help as I am stuck with this from quite a long time.

Hi Naveen.

Scott_R_Intel — Wed, 24 Apr 2019 13:15:19 GMT

Hi Naveen.

In this particular local attestation example, that's the exact function you need to be looking at. See the TODO at the end of commented out line #10...

peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check

Your MRSIGNER needs to be hardcoded in there... that's the main check.

Scott

Quote:Scott R. (Intel) wrote:

kh__Naveen — Wed, 24 Apr 2019 14:12:19 GMT

Scott R. (Intel) wrote:
Hi Naveen.
In this particular local attestation example, that's the exact function you need to be looking at. See the TODO at the end of commented out line #10...
peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
Your MRSIGNER needs to be hardcoded in there... that's the main check.
Scott

Thank you for the reply Scott. In the section LOCAL ATTESTATION, in Intel SGX Developer's Guide, it is written that a report will be sent to the target enclave. Then the target enclave needs to call EGETKEY to derive a key and open the report. But I dont see any of this happening in the code :(. So I am a little bit confused.

Hello,

bashar__golam1 — Wed, 24 Apr 2019 16:16:31 GMT

Hello,

Can anyone explain what following function doing?

status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &minp, &minp_len);
    if(status != SUCCESS)
    {
        return status;
    }

std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
    if(it != g_src_session_info_map.end())
    {
          dh = &it->second;
    }
    else
    {
        SAFE_FREE(minp);
        return INVALID_SESSION;
    }
    status = send_request_receive_response(src_enclave_id, dest_enclave_id, dh, minp, minp_len, max_op_size, &op, &op_len);
    if(status != SUCCESS)
    {
        SAFE_FREE(minp);
        SAFE_FREE(op);
        return status;
    }

    status = unmarshal_retval_and_output_parameters_e2_foo1(op, &retval);
    if(status != SUCCESS)
    {
        SAFE_FREE(minp);
        SAFE_FREE(op);
        return status;
    }

Hi Bashar,

kh__Naveen — Thu, 25 Apr 2019 18:00:41 GMT

Hi Bashar,

The code is marshalling, i.e filling a structure with data, and sending it over to the other enclave. The other enclave processes the data and sends over the results. The results will then be unmarshalled and verified.