Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Checking measurement at local attestation

Hassan_A_
Beginner
‎04-05-2017 05:16 AM
304 Views

Hello,

I'm looking and playing with the sample local attestation code and can't figure out how to compare measurements of enclaves. Ideally, I want some enclave1 to confirm that enclave2 is indeed running the right code that's expected.

I tried to change the Enclave1.cpp code in the LocalAttestation sample to include a simple printf OCall for peer_enclave_identity->mr_enclave in verify_peer_enclave_trust . However, I'm having a couple of issues:

1) Every time I run the application, I get a different value, shouldn't the measurement code/data be the same.

2) How to actually check that Enclave2 is running the intended application. One way I'm approaching this is to sgx_sign Enclave2.so and then take the hex RAW dump and parse it to get out the enclave hash (write all this code myself). Haven't tried this one yet due to the issue with 1) that should be resolved first, but isn't there a simpler way? I assume this is a pretty common operation and I feel like I'm missing something out.

0 Kudos

Link Copied

0 Replies
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.