Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Checking measurement at local attestation



I'm looking and playing with the sample local attestation code and can't figure out how to compare measurements of enclaves. Ideally, I want some enclave1 to confirm that enclave2 is indeed running the right code that's expected.

I tried to change the Enclave1.cpp code in the LocalAttestation sample to include a simple printf OCall for peer_enclave_identity->mr_enclave in verify_peer_enclave_trust . However, I'm having a couple of issues:

1) Every time I run the application, I get a different value, shouldn't the measurement code/data be the same.

2) How to actually check that Enclave2 is running the intended application. One way I'm approaching this is to sgx_sign and then take the hex RAW dump and parse it to get out the enclave hash (write all this code myself). Haven't tried this one yet due to the issue with 1) that should be resolved first, but isn't there a simpler way? I assume this is a pretty common operation and I feel like I'm missing something out.

0 Kudos
0 Replies