Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Generating key for writing protected file

Santos__Ricardo
Beginner
837 Views

Hi folks!

TD;DR: can I generate the same key with sgx_get_key on different machines?

I've been trying out the PFS API's sgx_fopen for exporting a configuration file and later importing on a different machine but I don't think I quote understood cpu_svn and isv_svn... I tried generating a key without setting them with the following code and I got different keys on different machines, is it right? I'd really appreciate if anybody could point me in the right direction...

sgx_cpu_svn_t cpu_svn = {0};
sgx_isv_svn_t isv_svn = {0};
sgx_key_request_t request = { SGX_KEYSELECT_SEAL, SGX_KEYPOLICY_MRENCLAVE, isv_svn, 0, cpu_svn , NULL, 0, NULL, 0 };
sgx_status_t status = sgx_get_key(&request, key);

Thanks in advance,

Ricardo

0 Kudos
1 Solution
Scott_R_Intel
Employee
837 Views

Hi Ricardo.

As mentioned in the post below, SGX keys are unique to each specific platform.

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/705026

If you require sealing/unsealing data on multiple platforms, you would need to utilize SGX remote attestation to provision common sealing/unsealing keys securely to those platforms.  For more info, see the white paper below:

https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example

Regards.

Scott

View solution in original post

0 Kudos
2 Replies
Scott_R_Intel
Employee
838 Views

Hi Ricardo.

As mentioned in the post below, SGX keys are unique to each specific platform.

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/705026

If you require sealing/unsealing data on multiple platforms, you would need to utilize SGX remote attestation to provision common sealing/unsealing keys securely to those platforms.  For more info, see the white paper below:

https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example

Regards.

Scott

0 Kudos
Santos__Ricardo
Beginner
837 Views

Thank you very much, Scott!

 

Ricardo

0 Kudos
Reply