Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1427 Discussions

Generating key for writing protected file

Santos__Ricardo
Beginner
‎08-28-2019 12:47 PM
431 Views
Solved Jump to solution

Hi folks!

TD;DR: can I generate the same key with sgx_get_key on different machines?

I've been trying out the PFS API's sgx_fopen for exporting a configuration file and later importing on a different machine but I don't think I quote understood cpu_svn and isv_svn... I tried generating a key without setting them with the following code and I got different keys on different machines, is it right? I'd really appreciate if anybody could point me in the right direction...

sgx_cpu_svn_t cpu_svn = {0};
sgx_isv_svn_t isv_svn = {0};
sgx_key_request_t request = { SGX_KEYSELECT_SEAL, SGX_KEYPOLICY_MRENCLAVE, isv_svn, 0, cpu_svn , NULL, 0, NULL, 0 };
sgx_status_t status = sgx_get_key(&request, key);

Thanks in advance,

Ricardo

0 Kudos
1 Solution
Scott_R_Intel
Employee
‎09-03-2019 07:17 AM
431 Views
Solved Jump to solution

Hi Ricardo.

As mentioned in the post below, SGX keys are unique to each specific platform.

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/705026

If you require sealing/unsealing data on multiple platforms, you would need to utilize SGX remote attestation to provision common sealing/unsealing keys securely to those platforms.  For more info, see the white paper below:

https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example

Regards.

Scott

View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
Scott_R_Intel
Employee
‎09-03-2019 07:17 AM
432 Views
Solved Jump to solution

Hi Ricardo.

As mentioned in the post below, SGX keys are unique to each specific platform.

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/705026

If you require sealing/unsealing data on multiple platforms, you would need to utilize SGX remote attestation to provision common sealing/unsealing keys securely to those platforms.  For more info, see the white paper below:

https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example

Regards.

Scott

0 Kudos
Copy link
Santos__Ricardo
Beginner
‎09-03-2019 10:46 AM
431 Views
Solved Jump to solution

Thank you very much, Scott!

 

Ricardo

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.