Hi folks!
TD;DR: can I generate the same key with sgx_get_key on different machines?
I've been trying out the PFS API's sgx_fopen for exporting a configuration file and later importing on a different machine but I don't think I quote understood cpu_svn and isv_svn... I tried generating a key without setting them with the following code and I got different keys on different machines, is it right? I'd really appreciate if anybody could point me in the right direction...
sgx_cpu_svn_t cpu_svn = {0}; sgx_isv_svn_t isv_svn = {0}; sgx_key_request_t request = { SGX_KEYSELECT_SEAL, SGX_KEYPOLICY_MRENCLAVE, isv_svn, 0, cpu_svn , NULL, 0, NULL, 0 }; sgx_status_t status = sgx_get_key(&request, key);
Thanks in advance,
Ricardo
Link Copied
Hi Ricardo.
As mentioned in the post below, SGX keys are unique to each specific platform.
https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/705026
If you require sealing/unsealing data on multiple platforms, you would need to utilize SGX remote attestation to provision common sealing/unsealing keys securely to those platforms. For more info, see the white paper below:
Regards.
Scott
Hi Ricardo.
As mentioned in the post below, SGX keys are unique to each specific platform.
https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/705026
If you require sealing/unsealing data on multiple platforms, you would need to utilize SGX remote attestation to provision common sealing/unsealing keys securely to those platforms. For more info, see the white paper below:
Regards.
Scott
Thank you very much, Scott!
Ricardo
For more complete information about compiler optimizations, see our Optimization Notice.