Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1493 Discussions

How can I communicate with RA using another SPID?

nrui
Beginner
‎01-04-2022 05:15 PM
1,411 Views
Solved Jump to solution

I would like to use the Developer SPID (Unlinkable) issued here to generate RA_TLS keys and certificates in Gramine (Graphene) and communicate using wolfSSL.
To this end, we set it up in Manifest as follows.
- sgx.remote_attestation = true
- sgx.ra_client_linkable = false
- sgx.ra_client_spid = "OOOOOOO"
Communication is possible if two hosts communicate using the same SPID, but authentication errors occur if each node has a different SPID.
What should I do at times like this?

0 Kudos
1 Solution
JesusG_Intel
Moderator
‎01-10-2022 08:24 AM
1,388 Views
Solved Jump to solution

Hello nrui,


Please explain your scenario in more detail.


In remote attestation, your service provider application gets one SPID. Each enclave that wants to attest and communicate with that service provider must use that service provider's SPID. An enclave cannot attest to a service provider with a different SPID.


Regards,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
Copy link

Link Copied

3 Replies
JesusG_Intel
Moderator
‎01-10-2022 08:24 AM
1,389 Views
Solved Jump to solution

Hello nrui,


Please explain your scenario in more detail.


In remote attestation, your service provider application gets one SPID. Each enclave that wants to attest and communicate with that service provider must use that service provider's SPID. An enclave cannot attest to a service provider with a different SPID.


Regards,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎01-14-2022 01:35 PM
1,363 Views
Solved Jump to solution

Hello nrui,


Do you need further clarification on this issue?


Regards,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎01-20-2022 04:37 PM
1,342 Views
Solved Jump to solution

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.