Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

How can I communicate with RA using another SPID?

nrui
Beginner
397 Views

I would like to use the Developer SPID (Unlinkable) issued here to generate RA_TLS keys and certificates in Gramine (Graphene) and communicate using wolfSSL.
To this end, we set it up in Manifest as follows.
- sgx.remote_attestation = true
- sgx.ra_client_linkable = false
- sgx.ra_client_spid = "OOOOOOO"
Communication is possible if two hosts communicate using the same SPID, but authentication errors occur if each node has a different SPID.
What should I do at times like this?

0 Kudos
1 Solution
JesusG_Intel
Moderator
374 Views

Hello nrui,


Please explain your scenario in more detail.


In remote attestation, your service provider application gets one SPID. Each enclave that wants to attest and communicate with that service provider must use that service provider's SPID. An enclave cannot attest to a service provider with a different SPID.


Regards,

Jesus G.

Intel Customer Support


View solution in original post

3 Replies
JesusG_Intel
Moderator
375 Views

Hello nrui,


Please explain your scenario in more detail.


In remote attestation, your service provider application gets one SPID. Each enclave that wants to attest and communicate with that service provider must use that service provider's SPID. An enclave cannot attest to a service provider with a different SPID.


Regards,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
349 Views

Hello nrui,


Do you need further clarification on this issue?


Regards,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
328 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply