Hi,
Using Innovative Instructions to Create Trustworthy Software Solutions -
-Thanks
Link Copied
Hi Sam,
Called trusted path is established on top of untrusted path offered by OS (traditional IPC between applications), with cryptographic protection (keys are only known to enclaves). In Local attestation samples available in Intel SGX SDK. The enclave that wants to prove that it is running inside an enclave on an Intel CPU, creates a report inside the enclave(EREPORT). The report does not have any secret in it, but it is MAC'd using the report key, which is accessible and generated inside the enclave . The report is sent to the other enclave through the untrusted channel(Ie, OS provided IPC), and then the report is verified inside the other enclave, which has access to the same report key(shared secret) inside the enclave and can verify the structure integrity using the MAC and report key(shared secret between enclaves). If all the information in the report matches, the two enclaves can trust that they run on the same SGX platform. They can then perform key exchange like DH key exchange or any other way to establish a secure channel and they can communicate with each other securely.
Thanks and Regards,
Surenthar Selvaraj
Hi Sam,
Called trusted path is established on top of untrusted path offered by OS (traditional IPC between applications), with cryptographic protection (keys are only known to enclaves). In Local attestation samples available in Intel SGX SDK. The enclave that wants to prove that it is running inside an enclave on an Intel CPU, creates a report inside the enclave(EREPORT). The report does not have any secret in it, but it is MAC'd using the report key, which is accessible and generated inside the enclave . The report is sent to the other enclave through the untrusted channel(Ie, OS provided IPC), and then the report is verified inside the other enclave, which has access to the same report key(shared secret) inside the enclave and can verify the structure integrity using the MAC and report key(shared secret between enclaves). If all the information in the report matches, the two enclaves can trust that they run on the same SGX platform. They can then perform key exchange like DH key exchange or any other way to establish a secure channel and they can communicate with each other securely.
Thanks and Regards,
Surenthar Selvaraj
Thanks for your detailed information
For more complete information about compiler optimizations, see our Optimization Notice.