Community
cancel
Showing results for 
Search instead for 
Did you mean: 
hyunsoo
Novice
121 Views

How quote enclave verify application enclave's report?

Jump to solution

The white paper(https://software.intel.com/content/dam/develop/external/us/en/documents/hasp-2013-innovative-technol...) describes that attestation mechanism. I popped two questions from section 3.2.3

1. Quote enclave is black-box to programmer since there is no official document how quote enclave verifies the application enclave's report and also there is no source code. I'm guessing that the ability to verify the report provided by the application enclave requires the calculation of MAC over the application's enclave activity cryptographic logs which are already calculated by the application's enclave to check whether matches between provided one and calculated one itself in quote enclave. Could you unpack that how quote enclave verifies the application's report?

 

2. Remote attestation requires IAS to verify quote. I'm wondering that the exact job the IAS does. The integrity of the application's enclave is already checked by local quote enclave. I think that IAS just chekcs the whether EPID exist in Intel's database. Is this all?

0 Kudos

Accepted Solutions
JesusG_Intel
Moderator
92 Views

Hello Hyunsoo,


I am trying to provide you resources that answer your questions thoroughly and completely, even with diagrams. It seems to me that you like to understand SGX and remote attestation very deeply so I am giving you resources that get you there.


There is much documentation published that explains all of this so, from my perspective, it does not make sense to rewrite something that has been explained perfectly well elsewhere.


This forum is used primarily for technical support. If something isn't working, I can help you get it working. For long, technical answers about how things work, it is more effective to point you to pre-existing documentation.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

4 Replies
JesusG_Intel
Moderator
106 Views

Hello Hyunsoo,


This page is not from Intel but it does a good job of explaining Remote Attestation: http://www.sgx101.com/portfolio/remote_attestation/. It lists references at the bottom that may also be of interest to you.


The QE and other architectural enclaves are not a black-box. They are open-source. Here is the source code for the QE:


https://github.com/intel/linux-sgx/blob/master/psw/ae/qe/quoting_enclave.cpp.


You can explore the rest of the Github repo for the the code for the PSW and Linux driver.


Sincerely,

Jesus G.

Intel Customer Support


hyunsoo
Novice
98 Views

I'm sorry, I didn't know whether the source code exists. Thanks for giving a reference, but you seem to avoid answering all key questions.

JesusG_Intel
Moderator
93 Views

Hello Hyunsoo,


I am trying to provide you resources that answer your questions thoroughly and completely, even with diagrams. It seems to me that you like to understand SGX and remote attestation very deeply so I am giving you resources that get you there.


There is much documentation published that explains all of this so, from my perspective, it does not make sense to rewrite something that has been explained perfectly well elsewhere.


This forum is used primarily for technical support. If something isn't working, I can help you get it working. For long, technical answers about how things work, it is more effective to point you to pre-existing documentation.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

JesusG_Intel
Moderator
74 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.