Solved: How to verify the correctness of the server's code

double · ‎06-27-2022

Hello,

If I want to run the enclave code in a remote server, I need to do remote attestation with the remote server. But how can I guarantee that the enclave code running in the remote server is the enclave code I provide? After studying the code samples for remote attestation(https://www.intel.com/content/www/us/en/developer/articles/code-sample/software-guard-extensions-remote-attestation-end-to-end-example.html), I guessed that the enclave measurement in the remote server should be represented by report_body in quote[] in Msg3. But regarding the fields in the report_body I don't see the measurement section regarding the enclave code. I don't know how the client can ensure that the enclave code in the remote server is legitimate.

Thank you very much.

Sahira_Intel · ‎07-15-2022

Hi double,

If you look at the code from the article you linked, you can find that the measurement from that article is compare here, and looking at the report structure in the SGX SDK code, you can see that the enclave measurement (MRENCLAVE) is part of the report body, as seen here.

Hope this is helpful.

Sincerely,

Sahira

View solution in original post

Sahira_Intel · ‎07-15-2022

Hi double,

If you look at the code from the article you linked, you can find that the measurement from that article is compare here, and looking at the report structure in the SGX SDK code, you can see that the enclave measurement (MRENCLAVE) is part of the report body, as seen here.

Hope this is helpful.

Sincerely,

Sahira