Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

How to verify the correctness of the server's code

double
Novice
602 Views

Hello,

If I want to run the enclave code in a remote server, I need to do remote attestation with the remote server. But how can I guarantee that the enclave code running in the remote server is the enclave code I provide? After studying the code samples for remote attestation(https://www.intel.com/content/www/us/en/developer/articles/code-sample/software-guard-extensions-remote-attestation-end-to-end-example.html), I guessed that the enclave measurement in the remote server should be represented by report_body in quote[] in Msg3. But regarding the fields in the report_body I don't see the measurement section regarding the enclave code. I don't know how the client can ensure that the enclave code in the remote server is legitimate.

Thank you very much.

0 Kudos
1 Solution
Sahira_Intel
Moderator
553 Views

Hi double,

If you look at the code from the article you linked, you can find that the measurement from that article is compare here, and looking at the report structure in the SGX SDK code, you can see that the enclave measurement (MRENCLAVE) is part of the report body, as seen here.

Hope this is helpful.

 

Sincerely,

Sahira 

View solution in original post

0 Kudos
1 Reply
Sahira_Intel
Moderator
554 Views

Hi double,

If you look at the code from the article you linked, you can find that the measurement from that article is compare here, and looking at the report structure in the SGX SDK code, you can see that the enclave measurement (MRENCLAVE) is part of the report body, as seen here.

Hope this is helpful.

 

Sincerely,

Sahira 

0 Kudos
Reply