Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1521 Discussions

Is is possible to get hash value of enclave in the enclave?

Woo__Byeong_su
Beginner
‎01-08-2020 12:59 AM
843 Views

Hi,

I just found sgx_get_target_info function, and I can read the hash value of target enclave.

But, this function is defined at untrusted part.

So, I want to know if I can get target enclave's hash value in the target enclave(trusted part). (i.e. can I get enclave X's hash value in enclave X?)

If it is impossible, can you give a hint 'how to get confidence that created enclave is my enclave'?

I'm trying to solve this problem by comparing hash value. (hash value in sgx_sign dumpfile and hash value of enclave)

Thank you.

0 Kudos

Link Copied

2 Replies
Rodolfo_S_
New Contributor III
‎01-22-2020 05:48 AM
843 Views

Hi there,

I'm not sure why you would want to obtain the enclave hash from within an enclave, but yes, you can obtain the enclave hash from within the enclave. From the top of my head, you could do the following steps:

1. Initiate a DH session with `sgx_dh_init_session`;
2. Generate DH msg1 with `sgx_dh_responder_gen_msg1` using the DH session obtained in step 1;
3. Create a REPORT structure with `sgx_create_report` using the target info from msg1;
4. Obtain the hash from the report structure.

There should be a simpler way but I can't remember any as of now.

Regards,
Rodolfo

0 Kudos
Copy link
Junli_S_Intel
Employee
‎02-02-2020 08:18 AM
843 Views

In the target enclave, you can just call function: sgx_create_report, the generated report will include the target enclave's hash value(MREnclave),

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.