Is is possible to get hash value of enclave in the enclave?

Woo__Byeong_su · ‎01-08-2020

Hi,

I just found sgx_get_target_info function, and I can read the hash value of target enclave.

But, this function is defined at untrusted part.

So, I want to know if I can get target enclave's hash value in the target enclave(trusted part). (i.e. can I get enclave X's hash value in enclave X?)

If it is impossible, can you give a hint 'how to get confidence that created enclave is my enclave'?

I'm trying to solve this problem by comparing hash value. (hash value in sgx_sign dumpfile and hash value of enclave)

Thank you.

Rodolfo_S_ · ‎01-22-2020

Hi there,

I'm not sure why you would want to obtain the enclave hash from within an enclave, but yes, you can obtain the enclave hash from within the enclave. From the top of my head, you could do the following steps:

1. Initiate a DH session with `sgx_dh_init_session`;
2. Generate DH msg1 with `sgx_dh_responder_gen_msg1` using the DH session obtained in step 1;
3. Create a REPORT structure with `sgx_create_report` using the target info from msg1;
4. Obtain the hash from the report structure.

There should be a simpler way but I can't remember any as of now.

Regards,
Rodolfo

Junli_S_Intel · ‎02-02-2020

In the target enclave, you can just call function: sgx_create_report, the generated report will include the target enclave's hash value(MREnclave),