- Marcar como nuevo
- Favorito
- Suscribir
- Silenciar
- Suscribirse a un feed RSS
- Resaltar
- Imprimir
- Informe de contenido inapropiado
The developer may be want to prevent old version enclaves executing. However the old enclaves together with old SIGSTRUCT and TOKEN have been delivered.
- Marcar como nuevo
- Favorito
- Suscribir
- Silenciar
- Suscribirse a un feed RSS
- Resaltar
- Imprimir
- Informe de contenido inapropiado
gu j. wrote:
Does the attestation usually take place at the launch time of enclave? If so, does it mean remote entity cannot stop the execution of old version enclaves which have already run?
Attestation can happen at any time when an enclave asks the remote entity to provision secrets to it. The remote entity cannot stop the execution of the enclave, but it can fail the enclave attestation and refuse to provision it with any new secrets.
Enlace copiado
- Marcar como nuevo
- Favorito
- Suscribir
- Silenciar
- Suscribirse a un feed RSS
- Resaltar
- Imprimir
- Informe de contenido inapropiado
Hi Gu,
Is your application using Remote Attestation? If so, you can revoke an enclave's ability to attest via several methods.The Service Provider can update the ISVSVN or ISVPRODID and subsequently fail attestation requests. The ISV can also ask to place the signature on the Signature Revocation List (SigRL). Please refer to the following article for more information: https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisioning-and-attestation-services.
If your application is not using attestation, there is no way to prevent the enclave from executing without changing the underlying Trusted Compute Base on the local platform.
- Marcar como nuevo
- Favorito
- Suscribir
- Silenciar
- Suscribirse a un feed RSS
- Resaltar
- Imprimir
- Informe de contenido inapropiado
Alexander B. (Intel) wrote:
Hi
Gu ,Is your application using Remote Attestation? If so, you can revoke an enclave's ability to attest via several methods
. The Service Provider can update the ISVSVN or ISVPRODID and subsequently fail attestation requests. The ISV can also ask to place the signature on the Signature Revocation List (SigRL). Please refer to the following article for more information: https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisioning-and-attestation-services.If your application is not using attestation, there is no way to prevent the enclave from executing without changing the underlying Trusted
Compute Base on the local platform.[/
quote ]Does the attestation usually take place at the launch time of enclave? If so, does it mean
remote entity cannot stop the execution of old version enclaves which have already run?Thanks!
- Marcar como nuevo
- Favorito
- Suscribir
- Silenciar
- Suscribirse a un feed RSS
- Resaltar
- Imprimir
- Informe de contenido inapropiado
gu j. wrote:
Does the attestation usually take place at the launch time of enclave? If so, does it mean remote entity cannot stop the execution of old version enclaves which have already run?
Attestation can happen at any time when an enclave asks the remote entity to provision secrets to it. The remote entity cannot stop the execution of the enclave, but it can fail the enclave attestation and refuse to provision it with any new secrets.
- Suscribirse a un feed RSS
- Marcar tema como nuevo
- Marcar tema como leído
- Flotar este Tema para el usuario actual
- Favorito
- Suscribir
- Página de impresión sencilla