Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1496 Discussions

Local Attestation for Platform Security

bergmann__Tina
Beginner
‎01-15-2018 01:13 AM
714 Views

Hi All,

I am just a beginner using this technology. I was reading up the documentation to understand. 

Can we somehow ensure that a self-attested Application using Local Attestation to prove the integrity and confidentiality of an Application Enclave or is remote attestation indispensible and the only way to prove an App is secure? I am assuming even if OS, Hypervisor etc. are all untrusted, the Intel PSW is a trusted software and therefore using Quoting Enclave is it not possible to self attest an Application Enclave for its integrity?

Also, if the MRENCLAVE measurement of the Application is taken newly everytime the Application is loaded, and if no "known hash" exists to compare with , how can we be assured that it has not been "re-written" and "re-signed"?

 

Thanks for clarification.

 

 

-Tina

 

0 Kudos

Link Copied

3 Replies
you_w_
New Contributor III
‎01-15-2018 06:41 PM
714 Views

Hi:

To prove the App's security,Remote attestation is needed. The Quoting Enclave is used to change  "SGX report" to "SGX quote". In that process it uses the EPID algorithm for generating a signature. In remote attestation process, we check a lot of things, like MrEnclave, MrSigner, isv_SVN and so on to make sure that, the enclave is the right enclave, and the platform satisfies the security requirement.  We can use remote attestation to check one of applications, and then use the enclave local attest others. 

Launching Enclave will check the integrity of an Enclave when it launching. When we sign an Enclave, the signer will write MrENCLAVE and MrSigner in Enclave metadata. Launching Enclave will take the value in metadata for comparison.

Regards 

you

0 Kudos
Copy link
bergmann__Tina
Beginner
‎01-16-2018 02:21 AM
714 Views

Thanks for the reply. Also, is remote attestation a prerequisite for every running Enclave to be sure it is secure?

I mean can an enclave that is launched proceed doing any "operations" it is supposed to do within the system? Or will the SGX PSW wait until it is remotely attested to proceed?

 

Regarding the Launch Enclave, is this the Enclave that "locally" attests an Enclave?Also if each Enclave is launched on the platform and its integrity checked, what is then the need for intra-enclave attestation(Local attestation using a Report as described by local attestation)

Thanks,

 

Tina

 

0 Kudos
Copy link
you_w_
New Contributor III
‎01-18-2018 11:05 PM
714 Views

Hi : 

The Local Attestation is used for share secret or make ecalls across different enclaves. Only by verified the identity of other enclaves, can  a enclave get it's trust.  "each Enclave is launched on the platform and its integrity checked" ------This only  make sure that the Enclave is not modified after signed. I mean that If I write an Enclave and run it on the platform, It should not have the ability to make ecall to your enclave.

Regards

You

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.