- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to use an enclave to run a function/piece of code, lets call it F. I want to publish a proof that shows that F was executed and it gave the output/result R after execution. I suppose this will be the quote/report of the enclave, is this correct?
All examples I see contain remote attestation with a specific remote server. I however would like this quote/report to be published publicly so anyone can check its validity using the Intel Attestation Service.
Is that possible or does it have to be directed to a specific remote party?
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Olibot2000,
The quote or report generated by the Quoting Enclave does not provide proof that any code was executed. From Code Sample: Intel® Software Guard Extensions Remote Attestation End-to-End Example: "As part of attestation, the client's enclave proves the following:
- Its identity
- That it has not been tampered with
- That it is running on a genuine platform with Intel SGX enabled
- That it is running at the latest security level, also referred to as the Trusted Computing Base (TCB) level"
The quote generated by the enclave's platform cannot be published in such a way that just any service provider can decrypt and read it. Read the section, "Client-Server protocol" for more information. Basically, the service provider and enclave exchange a set of keys that they use to encrypt the secrets they share with each other. The service provider's public key should be hard-coded within the enclave for security purposes.
Sincerely,
Jesus G.
Intel Customer Support
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To clarify, in short:
I would like an enclave to run code F() and for an unspecific remote party to be able to verify that F() executed in enclave and that it gave a certain output R.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Olibot2000,
The quote or report generated by the Quoting Enclave does not provide proof that any code was executed. From Code Sample: Intel® Software Guard Extensions Remote Attestation End-to-End Example: "As part of attestation, the client's enclave proves the following:
- Its identity
- That it has not been tampered with
- That it is running on a genuine platform with Intel SGX enabled
- That it is running at the latest security level, also referred to as the Trusted Computing Base (TCB) level"
The quote generated by the enclave's platform cannot be published in such a way that just any service provider can decrypt and read it. Read the section, "Client-Server protocol" for more information. Basically, the service provider and enclave exchange a set of keys that they use to encrypt the secrets they share with each other. The service provider's public key should be hard-coded within the enclave for security purposes.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page