In case external users (other than the enclave developer who has signed the enclave with his private key) need to share data with the application enclave, is it possible for these users to get a certified measurement of the application enclave (e.g. from the quoting enclave) without the enclave developer being able to tamper with this measurement?
In other words, can the enclave developer prove to an external user that it is safe the share his data with the enclave?
However, I don't think it answers my question. What I would like to know is if it is possible for an enclave to provide (with ISV's agreement) a remote attestation to an external user that is not the ISV (i.e. not the enclave developper who signed the enclave).
Maybe something like the figure below:
I will try to rephrase this: Can a user (other than the ISV who has the private signing key) obtain a remote attestation from (or with the help of) the ISV but without the ISV being able to tamper with this attestation?
This is absolutely possible. The private signing key is not needed in the process of producing a quote once the enclave application is already running. The quote is signed with the EPID key, and not with the private signing key.
About this issue,I still have a question.
EPID (key) seems to prove the ISV identity。but how to prove the code run in the enclave is the one expected , by comparing the "MRENCLAVE" measurement value ?