Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Question about MRENCLAVE and MRSIGNER Register used in attestation

Sam5
New Contributor I
‎07-24-2016 09:43 PM
2,462 Views
Solved Jump to solution

Hi,

Could you please explain the MRENCLAVE and MRSIGNER Register used in attestation.

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
Employee
‎07-25-2016 02:53 AM
2,462 Views
Solved Jump to solution

Hi Sam,

MRENCLAVE and MRSIGNER register values are updated/added during enclave instantiation. During enclave launch time, enclave author identity is verified using the RSA public key provided by author in MRSIGN struct. MRSIGN structure contains the MRENCLAVE, Product ID, SVN (Security Version Number), RSA Public key  and the signature done using the RSA private key. 

After the enclave author identity is verified, the MRENCLAVE value in SIGNSTRUCT is copied to the MRENCLAVE register.Then the measurement value, based on code/initial data, order in which the datas are placed and security properties of the enclave pages is calculated. This calculated measurement MRENCLAVE value is compared to the MRENCLAVE value contained in the MRSIGN structure. If it matches then hash of the public key of enclave author identity(MRSIGNER) is stored in  MRSIGNER register. 

These MRENCLAVE and MRSIGNER register values will be used for sealing data, local and remote attestation. During remote attestation process, registers provides the MRENCLAVE and MRSIGNER values to generate REPORT and QUOTE.

Please refer the "Intel-SGX-SDK-Users-Guide-for-windows-OS" regarding these register values significance  for remote attestation.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
Surenthar_S_Intel
Employee
‎07-25-2016 02:53 AM
2,463 Views
Solved Jump to solution

Hi Sam,

MRENCLAVE and MRSIGNER register values are updated/added during enclave instantiation. During enclave launch time, enclave author identity is verified using the RSA public key provided by author in MRSIGN struct. MRSIGN structure contains the MRENCLAVE, Product ID, SVN (Security Version Number), RSA Public key  and the signature done using the RSA private key. 

After the enclave author identity is verified, the MRENCLAVE value in SIGNSTRUCT is copied to the MRENCLAVE register.Then the measurement value, based on code/initial data, order in which the datas are placed and security properties of the enclave pages is calculated. This calculated measurement MRENCLAVE value is compared to the MRENCLAVE value contained in the MRSIGN structure. If it matches then hash of the public key of enclave author identity(MRSIGNER) is stored in  MRSIGNER register. 

These MRENCLAVE and MRSIGNER register values will be used for sealing data, local and remote attestation. During remote attestation process, registers provides the MRENCLAVE and MRSIGNER values to generate REPORT and QUOTE.

Please refer the "Intel-SGX-SDK-Users-Guide-for-windows-OS" regarding these register values significance  for remote attestation.

Thanks and Reagrds,
Surenthar Selvaraj

0 Kudos
Copy link
Sam5
New Contributor I
‎07-25-2016 05:18 AM
2,462 Views
Solved Jump to solution

Thanks for your Information.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.