- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Could you please explain the MRENCLAVE and MRSIGNER Register used in attestation.
-Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sam,
MRENCLAVE and MRSIGNER register values are updated/added during enclave instantiation. During enclave launch time, enclave author identity is verified using the RSA public key provided by author in MRSIGN struct. MRSIGN structure contains the MRENCLAVE, Product ID, SVN (Security Version Number), RSA Public key and the signature done using the RSA private key.
After the enclave author identity is verified, the MRENCLAVE value in SIGNSTRUCT is copied to the MRENCLAVE register.Then the measurement value, based on code/initial data, order in which the datas are placed and security properties of the enclave pages is calculated. This calculated measurement MRENCLAVE value is compared to the MRENCLAVE value contained in the MRSIGN structure. If it matches then hash of the public key of enclave author identity(MRSIGNER) is stored in MRSIGNER register.
These MRENCLAVE and MRSIGNER register values will be used for sealing data, local and remote attestation. During remote attestation process, registers provides the MRENCLAVE and MRSIGNER values to generate REPORT and QUOTE.
Please refer the "Intel-SGX-SDK-Users-Guide-for-windows-OS" regarding these register values significance for remote attestation.
Thanks and Reagrds,
Surenthar Selvaraj
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sam,
MRENCLAVE and MRSIGNER register values are updated/added during enclave instantiation. During enclave launch time, enclave author identity is verified using the RSA public key provided by author in MRSIGN struct. MRSIGN structure contains the MRENCLAVE, Product ID, SVN (Security Version Number), RSA Public key and the signature done using the RSA private key.
After the enclave author identity is verified, the MRENCLAVE value in SIGNSTRUCT is copied to the MRENCLAVE register.Then the measurement value, based on code/initial data, order in which the datas are placed and security properties of the enclave pages is calculated. This calculated measurement MRENCLAVE value is compared to the MRENCLAVE value contained in the MRSIGN structure. If it matches then hash of the public key of enclave author identity(MRSIGNER) is stored in MRSIGNER register.
These MRENCLAVE and MRSIGNER register values will be used for sealing data, local and remote attestation. During remote attestation process, registers provides the MRENCLAVE and MRSIGNER values to generate REPORT and QUOTE.
Please refer the "Intel-SGX-SDK-Users-Guide-for-windows-OS" regarding these register values significance for remote attestation.
Thanks and Reagrds,
Surenthar Selvaraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your Information.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page