Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Sam5
New Contributor I
785 Views

Question about MRENCLAVE and MRSIGNER Register used in attestation

Jump to solution

Hi,

Could you please explain the MRENCLAVE and MRSIGNER Register used in attestation.

-Thanks

0 Kudos
1 Solution
785 Views

Hi Sam,

MRENCLAVE and MRSIGNER register values are updated/added during enclave instantiation. During enclave launch time, enclave author identity is verified using the RSA public key provided by author in MRSIGN struct. MRSIGN structure contains the MRENCLAVE, Product ID, SVN (Security Version Number), RSA Public key  and the signature done using the RSA private key. 

After the enclave author identity is verified, the MRENCLAVE value in SIGNSTRUCT is copied to the MRENCLAVE register.Then the measurement value, based on code/initial data, order in which the datas are placed and security properties of the enclave pages is calculated. This calculated measurement MRENCLAVE value is compared to the MRENCLAVE value contained in the MRSIGN structure. If it matches then hash of the public key of enclave author identity(MRSIGNER) is stored in  MRSIGNER register. 

These MRENCLAVE and MRSIGNER register values will be used for sealing data, local and remote attestation. During remote attestation process, registers provides the MRENCLAVE and MRSIGNER values to generate REPORT and QUOTE.

Please refer the "Intel-SGX-SDK-Users-Guide-for-windows-OS" regarding these register values significance  for remote attestation.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

2 Replies
786 Views

Hi Sam,

MRENCLAVE and MRSIGNER register values are updated/added during enclave instantiation. During enclave launch time, enclave author identity is verified using the RSA public key provided by author in MRSIGN struct. MRSIGN structure contains the MRENCLAVE, Product ID, SVN (Security Version Number), RSA Public key  and the signature done using the RSA private key. 

After the enclave author identity is verified, the MRENCLAVE value in SIGNSTRUCT is copied to the MRENCLAVE register.Then the measurement value, based on code/initial data, order in which the datas are placed and security properties of the enclave pages is calculated. This calculated measurement MRENCLAVE value is compared to the MRENCLAVE value contained in the MRSIGN structure. If it matches then hash of the public key of enclave author identity(MRSIGNER) is stored in  MRSIGNER register. 

These MRENCLAVE and MRSIGNER register values will be used for sealing data, local and remote attestation. During remote attestation process, registers provides the MRENCLAVE and MRSIGNER values to generate REPORT and QUOTE.

Please refer the "Intel-SGX-SDK-Users-Guide-for-windows-OS" regarding these register values significance  for remote attestation.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

Sam5
New Contributor I
785 Views

Thanks for your Information.

Reply