Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Question on Remote Attestation Sample Code shipped in SDK

Rong_Z_
Beginner
212 Views

Hi all,

I'm trying to make attestation on IAS, and I can receive the quote structure from enclaves successfully, however I always got response with status code 400. I think that due to the improper encoding of the quote. Then I looked into the remote attestation sample code, and found the following function:

p_quote = (sample_quote_t *)p_msg3->quote
ret = ias_verify_attestation_evidence(p_quote, NULL, &attestation_report);

Where the p_quote is the quote structure extract from msg3, and then the sample code directly used it in the above function without any encoding. According to the comments in the sample code, this function will submit the quote to IAS, and create attestation report on IAS. I'm confused about that, does that mean we can directly send quote to IAS?

 

Best,

Rong

0 Kudos
1 Solution
Surenthar_S_Intel
212 Views

Hi Rong,

In the sample code provided for remote attestation, the ISV is written as an application running locally.  They have used the "ias_verify_attestation_evidence()" function to verify the quote  that is sent from the ISV APP to ISV. Here Quote are sent without any encryption. But in real scenario , ISV will send the encrypted quote across the network using the network call to IAS server for verification.

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

3 Replies
Surenthar_S_Intel
213 Views

Hi Rong,

In the sample code provided for remote attestation, the ISV is written as an application running locally.  They have used the "ias_verify_attestation_evidence()" function to verify the quote  that is sent from the ISV APP to ISV. Here Quote are sent without any encryption. But in real scenario , ISV will send the encrypted quote across the network using the network call to IAS server for verification.

Thanks and Regards,
Surenthar Selvaraj

Rong_Z_
Beginner
212 Views

Hi Surenthar,

Thanks for replying. Actually, I'm trying to request IAS and always fails by receiving status code 400, I think that may due to improper encoding. Since we will build a remote attestation platform based on our own channel, thus I have to know how the quote been encoded, could you please tell me some details on how to encode that? 

Also I dumped the quote in memory and find that the spid in quote contains only 16bytes, however I received a 32 byte string from Intel denoted as spid and I do input all 32bytes into the function sgx_get_quote(). I want to know that, does that affect the attestation result?

 

Untitled_0.png

Surenthar_S_Intel
212 Views
Reply