Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Question on Remote Attestation Sample Code shipped in SDK

Rong_Z_
Beginner
‎07-12-2016 04:16 PM
658 Views
Solved Jump to solution

Hi all,

I'm trying to make attestation on IAS, and I can receive the quote structure from enclaves successfully, however I always got response with status code 400. I think that due to the improper encoding of the quote. Then I looked into the remote attestation sample code, and found the following function:

p_quote = (sample_quote_t *)p_msg3->quote
ret = ias_verify_attestation_evidence(p_quote, NULL, &attestation_report);

Where the p_quote is the quote structure extract from msg3, and then the sample code directly used it in the above function without any encoding. According to the comments in the sample code, this function will submit the quote to IAS, and create attestation report on IAS. I'm confused about that, does that mean we can directly send quote to IAS?

 

Best,

Rong

0 Kudos
1 Solution
Surenthar_S_Intel
Employee
‎07-13-2016 03:22 AM
658 Views
Solved Jump to solution

Hi Rong,

In the sample code provided for remote attestation, the ISV is written as an application running locally.  They have used the "ias_verify_attestation_evidence()" function to verify the quote  that is sent from the ISV APP to ISV. Here Quote are sent without any encryption. But in real scenario , ISV will send the encrypted quote across the network using the network call to IAS server for verification.

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

0 Kudos
Copy link

Link Copied

3 Replies
Surenthar_S_Intel
Employee
‎07-13-2016 03:22 AM
659 Views
Solved Jump to solution

Hi Rong,

In the sample code provided for remote attestation, the ISV is written as an application running locally.  They have used the "ias_verify_attestation_evidence()" function to verify the quote  that is sent from the ISV APP to ISV. Here Quote are sent without any encryption. But in real scenario , ISV will send the encrypted quote across the network using the network call to IAS server for verification.

Thanks and Regards,
Surenthar Selvaraj

0 Kudos
Copy link
Rong_Z_
Beginner
‎07-15-2016 11:33 AM
658 Views
Solved Jump to solution

Hi Surenthar,

Thanks for replying. Actually, I'm trying to request IAS and always fails by receiving status code 400, I think that may due to improper encoding. Since we will build a remote attestation platform based on our own channel, thus I have to know how the quote been encoded, could you please tell me some details on how to encode that? 

Also I dumped the quote in memory and find that the spid in quote contains only 16bytes, however I received a 32 byte string from Intel denoted as spid and I do input all 32bytes into the function sgx_get_quote(). I want to know that, does that affect the attestation result?

 

Untitled_0.png

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.