Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

RA: Why query IAS for SigRL?

Daniel_ˢᵍˣ
New Contributor I
582 Views

During remote attestation the Service Provider, SP, has to query IAS for two things:

  1. Get SigRL(gid)
  2. Get Report(quote)

In the function sgx_get_quote the p_sig_rl argument can be NULL.

The SigRL returned by IAS is not signed (by IAS), meaning it could have been modified before we use it in sgx_get_quote.

I'm assuming that if we ignore the first IAS query that IAS still knows whether the processor is legitimate, up to date, and not blacklisted.

 

  1. Is it safe to ignore the first IAS query, i.e. not do Get SigRL but only do get Get Report, using a NULL p_sig_rl? Will remote attestation still work correctly?
  2. If we can invoke Get Report directly without the SigRL, then what is the point of doing the extra step Get SigRL?
Labels (2)
0 Kudos
1 Solution
JesusG_Intel
Moderator
474 Views

Hello Daniel, I finally have an answer for you. You must always get the SigRL from IAS. If the SigRL gets tampered with in any way, the platform, whether it's valid or not, will fail attestation because the IAS will know that the platfrom's report does not contain the appropriate SigRL.


An EPID group can have valid platforms and revoked/invalid platforms. The SigRL contains signatures of revoked platforms in an EPID group. If a valid platform signs it's quote with an empty SigRL and it is part of an EPID group that has revoked platforms in it (the SigRL is not supposed to be empty), then that valid platform will fail.

 

An empty SigRL list exists only for EPID groups without any revoked platforms. You can send empty SigRLs only to platforms in clean EPID groups.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

4 Replies
JesusG_Intel
Moderator
523 Views

Hello Daniel,


You mention good points. We are checking with our internal resources and will update you as soon as we have a response.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
475 Views

Hello Daniel, I finally have an answer for you. You must always get the SigRL from IAS. If the SigRL gets tampered with in any way, the platform, whether it's valid or not, will fail attestation because the IAS will know that the platfrom's report does not contain the appropriate SigRL.


An EPID group can have valid platforms and revoked/invalid platforms. The SigRL contains signatures of revoked platforms in an EPID group. If a valid platform signs it's quote with an empty SigRL and it is part of an EPID group that has revoked platforms in it (the SigRL is not supposed to be empty), then that valid platform will fail.

 

An empty SigRL list exists only for EPID groups without any revoked platforms. You can send empty SigRLs only to platforms in clean EPID groups.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
452 Views

Hello Daniel,


I hope the information on SigRL that I provided to you answers your question.


I will close this thread now and Intel will no longer monitor it. Please start a new thread if you need further help.


Sincerely,

Jesus G.

Intel Customer Support


Daniel_ˢᵍˣ
New Contributor I
424 Views

Hello Jesus,

Thank you, it does!

Daniel

Reply