I want to perform remote attestation of the server's platform to an application running on a client. So basically the server is supposed to send the secret message containing the attestation to the client.
In the Intel documentation and the example code https://github.com/01org/linux-sgx, I got a bit confused. The application "isv_app" is creating an enclave which performs the message exchange with the "Service Provider".
Can the Service Provider in this case be considered as the server for the remote attestation?
Shouldn't the server that provides the attestation also create an enclave as well or am I just misinterpreting the scenario!?
I believe you are confusing some concepts there.
In the remote attestation process we have three main "participants":
- isv_app - contains the application code which will receive some secret. It is divided into two parts, the untrusted code, and the SGX enclave. The enclave part is the one that will be attested and, as a result of the process, have a shared symmetric key used to safely communicate with the SP.
- Service Provider (SP) - in this context, the SP is the one that has some sensitive data (secrets) that are to be sent to the isv_app's enclave. Before sending the secrets to the isv_app's enclave, it needs to attest that it is really running an SGX enclave, and that it is the exact enclave that should be running.
- Intel Attestation Service (IAS) - IAS is the actual "attestation server". It is able to verify the authenticity of a QUOTE structure generated by an SGX enclave. It is a Web server accessible via HTTPS requests. More information about IAS here.
The SP communicates with IAS to verify the QUOTE structure sent by the isv_app's enclave, and thus doesn't need to use the SGX SDK nor to have an enclave.