I am new in Intel SGX, I have created s simple application (Hello from enclave), and I want to provision my enclave with secrets. I have read that a Service Provider can provision an enclave with Secrets (over a secure chanel DHKE) after performing a remote attestation with the enclave. but unti now I don't know what the Service Provider is? (I read that the Service Provider have to be out of the platform where the enclave is executing).
could you please tell me what is exactly a Service Provider in this case?
Service provider is that who has the overall power to verify the quote structure and signature. However it will not verify the enclave identity. It sends an encrypt (rijndael128) mac data to client and client will decrypt and compare it. If so then client is attested by the server.
Hi @larguet, ramzi,
To understand the different players in Remote Attestation lets consider the following scenario,
you have some secret data in your server (S, here your server is Service Provider) , and you want to transfer to some other remote machine (RM, here RM is the client). Here you need to ensure that remote machine won't expose your secret data.
Inoder to do this RM should run its receiving and storing logic in Intel SGX enclave. Now in your server S before sharing the secrets you need to check whether RM running proper code on Intel SGX using Remote Attestation.
In Remote Attestation, RM shares its quote with your Server S in a secured DHKE session, your S will contact IAS to verify the quote. If the quote is valid then RM is running on SGX and you can use the same secure DHKE session to share secrets from S to RM.
@others please correct me if i am wrong.
Just complementing the information:
Knowing only that the RM is running on SGX is not enough (it could be a malicious software running inside an enclave). After receiving a confirmation from IAS that the quote is valid, the S still needs to verify if the enclave identity (MRENCLAVE or MRSIGNER, depending on the policy of the server) present in the quote is the one expected. Only after checking this should the S provision secrets to the client.
need to check whether RM running proper code on Intel SGX using Remote Attestation.
thats what i have mentioned as check whether RM running proper code on Intel SGX.
Anyways i should have mentioned MRENCLAVE. Can we actually validate code running on SGX using MRSIGNER? what if client(RM) intentionally adds malicious code and signs that enclave using its key?