Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

SGX SDK for MRENCLAVE creation

Ivan_Petrov
Beginner
‎11-21-2019 03:32 AM
426 Views

Hi,

In order to finish a remote attestation, the client (that is checking whether server runs a genuine enclave or not) needs to verify a QUOTE that contains an MRENCAVE value. But in order to do this, the client needs to create such value in advance (an MRENCLAVE value to check against the value in the QUOTE).

So the question is: Which tools from the SGX SDK can client use to create MRENCLAVE ?

 

Regards,

Ivan

0 Kudos

Link Copied

1 Reply
Scott_R_Intel
Employee
‎11-21-2019 12:24 PM
426 Views

Hi Ivan.

See the "Enclave Signing Tool" section in the latest Linux Dev Reference: 

https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.7.1_Open_Source.pdf

This tool adds all the metadata to the enclave, including MRENCLAVE.  After building and signing an enclave, the signtool "dump" argument will allow you to dump all the enclave metadata, including MRENCLAVE (metadata->enclave_css.body.enclave_hash).

More info available here also:  https://software.intel.com/en-us/node/702979

Regards.

Scott

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.