Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Ivan_Petrov
Beginner
122 Views

SGX SDK for MRENCLAVE creation

Hi,

In order to finish a remote attestation, the client (that is checking whether server runs a genuine enclave or not) needs to verify a QUOTE that contains an MRENCAVE value. But in order to do this, the client needs to create such value in advance (an MRENCLAVE value to check against the value in the QUOTE).

So the question is: Which tools from the SGX SDK can client use to create MRENCLAVE ?

 

Regards,

Ivan

0 Kudos
1 Reply
Scott_R_Intel
Employee
122 Views

Hi Ivan.

See the "Enclave Signing Tool" section in the latest Linux Dev Reference: 

https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.7.1...

This tool adds all the metadata to the enclave, including MRENCLAVE.  After building and signing an enclave, the signtool "dump" argument will allow you to dump all the enclave metadata, including MRENCLAVE (metadata->enclave_css.body.enclave_hash).

More info available here also:  https://software.intel.com/en-us/node/702979

Regards.

Scott

Reply