Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

SGX SDK for MRENCLAVE creation

Ivan_Petrov
Beginner
235 Views

Hi,

In order to finish a remote attestation, the client (that is checking whether server runs a genuine enclave or not) needs to verify a QUOTE that contains an MRENCAVE value. But in order to do this, the client needs to create such value in advance (an MRENCLAVE value to check against the value in the QUOTE).

So the question is: Which tools from the SGX SDK can client use to create MRENCLAVE ?

 

Regards,

Ivan

0 Kudos
1 Reply
Scott_R_Intel
Employee
235 Views

Hi Ivan.

See the "Enclave Signing Tool" section in the latest Linux Dev Reference: 

https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.7.1...

This tool adds all the metadata to the enclave, including MRENCLAVE.  After building and signing an enclave, the signtool "dump" argument will allow you to dump all the enclave metadata, including MRENCLAVE (metadata->enclave_css.body.enclave_hash).

More info available here also:  https://software.intel.com/en-us/node/702979

Regards.

Scott

Reply