Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

SGX remote attestation in docker

mugnier__eric
Beginner
1,789 Views

Hi all,

In my research I have to install a software that uses SGX inside of a docker container. This software also uses the remote attestation protocol used by intel SGX. 

I have seen that it is possible to compile and run SGX program inside of a SGX container with this docker image: https://hub.docker.com/r/sebvaucher/sgx-base/dockerfile

But when it comes to the remote attestation inside of a container I can not find any resources related to that and when I tried it always failed.

Indeed, when I am in the container, the command "service aesmd status" returns that aesmd is not register as a service. I have also seen people saying that it was not possible because you can not run processes as deamon in a docker container: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/707196 

Does someone have explanation about that? It is possible to fix it and use remote attestation inside of a container? 

Thanks for your help,

Eric

0 Kudos
3 Replies
Scott_R_Intel
Employee
1,789 Views

Hi Eric.

There is at least the project below on GitHub that shows how you can get the aesmd service running in a container.  Hopefully it will help.

https://github.com/tozd/docker-sgx

Regards.

Scott

0 Kudos
Rodolfo_S_
New Contributor III
1,789 Views

Hi, Eric.

The docker image that you mentioned should work just fine for remote attestation. Even though aesm doesn't run as a service, it is executed as a regular process in that container.

I have a slightly modified image (based on sebvaucher's) that you could use for remote attestation purposes. The modification addresses a current issue in the sgx_uae_service.h file.

 

See execution example below:

<badejo>:~ $ docker run -it --rm --device=/dev/isgx --device=/dev/mei0 rodolfoams/sgx-base:sgx_2.5 /bin/bash
jhi[7]: --> jhi start
jhi[7]: <-- jhi start
aesm_service[10]: [ADMIN]White List update requested
jhi[7]: JHI service release prints are enabled

aesm_service[10]: The server sock is 0x55784572d5c0
aesm_service[10]: [ADMIN]Sigma 1.1 session will be established.
aesm_service[10]: Sigma 1.1 session will be established.
root@651be0ece9d9:/usr/src/app# aesm_service[10]: [ADMIN]White list update request successful for Version: 53
 
root@651be0ece9d9:/usr/src/app# ps aux | grep aesm
root        10  0.5  0.1 481108 14212 ?        Ssl  13:47   0:00 /opt/intel/sgxpsw/aesm/aesm_service
root        34  0.0  0.0  11464   904 pts/0    S+   13:47   0:00 grep --color=auto aesm
root@651be0ece9d9:/usr/src/app# cd /opt/intel/sgxsdk/SampleCode/RemoteAttestation/
root@651be0ece9d9:/opt/intel/sgxsdk/SampleCode/RemoteAttestation# make SGX_MODE=HW SGX_DEBUG=0 SGX_PRERELEASE=1
make[1]: Entering directory '/opt/intel/sgxsdk/SampleCode/RemoteAttestation'
service_provider/ecp.cpp:159:60: note: #pragma message: Default key derivation function is used.
 #pragma message ("Default key derivation function is used.")
                                                            ^
CXX  <=  service_provider/ecp.cpp
CXX  <=  service_provider/network_ra.cpp
CXX  <=  service_provider/service_provider.cpp
CXX  <=  service_provider/ias_ra.cpp
LINK =>  libservice_provider.so
GEN  =>  isv_app/isv_enclave_u.h
CC   <=  isv_app/isv_enclave_u.c
CXX  <=  isv_app/isv_app.cpp
LINK =>  app
GEN  =>  isv_enclave/isv_enclave_t.h
CC   <=  isv_enclave/isv_enclave_t.c
isv_enclave/isv_enclave.cpp:197:60: note: #pragma message: Default key derivation function is used.
 #pragma message ("Default key derivation function is used.")
                                                            ^
CXX  <=  isv_enclave/isv_enclave.cpp
LINK =>  isv_enclave.so
<EnclaveConfiguration>
    <ProdID>0</ProdID>
    <ISVSVN>0</ISVSVN>
    <StackMaxSize>0x40000</StackMaxSize>
    <HeapMaxSize>0x100000</HeapMaxSize>
    <TCSNum>1</TCSNum>
    <TCSPolicy>1</TCSPolicy>
    <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
    <DisableDebug>0</DisableDebug>
    <MiscSelect>0</MiscSelect>
    <MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>
tcs_num 1, tcs_max_num 1, tcs_min_pool 1
The required memory is 1998848B.
Succeed.
SIGN =>  isv_enclave.signed.so
The project has been built in pre-release hardware mode.
make[1]: Leaving directory '/opt/intel/sgxsdk/SampleCode/RemoteAttestation'
root@651be0ece9d9:/opt/intel/sgxsdk/SampleCode/RemoteAttestation# LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/opt/intel/sgxsdk/SampleCode/RemoteAttestation/sample_libcrypto/ ./app

Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0 
}

Sending msg0 to remote attestation service provider.

Sent MSG0 to remote attestation service.

Call sgx_create_enclave success.
aesm_service[10]: [ADMIN]EPID Provisioning initiated
aesm_service[10]: [ADMIN]EPID Provisioning successful
Call enclave_init_ra success.
Call sgx_ra_get_msg1 success.

MSG1 body generated -
68 bytes:
{
0xf0, 0x4a, 0x94, 0x64, 0x52, 0x41, 0x9b, 0xf4, 
0xba, 0x1f, 0x1d, 0x55, 0xdc, 0x8d, 0x2d, 0x7c, 
0x3e, 0x40, 0x2, 0x7c, 0xa4, 0xb9, 0x50, 0xd, 
0x3f, 0x9e, 0x3d, 0xbe, 0x7b, 0x16, 0x9c, 0x6d, 
0x55, 0xd1, 0x92, 0xb6, 0x56, 0x87, 0x50, 0xf8, 
0x20, 0x8b, 0x6f, 0xcb, 0xf9, 0x25, 0xd9, 0x8b, 
0xd5, 0x65, 0x1c, 0x44, 0x7, 0xeb, 0xdc, 0x2e, 
0xa8, 0x8d, 0xcd, 0x26, 0x3e, 0x4c, 0xf, 0x8e, 
0x43, 0xb, 0x0, 0x0 
}

Sending msg1 to remote attestation service provider.Expecting msg2 back.

Sent MSG1 to remote attestation service provider. Received the following MSG2:
176 bytes:
{
0x2, 0x0, 0x0, 0xa8, 0x0, 0x0, 0x0, 0x0, 
0x6a, 0x83, 0xdc, 0x84, 0xd4, 0x4c, 0x8a, 0xbb, 
0x5e, 0x42, 0xaf, 0xee, 0x8d, 0xe9, 0xf4, 0x57, 
0x71, 0xfd, 0x73, 0x66, 0xd7, 0xfa, 0xad, 0xfa, 
0xf2, 0x17, 0x14, 0xdd, 0x5a, 0xb9, 0x9e, 0x97, 
0x79, 0xa7, 0x38, 0x72, 0xf2, 0xb8, 0xd6, 0xbe, 
0x18, 0x91, 0x7f, 0xf7, 0xb5, 0xd3, 0xe5, 0x64, 
0x9b, 0x12, 0x18, 0xaf, 0x39, 0x29, 0x6c, 0x24, 
0x19, 0x38, 0x29, 0xb, 0xc6, 0xac, 0xc, 0x62, 
0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x20, 
0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x1, 0x0, 0x1, 0x0, 0x6a, 0x83, 0xdc, 0x84, 
0xd4, 0x4c, 0x8a, 0xbb, 0x5e, 0x42, 0xaf, 0xee, 
0x8d, 0xe9, 0xf4, 0x57, 0x71, 0xfd, 0x73, 0x66, 
0xd7, 0xfa, 0xad, 0xfa, 0xf2, 0x17, 0x14, 0xdd, 
0x5a, 0xb9, 0x9e, 0x97, 0x7a, 0x7d, 0x67, 0x6e, 
0xb, 0x8, 0x63, 0x6e, 0x27, 0x5a, 0x6f, 0xa1, 
0x4d, 0x2b, 0xa1, 0xee, 0x76, 0xcb, 0x78, 0x77, 
0x66, 0xa0, 0x1d, 0x3d, 0x7, 0xac, 0x64, 0x20, 
0x18, 0xb1, 0x44, 0x51, 0xf7, 0xbd, 0x64, 0xb4, 
0x6f, 0xc0, 0x7d, 0x82, 0xb, 0xf3, 0xaa, 0xd2, 
0x23, 0x45, 0x25, 0x69, 0x0, 0x0, 0x0, 0x0 
}

A more descriptive representation of MSG2:
RESPONSE TYPE:   0x2
RESPONSE STATUS: 0x0 0x0
RESPONSE BODY SIZE: 168
MSG2 gb - 64 bytes:
{
0x6a, 0x83, 0xdc, 0x84, 0xd4, 0x4c, 0x8a, 0xbb, 
0x5e, 0x42, 0xaf, 0xee, 0x8d, 0xe9, 0xf4, 0x57, 
0x71, 0xfd, 0x73, 0x66, 0xd7, 0xfa, 0xad, 0xfa, 
0xf2, 0x17, 0x14, 0xdd, 0x5a, 0xb9, 0x9e, 0x97, 
0x79, 0xa7, 0x38, 0x72, 0xf2, 0xb8, 0xd6, 0xbe, 
0x18, 0x91, 0x7f, 0xf7, 0xb5, 0xd3, 0xe5, 0x64, 
0x9b, 0x12, 0x18, 0xaf, 0x39, 0x29, 0x6c, 0x24, 
0x19, 0x38, 0x29, 0xb, 0xc6, 0xac, 0xc, 0x62 
}
MSG2 spid - 16 bytes:
{
0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x20, 
0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 
}
MSG2 quote_type : 1
MSG2 kdf_id : 1
MSG2 sign_gb_ga - 64 bytes:
{
0x6a, 0x83, 0xdc, 0x84, 0xd4, 0x4c, 0x8a, 0xbb, 
0x5e, 0x42, 0xaf, 0xee, 0x8d, 0xe9, 0xf4, 0x57, 
0x71, 0xfd, 0x73, 0x66, 0xd7, 0xfa, 0xad, 0xfa, 
0xf2, 0x17, 0x14, 0xdd, 0x5a, 0xb9, 0x9e, 0x97, 
0x7a, 0x7d, 0x67, 0x6e, 0xb, 0x8, 0x63, 0x6e, 
0x27, 0x5a, 0x6f, 0xa1, 0x4d, 0x2b, 0xa1, 0xee, 
0x76, 0xcb, 0x78, 0x77, 0x66, 0xa0, 0x1d, 0x3d, 
0x7, 0xac, 0x64, 0x20, 0x18, 0xb1, 0x44, 0x51 
}
MSG2 mac - 16 bytes:
{
0xf7, 0xbd, 0x64, 0xb4, 0x6f, 0xc0, 0x7d, 0x82, 
0xb, 0xf3, 0xaa, 0xd2, 0x23, 0x45, 0x25, 0x69 
}
MSG2 sig_rl - 
( null )

Call sgx_ra_proc_msg2 success.

MSG3 - 
1452 bytes:
{
0x2e, 0x69, 0x77, 0x8c, 0xfb, 0xb8, 0x4f, 0x42, 
0xb6, 0x87, 0x6a, 0xc4, 0x4c, 0xee, 0x93, 0x16, 
0xf0, 0x4a, 0x94, 0x64, 0x52, 0x41, 0x9b, 0xf4, 
0xba, 0x1f, 0x1d, 0x55, 0xdc, 0x8d, 0x2d, 0x7c, 
0x3e, 0x40, 0x2, 0x7c, 0xa4, 0xb9, 0x50, 0xd, 
0x3f, 0x9e, 0x3d, 0xbe, 0x7b, 0x16, 0x9c, 0x6d, 
0x55, 0xd1, 0x92, 0xb6, 0x56, 0x87, 0x50, 0xf8, 
0x20, 0x8b, 0x6f, 0xcb, 0xf9, 0x25, 0xd9, 0x8b, 
0xd5, 0x65, 0x1c, 0x44, 0x7, 0xeb, 0xdc, 0x2e, 
0xa8, 0x8d, 0xcd, 0x26, 0x3e, 0x4c, 0xf, 0x8e, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x2, 0x0, 0x1, 0x0, 0x43, 0xb, 0x0, 0x0, 
0x8, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x20, 
0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x8, 0x9, 0x2, 0x4, 0x1, 0x1, 0x1, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x85, 0xe1, 0x95, 0xf0, 0x28, 0x99, 0x95, 0x9f, 
0x9f, 0xc, 0x79, 0x9f, 0x7f, 0xca, 0x8b, 0x4b, 
0x7c, 0x5c, 0x47, 0x6b, 0x3d, 0xb3, 0xdd, 0xfe, 
0xae, 0xa, 0xa4, 0xd9, 0x12, 0x63, 0x35, 0xb, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x60, 0x27, 0x7a, 0xd2, 0xfd, 0xfc, 0x57, 0xe9, 
0x80, 0xe8, 0x76, 0xe7, 0xf8, 0x78, 0xac, 0x19, 
0x9, 0x88, 0xe, 0xa5, 0x38, 0x7, 0x95, 0xa7, 
0xe8, 0xea, 0x98, 0xb1, 0x57, 0x84, 0x1f, 0x85, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x36, 0x11, 0xa5, 0xf3, 0x86, 0xea, 0x27, 0x22, 
0xa7, 0xdf, 0x93, 0xde, 0x53, 0xd8, 0x78, 0x4c, 
0x15, 0x71, 0xcf, 0xf7, 0x76, 0xcf, 0xb2, 0x1b, 
0x76, 0x53, 0xf6, 0x53, 0x3d, 0xdc, 0xe, 0xa0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0xa8, 0x2, 0x0, 0x0, 0x85, 0x89, 0xf4, 0x0, 
0xa4, 0xeb, 0xdc, 0xb7, 0xf8, 0x58, 0x77, 0x8c, 
0xe, 0x1, 0x41, 0xa9, 0xd4, 0x63, 0xb2, 0xb5, 
0xc9, 0x78, 0x4, 0x36, 0x36, 0x4d, 0xbc, 0xeb, 
0x4c, 0x7b, 0x84, 0x53, 0xcf, 0x56, 0x5e, 0x2e, 
0xf0, 0x38, 0xc8, 0x4c, 0x5a, 0x23, 0x8f, 0x93, 
0x91, 0x5d, 0x21, 0x21, 0x2d, 0xcf, 0x83, 0x9a, 
0x9a, 0x15, 0x18, 0xa8, 0xec, 0xea, 0xb7, 0x73, 
0xe8, 0x5a, 0xf0, 0xf1, 0xf9, 0xe6, 0x8e, 0xcf, 
0xe5, 0xed, 0xd9, 0xb8, 0xaa, 0xc5, 0xfd, 0x75, 
0x7c, 0x7f, 0x64, 0x9f, 0xc6, 0x52, 0x24, 0xb2, 
0xb8, 0x8a, 0xd2, 0x55, 0xd0, 0x30, 0xe2, 0xd3, 
0xe9, 0x43, 0xa6, 0xa3, 0xec, 0xc8, 0xc9, 0xe7, 
0x44, 0xbc, 0x59, 0x49, 0x3, 0x29, 0x7f, 0x51, 
0x72, 0x29, 0xaa, 0x72, 0x46, 0x39, 0xc4, 0xc9, 
0xbe, 0x15, 0x5e, 0xff, 0x45, 0x29, 0xd2, 0xdf, 
0x84, 0x33, 0xbd, 0xd9, 0x82, 0x6a, 0x6f, 0xd4, 
0x4f, 0x4a, 0x1d, 0xa7, 0x5b, 0x40, 0x64, 0xf0, 
0xba, 0x4e, 0xa, 0xf0, 0xc8, 0xce, 0x13, 0x4e, 
0x3d, 0xc3, 0xe9, 0xaa, 0xbf, 0x3f, 0xac, 0x62, 
0xe3, 0x28, 0xa7, 0x99, 0x37, 0x76, 0xd1, 0x47, 
0x40, 0x86, 0xd5, 0xbb, 0xe0, 0x8b, 0xcb, 0x43, 
0xe9, 0xc2, 0xed, 0x8e, 0x78, 0xe2, 0x4b, 0xfa, 
0x42, 0x51, 0x78, 0xb0, 0xe9, 0x55, 0x1f, 0x7d, 
0xf2, 0xb, 0x16, 0xa4, 0x55, 0xfa, 0x6, 0xe2, 
0x24, 0xa8, 0x78, 0xb1, 0x6e, 0xb7, 0xd9, 0xb1, 
0x8d, 0x5b, 0xc9, 0x6f, 0x24, 0x65, 0x20, 0xb2, 
0xc4, 0x57, 0xc3, 0xce, 0x8b, 0xf1, 0xc4, 0x8e, 
0xca, 0x68, 0x9c, 0x9d, 0x8c, 0x28, 0x8d, 0xe2, 
0xd4, 0x6c, 0xa5, 0x80, 0xcb, 0x1d, 0xa7, 0xc4, 
0xb9, 0x75, 0x0, 0xd5, 0x1a, 0xe7, 0x64, 0x2e, 
0x31, 0xaf, 0xa3, 0x12, 0xcf, 0x3a, 0xac, 0x71, 
0x37, 0x7a, 0x55, 0x3, 0x47, 0xfc, 0x26, 0x46, 
0xf4, 0x78, 0x12, 0x89, 0xd3, 0xfc, 0x27, 0x83, 
0xdc, 0x18, 0xa5, 0x3f, 0xe3, 0x28, 0xab, 0x19, 
0x25, 0x51, 0xca, 0x27, 0x2f, 0x35, 0x6a, 0x90, 
0x5a, 0x9e, 0xb0, 0x82, 0xd7, 0x79, 0xb0, 0xab, 
0xa5, 0xf8, 0x2c, 0x88, 0x80, 0x0, 0x47, 0xb2, 
0x68, 0x1, 0x0, 0x0, 0x46, 0xd0, 0x53, 0x72, 
0xf6, 0xf7, 0x91, 0xc2, 0x11, 0x2, 0x67, 0x1f, 
0xe8, 0xb8, 0x29, 0xde, 0xf8, 0x54, 0x78, 0x35, 
0x93, 0x48, 0x7f, 0xd7, 0x9, 0x55, 0x2f, 0x45, 
0x38, 0xea, 0x58, 0x9, 0x26, 0x65, 0x8b, 0x13, 
0x1d, 0x61, 0x3c, 0x2b, 0x81, 0x91, 0x7a, 0x4c, 
0xf3, 0x2c, 0x38, 0x27, 0x1a, 0xbd, 0x50, 0xd8, 
0xd, 0xa3, 0x40, 0x7f, 0xf2, 0x3f, 0xcf, 0xc7, 
0x30, 0x70, 0xc4, 0xc5, 0x22, 0x95, 0x1f, 0x3b, 
0xcc, 0x63, 0x33, 0x5d, 0x19, 0x68, 0x4f, 0xbd, 
0xcd, 0x7c, 0x45, 0x38, 0x7c, 0xfa, 0x7a, 0x7a, 
0x52, 0xc, 0x9a, 0x2f, 0x78, 0x99, 0x67, 0xb, 
0x3a, 0xc2, 0x88, 0xe8, 0xb9, 0x98, 0x1e, 0x15, 
0x94, 0x88, 0xcc, 0xea, 0xa6, 0x2b, 0xd9, 0x39, 
0x66, 0x2f, 0x44, 0xd, 0x7f, 0x4f, 0x5a, 0x45, 
0x63, 0x7d, 0x8c, 0xf6, 0xfa, 0x21, 0x1a, 0x78, 
0x31, 0x74, 0xee, 0x65, 0xf3, 0x64, 0xd8, 0xa9, 
0xc8, 0xd3, 0x41, 0xa2, 0x1b, 0xba, 0x77, 0x8b, 
0xb3, 0x3d, 0xf5, 0x6b, 0x6e, 0x4a, 0x11, 0x22, 
0x5f, 0xa2, 0xe4, 0x6e, 0x8, 0x8f, 0x79, 0x17, 
0x2b, 0x58, 0xd6, 0xa5, 0x3c, 0xe9, 0xa2, 0x5, 
0x29, 0x96, 0xf1, 0x76, 0x26, 0x1f, 0xcb, 0xb8, 
0x88, 0x20, 0x38, 0xdb, 0xdc, 0x70, 0xf, 0x5e, 
0x10, 0x9f, 0xf4, 0x4a, 0xf8, 0xad, 0x4a, 0xad, 
0x4b, 0x6b, 0xdd, 0x61, 0x88, 0xc6, 0xab, 0x76, 
0xac, 0xbb, 0xc4, 0xba, 0xb8, 0x24, 0x81, 0x38, 
0xab, 0xf3, 0xb0, 0xc5, 0xbf, 0x15, 0x3b, 0xad, 
0xc1, 0xe5, 0x53, 0x46, 0x53, 0x26, 0x5a, 0x69, 
0xb8, 0x49, 0x25, 0xfa, 0x9e, 0x6, 0x42, 0x8c, 
0x28, 0x68, 0xac, 0xfa, 0xdd, 0x50, 0x19, 0xd, 
0x4a, 0x76, 0x9d, 0x13, 0x34, 0x19, 0xaa, 0x38, 
0xe0, 0x95, 0xe2, 0xad, 0x8b, 0xd3, 0xcd, 0xbe, 
0x6b, 0xff, 0x69, 0xf8, 0x73, 0x14, 0x26, 0xb2, 
0xe4, 0x8d, 0xc7, 0x9d, 0x18, 0x8, 0xd1, 0xc8, 
0x19, 0xd, 0x5e, 0x7b, 0xa2, 0xfd, 0x94, 0xee, 
0x6b, 0x2c, 0x63, 0x6c, 0xf, 0xe1, 0x18, 0x8f, 
0x2, 0x4d, 0x10, 0x41, 0xa, 0xe6, 0x3b, 0x30, 
0xdb, 0xb, 0x91, 0xbb, 0x41, 0x48, 0x96, 0xd1, 
0xa4, 0x72, 0xef, 0x85, 0x4b, 0x97, 0xb5, 0x18, 
0x1d, 0x2f, 0xf7, 0x25, 0x22, 0x15, 0x2, 0x1d, 
0x2a, 0xd4, 0x8e, 0x2a, 0x75, 0x20, 0x7a, 0x77, 
0x1c, 0xcd, 0xa8, 0xf1, 0xb1, 0x98, 0x73, 0xbb, 
0x44, 0xca, 0xc4, 0x61, 0xb, 0x17, 0x58, 0xfe, 
0xe1, 0xcb, 0xb5, 0x7, 0x28, 0xed, 0xc3, 0x14, 
0xde, 0xba, 0x9e, 0x4e, 0x16, 0x65, 0x5e, 0xe8, 
0xc6, 0xea, 0xec, 0xa1, 0x93, 0x6e, 0x37, 0x33, 
0x5c, 0x4d, 0xf1, 0x28, 0x7, 0x78, 0x78, 0xed, 
0x50, 0xab, 0x87, 0xc0 
}


	Attestation Report:
	id: 0x12345678.
	status: 0.
	revocation_reason: 0.
	pse_status: 0.

	Enclave Report:
	Signature Type: 0x1
	Signature Basename: Service X
	attributes.flags: 0x7
	attributes.xfrm: 0x7
	mr_enclave: 85e195f02899959f9f0c799f7fca8b4b7c5c476b3db3ddfeae0aa4d91263350b
	mr_signer: 60277ad2fdfc57e980e876e7f878ac1909880ea5380795a7e8ea98b157841f85
	isv_prod_id: 0x0
	isv_svn: 0x0

Sent MSG3 successfully. Received an attestation result message back
.
ATTESTATION RESULT RECEIVED - 145 bytes:
{
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x97, 0x9e, 0xb9, 0x5a, 0xdd, 0x14, 0x17, 
0xf2, 0xfa, 0xad, 0xfa, 0xd7, 0x66, 0x73, 0xfd, 
0x71, 0x57, 0xf4, 0xe9, 0x8d, 0xee, 0xaf, 0x42, 
0x5e, 0xbb, 0x8a, 0x4c, 0xd4, 0x84, 0xdc, 0x83, 
0x6a, 0x8, 0x70, 0xd, 0xf2, 0x42, 0x8b, 0x2b, 
0xee, 0x42, 0xb0, 0x85, 0xe5, 0xbf, 0x99, 0xc5, 
0x22, 0xf8, 0x37, 0xf7, 0xee, 0xb6, 0x2c, 0xd5, 
0x8c, 0x37, 0xa2, 0xd2, 0x51, 0xed, 0x45, 0xf9, 
0x65, 0x97, 0x45, 0xd9, 0x1, 0xd7, 0x97, 0x38, 
0xe9, 0xe8, 0x9a, 0x5d, 0x33, 0x1e, 0x7b, 0xc2, 
0x5d, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x1b, 0x7f, 0xd0, 0xfe, 0x53, 0x33, 0xf0, 
0xe6, 0x98, 0xdd, 0xac, 0xbc, 0xc4, 0x49, 0x4f, 
0x31 
}

Secret successfully received from server.
Remote attestation success!
Call enclave_ra_close success.
Enter a character before exit ...

root@651be0ece9d9:/opt/intel/sgxsdk/SampleCode/RemoteAttestation#

 

Regards,
Rodolfo

0 Kudos
Rodolfo_S_
New Contributor III
1,789 Views

I forgot to mention.. it is important to note that if you need to use the Platform Services (e.g.: to get a trusted time), currently only one container per host works properly. I'm trying to identify the cause and a possible solution to this issue.

 

Regards,
Rodolfo

0 Kudos
Reply