Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1488 Discussions

what is the relationship between report key and mrenclave?

riclee
Beginner
1,645 Views

I got an explation about EREPORT insturction , as following:

riclee_0-1669778244950.png

"This instruction generates a cryptographic structure, called REPORT, that binds mrenclave to the target enclave’s REPORT KEY."

 

I don't understand the meaning "that binds mrenclave to the target enclave’s REPORT KEY." . so what is the relationship between report key and mrenclave ?  

0 Kudos
1 Solution
Sahira_Intel
Moderator
1,582 Views

Hi,


Sorry we missed this post.


Given Enclave A and Enclave B which are on the same platform, and Enclave B is asking Enclave A to prove it is running on the same platform as Enclave B.

The EREPORT instruction is used to produce a report for Enclave B using Enclave B's MRENCLAVE. The report key is used by the EREPORT to sign all reports generated on that specific platform.  


Sincerely,

Sahira


View solution in original post

0 Kudos
3 Replies
Sahira_Intel
Moderator
1,583 Views

Hi,


Sorry we missed this post.


Given Enclave A and Enclave B which are on the same platform, and Enclave B is asking Enclave A to prove it is running on the same platform as Enclave B.

The EREPORT instruction is used to produce a report for Enclave B using Enclave B's MRENCLAVE. The report key is used by the EREPORT to sign all reports generated on that specific platform.  


Sincerely,

Sahira


0 Kudos
riclee
Beginner
1,577 Views

I don't understand, the EREPORT instruction generates A's report using B's mrenclave , why not use A's mrenclave.

0 Kudos
riclee
Beginner
1,568 Views

Thank you , I make it by reading the attestation document. EnclaveB's MRENCLAVE is ralated to report key, so when EnclaveB verify the report can get the same report key by B's MRENCLAVE, which means A and B get the same report key by B's MRENCLAVE. 

0 Kudos
Reply