Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

what is the relationship between report key and mrenclave?

riclee
Beginner
911 Views

I got an explation about EREPORT insturction , as following:

riclee_0-1669778244950.png

"This instruction generates a cryptographic structure, called REPORT, that binds mrenclave to the target enclave’s REPORT KEY."

 

I don't understand the meaning "that binds mrenclave to the target enclave’s REPORT KEY." . so what is the relationship between report key and mrenclave ?  

0 Kudos
1 Solution
Sahira_Intel
Moderator
848 Views

Hi,


Sorry we missed this post.


Given Enclave A and Enclave B which are on the same platform, and Enclave B is asking Enclave A to prove it is running on the same platform as Enclave B.

The EREPORT instruction is used to produce a report for Enclave B using Enclave B's MRENCLAVE. The report key is used by the EREPORT to sign all reports generated on that specific platform.  


Sincerely,

Sahira


View solution in original post

3 Replies
Sahira_Intel
Moderator
849 Views

Hi,


Sorry we missed this post.


Given Enclave A and Enclave B which are on the same platform, and Enclave B is asking Enclave A to prove it is running on the same platform as Enclave B.

The EREPORT instruction is used to produce a report for Enclave B using Enclave B's MRENCLAVE. The report key is used by the EREPORT to sign all reports generated on that specific platform.  


Sincerely,

Sahira


riclee
Beginner
843 Views

I don't understand, the EREPORT instruction generates A's report using B's mrenclave , why not use A's mrenclave.

riclee
Beginner
834 Views

Thank you , I make it by reading the attestation document. EnclaveB's MRENCLAVE is ralated to report key, so when EnclaveB verify the report can get the same report key by B's MRENCLAVE, which means A and B get the same report key by B's MRENCLAVE. 

Reply