📃
Confidential Computing 101
HomeTechnologyTry CC!
  • Welcome
  • Confidential Computing
    • What is Confidential Computing
    • What problems Confidential Computing solves
      • Bare Metal
      • Docker
      • Kubernetes
      • Knative
    • Why Confidential Computing
    • How Confidential Computing works
      • Memory Encryption
      • Workload Attestation
      • Confidential Boot
      • Sealing / Binding
      • Secret Provisioning
    • Technology Overview
    • Cloud Service Providers
  • Technology in depth
    • Intel SGX
      • Getting Started
        • Bare Metal Server Installation
        • Enclave Development Environment
        • Intel SGX SDK Setup
      • Technology
        • 🎭Features
        • 💂Threat Model
        • 🆚Versions
        • 🟦Concepts
          • 🏦Memory Encryption
          • 👮Local and Remote Attestation
          • 🖼️DCAP-Attestation Framework
          • 🔑Secret Key Provisioning
      • enclaive Development Kit
        • 🏢Architecture
        • 🌪️Workflow
        • 🌍Tutorials
          • Azure DCdsv3, DCsv2, or DCsv3 Setup
          • Redis in cK8s
          • MongoDB in cK8s
          • K8s + HashiCorp Vault on Azure DCsv3
      • Vault Remote Attestation Plug-In
        • 🏃‍♂️Initialization
        • 👮Attestation
        • ⚙️Configuration
    • Intel TDX
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
          • VT
          • TME/MKTME
          • SGX
        • Features
        • Threat Model
        • Concepts
          • Architecture
            • TDX Module
          • Memory Encryption
            • Confidentiality and Integrity
            • Keys and Key Management
          • TD Partitioning
          • DCAP-Attestation
            • Overview
            • Platform Registration
            • Attestation Report
    • AMD SEV
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
        • Threat Model
        • SME Concepts
          • Use Models
        • SEV-SNP Concepts
          • Features
            • Integrity Threats
            • Reverse Map Table
            • Page Validation
            • Page States
            • Virtual Machine Privilege Levels
            • Interrupt/Exception Protection
            • Trusted Platform Information
            • TCB Versioning
            • VM Launch & Attestation
            • VM Migration
            • Side Channels
          • Use Cases
          • Architecture
            • Encrypted Memory
            • Key Management
          • Software Implications
    • ARM CC
      • Technology
        • Introduction
        • Threat Model
        • Design
        • Comparison
    • Attestation Methods
      • Raw Attestation
      • Raw Attestation with Secure-Boot
      • Raw Attestation with a vTPM
        • AMD Secure VM Service Module and vTPMs
      • Raw Attestation with paravirtualized TPM
  • Resources
    • Youtube
    • Github
    • Products
Powered by GitBook
On this page
  • Local Attestation
  • Remote Attestation

Was this helpful?

  1. Technology in depth
  2. Intel SGX
  3. Technology
  4. Concepts

Local and Remote Attestation

Last updated 11 months ago

Was this helpful?

SGX offers a secure mechanism for enclaves to establish trust in each other's integrity. Through local attestation, enclaves on the same platform can securely verify their authenticity and validate the genuineness of the underlying hardware. For remote scenarios, enclaves can demonstrate their trustworthiness through remote attestation, which involves verification by third parties outside the platform.

Local Attestation

During local attestation, one enclave can verify the integrity and genuineness of another enclave and the underlying hardware platform.

An example flow of how two enclaves on the same platform would authenticate each other

The process involves the following steps:

  1. Enclave A, hosted by application A, and enclave B, hosted by application B, establish a communication path between them after the untrusted applications have set it up.

  2. Enclave B sends its MRENCLAVE identity to enclave A.

  3. Enclave A requests the hardware to generate an EREPORT structure for enclave B, using the received MRENCLAVE value. Enclave A signs the report with the identity information of enclave B.

  4. Enclave A transmits the report to enclave B through the untrusted application. The report is protected with a MAC (Message Authentication Code) generated using a key derived from the TARGETINFO, which is the MRENCLAVE value of enclave B.

  5. Enclave B, upon invoking EGETKEY, derives the MAC key associated with its own measurement and verifies the report.

  6. Enclave B asks the hardware to verify the report it received from enclave A, confirming that enclave A is running on the same platform. Enclave B can reciprocate by creating its own EREPORT for enclave A, using the MRENCLAVE value from the received report.

  7. Enclave B transmits its report to enclave A, establishing mutual authentication.

The authenticated report structure contains information about the enclave's measurement and other relevant data, secured with the report key.

Remote Attestation

In scenarios where a third party needs to establish trust with a remotely executed enclave before providing it with secrets, remote attestation is employed. SGX leverages the Quoting Enclave (QE), a component developed and signed by Intel as part of the DCAP attestation framework, to facilitate remote attestation.

The process of remote attestation involves the following steps:

  1. An off-platform challenger sends an attestation request to an application.

  2. The application requests its enclave to produce an attestation.

  3. The enclave performs a local attestation by generating a report, similar to the local attestation process described earlier.

  4. The report is sent from the application's enclave to the Quoting Enclave (QE). The QE locally verifies the received report and transforms it into a remotely verifiable quote by signing it with the Attestation Key.

  5. The quote, representing the remote attestation, is returned to the application.

  6. The application sends the quote to the challenger.

  7. The challenger can use an Attestation Verification Service to verify the quote, identifying and assessing the trustworthiness of the SGX enclave.

The Quoting Enclave ensures a secure and trustworthy environment for the transformation of a report into a quote, preventing any unauthorized modifications or falsifications.

Overall, remote attestation enables remote enclaves to establish trust with external parties, providing assurance of their integrity and security.

Report structure
Remote attestation flow
🟦
👮