👮Local and Remote Attestation

SGX offers a secure mechanism for enclaves to establish trust in each other's integrity. Through local attestation, enclaves on the same platform can securely verify their authenticity and validate the genuineness of the underlying hardware. For remote scenarios, enclaves can demonstrate their trustworthiness through remote attestation, which involves verification by third parties outside the platform.

Local Attestation

During local attestation, one enclave can verify the integrity and genuineness of another enclave and the underlying hardware platform.

An example flow of how two enclaves on the same platform would authenticate each other

The process involves the following steps:

  1. Enclave A, hosted by application A, and enclave B, hosted by application B, establish a communication path between them after the untrusted applications have set it up.

  2. Enclave B sends its MRENCLAVE identity to enclave A.

  3. Enclave A requests the hardware to generate an EREPORT structure for enclave B, using the received MRENCLAVE value. Enclave A signs the report with the identity information of enclave B.

  4. Enclave A transmits the report to enclave B through the untrusted application. The report is protected with a MAC (Message Authentication Code) generated using a key derived from the TARGETINFO, which is the MRENCLAVE value of enclave B.

  5. Enclave B, upon invoking EGETKEY, derives the MAC key associated with its own measurement and verifies the report.

  6. Enclave B asks the hardware to verify the report it received from enclave A, confirming that enclave A is running on the same platform. Enclave B can reciprocate by creating its own EREPORT for enclave A, using the MRENCLAVE value from the received report.

  7. Enclave B transmits its report to enclave A, establishing mutual authentication.

Report structure

The authenticated report structure contains information about the enclave's measurement and other relevant data, secured with the report key.

Remote Attestation

In scenarios where a third party needs to establish trust with a remotely executed enclave before providing it with secrets, remote attestation is employed. SGX leverages the Quoting Enclave (QE), a component developed and signed by Intel as part of the DCAP attestation framework, to facilitate remote attestation.

The process of remote attestation involves the following steps:

Remote attestation flow
  1. An off-platform challenger sends an attestation request to an application.

  2. The application requests its enclave to produce an attestation.

  3. The enclave performs a local attestation by generating a report, similar to the local attestation process described earlier.

  4. The report is sent from the application's enclave to the Quoting Enclave (QE). The QE locally verifies the received report and transforms it into a remotely verifiable quote by signing it with the Attestation Key.

  5. The quote, representing the remote attestation, is returned to the application.

  6. The application sends the quote to the challenger.

  7. The challenger can use an Attestation Verification Service to verify the quote, identifying and assessing the trustworthiness of the SGX enclave.

The Quoting Enclave ensures a secure and trustworthy environment for the transformation of a report into a quote, preventing any unauthorized modifications or falsifications.

Overall, remote attestation enables remote enclaves to establish trust with external parties, providing assurance of their integrity and security.

Last updated