SGX Validation #1

platten · 2022-02-18T17:54:36Z

No description provided.

haraldh · 2022-10-27T14:43:28Z

Besides checking:

            let hash = Sha256::digest(&cri.public_key.to_vec()?);
            if hash.as_slice() != &rpt.reportdata[..hash.as_slice().len()] {
                return Err(anyhow!("sgx report data is invalid"));
            }

only this check is necessary:

            if rpt.mrenclave != HASH_OF_SGX_SIGNING_KEY_PROVIDED_BY_CONFIG {
                return Err(anyhow!("untrusted enarx runtime"));
            }

The other fields are mostly checked by the SGX firmware already.

Maybe these could be checked also, if they >= a configured value.

            if rpt.cpusvn != [0u8; 16] {
                return Err(anyhow!("untrusted cpu"));
            }

            if rpt.enclave_security_version() < u16::MAX {
                return Err(anyhow!("untrusted enclave"));
            }

platten added the Epic label Feb 18, 2022

platten assigned definitelynobody Feb 18, 2022

definitelynobody mentioned this issue Mar 22, 2022

feat(quote): add sgx report types enarx/sgx#74

Closed

1 task

definitelynobody mentioned this issue Apr 1, 2022

chore: use new RustCrypto format crates #22

Merged

bstrie mentioned this issue Nov 10, 2022

feat: configuration for attestation #107

Merged

rjzak assigned rjzak and rvolosatovs and unassigned definitelynobody Nov 23, 2022

dpal added this to Profian Board Nov 23, 2022

dpal moved this to New in Profian Board Nov 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SGX Validation #1

SGX Validation #1

platten commented Feb 18, 2022

haraldh commented Oct 27, 2022

SGX Validation #1

SGX Validation #1

Comments

platten commented Feb 18, 2022

haraldh commented Oct 27, 2022