SGX Validation #1

platten · 2022-02-18T17:54:36Z

No description provided.

haraldh · 2022-10-27T14:43:28Z

Besides checking:

            let hash = Sha256::digest(&cri.public_key.to_vec()?);
            if hash.as_slice() != &rpt.reportdata[..hash.as_slice().len()] {
                return Err(anyhow!("sgx report data is invalid"));
            }

only this check is necessary:

            if rpt.mrenclave != HASH_OF_SGX_SIGNING_KEY_PROVIDED_BY_CONFIG {
                return Err(anyhow!("untrusted enarx runtime"));
            }

The other fields are mostly checked by the SGX firmware already.

Maybe these could be checked also, if they >= a configured value.

            if rpt.cpusvn != [0u8; 16] {
                return Err(anyhow!("untrusted cpu"));
            }

            if rpt.enclave_security_version() < u16::MAX {
                return Err(anyhow!("untrusted enclave"));
            }

platten added the Epic label Feb 18, 2022

platten assigned definitelynobody Feb 18, 2022

definitelynobody mentioned this issue Mar 22, 2022

feat(quote): add sgx report types enarx/sgx#74

Closed

1 task

definitelynobody mentioned this issue Apr 1, 2022

chore: use new RustCrypto format crates #22

Merged

bstrie mentioned this issue Nov 10, 2022

feat: configuration for attestation #107

Merged

rjzak assigned rjzak and rvolosatovs and unassigned definitelynobody Nov 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SGX Validation #1

SGX Validation #1

platten commented Feb 18, 2022

haraldh commented Oct 27, 2022

SGX Validation #1

SGX Validation #1

Comments

platten commented Feb 18, 2022

haraldh commented Oct 27, 2022