.gif)
Description:
auditee 0.0.1.dev2
auditee
WORK IN PROGRESS -- DO NOT USE -- DO NOT TRUST
Tool to help with auditing an SGX enclave that has been remotely attested.
The idea is as follows:
Given:
a signed enclave binary file (e.g. Enclave.signed.so),
the source code used to build the enclave, and
an attestation report,
an auditor verifies:
whether the signed enclave build can be reproduced, using the source code, and
a nix & docker based toolchain to rebuild the enclave binary
Whether the MRENCLAVE and ATTRIBUTES of the provided signed Enclave match that of
the rebuilt one
Whether the MRENCLAVE and ATTRIBUTES match the ones from the provided report
Roughly speaking the goal is to establish that the source code was indeed the code
used to build the signed enclave that has been successfully (remotely) attested.
Such an audit can help external users gain trust into a system which depends on
Intel SGX and remote attestation. Without such an audit, remote attestation is not
sufficient because the fact that an MRENCLAVE (enclave hash) matches that of the
attestation verification report does not prove to a user of the system that the
MRENCLAVE corresponds to a version of source code that they are willing to trust.
MRENCLAVE (enclave hash)
The MRENCLAVE, also known as enclave hash, from three sources must all match. The
enclave hash is obtained via a measurment of the enclave code and data when an
enclave is initialized. This measurement can also be simulated, and thus a verifier
can obtain the MRENCLAVE using a build toolchain, and the SGX signing tool to get
the SIGSTRUCT which contains the MRENCLAVE.
Hash extracted from the signed enclave (Enclave.signed.so) that is remotely attestated
Hash in the attestation report, from IAS
Hash extracted from the enclave, which was rebuilt from source code using a
nix+docker based toolchain
If (1) and (3) match then the auditor can trust that they are auditing the correct
code, and can trust that the report is for the enclave that is under audit, and
consequently the successful attesation can be trusted in sofar that the attestation
is for source code that has been audited.
License
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
Customer Reviews
There are no reviews.
