This repository has been archived by the owner on Dec 20, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 29
/
Copy pathREADME-ECDSA.html
41 lines (41 loc) · 5.68 KB
/
README-ECDSA.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="generator" content="pandoc" />
<title></title>
<style type="text/css">code{white-space: pre;}</style>
</head>
<body>
<h1 id="ecdsa-based-attestation">ECDSA-based Attestation</h1>
<p>ECDSA-based attestation is an alternative to the EPID-based attestation model for environments where platform privacy is less of a concern and/or the specific deployment precludes interaction with external services (e.g., Intel Attestation Service) during the attestation process. The <a href="https://software.intel.com/sites/default/files/managed/f1/b8/intel-sgx-support-for-third-party-attestation.pdf">ECDSA attestation white paper</a> provides additional information. In particular Section 3.1 describes the chain of trust from the platform-local attestation key to Intel.</p>
<p>For RA-TLS, the main impact of ECDSA-based attestation is the different attestation evidence embedded in the RA-TLS certificate. The <a href="whitepaper.pdf">RA-TLS whitepaper</a> has more details on this.</p>
<h2 id="prerequisites">Prerequisites</h2>
<p>Follow the official <a href="https://01.org/intel-softwareguard-extensions/downloads/intel-sgx-dcap-linux-1.0.1-release">installation instructions</a> to prepare the system to compile the RA-TLS library and its sample programs. Ensure you can successfully run the <a href="https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/SampleCode/QuoteGenerationSample">quote generation</a> and <a href="https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteVerification/Src">quote verification</a> sample programs from the DCAP software distribution. Most notably, ECDSA attestation currently requires a different SGX kernel driver. Keep this in mind when switching between EPID and ECDSA.</p>
<p>In particular, the Intel SGX Data Center Attestation Primitives (DCAP) come with their own SGX driver and require the SGX SDK v2.4.</p>
<p>The Dockerfile <a href="Dockerfile.template" class="uri">Dockerfile.template</a> documents the software dependencies that must be installed on the system to successfully compile the RA-TLS library and its sample programs.</p>
<p>To use ECDSA-based attestation an <a href="https://api.portal.trustedservices.intel.com/provisioning-certification">API token must be acquired</a>. The registration process will provide a subscription key for the ECDSA-related API endpoints. The script <a href="ra_tls_options.c.sh" class="uri">ra_tls_options.c.sh</a> generates a C source file with these values. Either define the environment variables before building or invoke the script manually before building, i.e., <code>ECDSA_SUBSCRIPTION_KEY=... bash ra_tls_options.c.sh</code>. See <a href="ra_tls_options.c.sh" class="uri">ra_tls_options.c.sh</a> for the specific variable format.</p>
<h2 id="build">Build</h2>
<p>We provide a <a href="Dockerfile.template">Dockerfile template</a> to build everything in a container. To create the Docker image issue <code>make docker-image</code>. Because Graphene by default builds its kernel module, kernel headers are required. The make target specializes the template Dockerfile (Dockerfile-ecdsa.template) to include headers for the host's kernel version.</p>
<p>If the platform meets all the requirements for ECDSA-based attestation, EPID attestation should continue to work as expected. However, when switching between EPID and ECDSA, run "make mrproper" to reset the state before rebuilding the stack.</p>
<pre><code>ECDSA=1 ./build.sh graphene && \
ECDSA=1 make wolfssl-ra-attester && \
ECDSA=1 make wolfssl-ra-challenger && \
make -C deps/SGXDataCenterAttestationPrimitives/SampleCode/QuoteServiceSample</code></pre>
<p>Go get a coffee. It will take a while.</p>
<h3 id="kernel-modules">Kernel Modules</h3>
<p>Two Linux kernel modules must be loaded for SGX and Graphene.</p>
<p>The sources for the Intel SGX Linux driver for DCAP are located in <code>deps/SGXDataCenterAttestationPrimitives/driver/linux/</code>. Build and load as usual: <code>cd deps/SGXDataCenterAttestationPrimitives/driver/linux && make && sudo insmod intel_sgx.ko</code></p>
<p>The Graphene driver sources are in <code>deps/graphene/Pal/src/host/Linux-SGX/sgx-driver</code>. It is built automatically with the rest of Graphene. Load as usual: <code>sudo insmod deps/graphene/Pal/src/host/Linux-SGX/sgx-driver/graphene-sgx.ko</code></p>
<h2 id="run">Run</h2>
<p>First, start the background service that connects application enclaves to the quoting enclave. The original DCAP library assumes a quoting enclave runs alongside each and every application enclave. To enable applications developed independently of the Intel SGX SDK to use the quoting enclave a service akin to AESMD is required for now.</p>
<pre><code>deps/SGXDataCenterAttestationPrimitives/SampleCode/QuoteServiceSample/app &</code></pre>
<p>We provide two sample programs to demonstrate ECDSA-based attestation within RA-TLS: An attester to generate an RA-TLS certificate and key; a challenger to verify the ECDSA-based RA-TLS certificate.</p>
<p>To run the attester execute</p>
<pre><code>deps/graphene/Runtime/pal-Linux-SGX ./wolfssl-ra-attester ecdsa</code></pre>
<p>This program outputs an ECDSA-based RA-TLS certificate and the corresponding private key in <code>crt.der</code> and <code>key.der</code>, respectively.</p>
<p>To verify the RA-TLS certificate run</p>
<pre><code>LD_LIBRARY_PATH=deps/local/lib ./wolfssl-ra-challenger crt.der</code></pre>
</body>
</html>