Replies: 1 comment 1 reply
-
|
I don't think Gramine has control over this certification key type.
From Data Center Attestation Primitives: ECDSA Quote Library API docs, you could find below text in section 3.3.1.2:
It looks like the Platform Quote Provider Library ( |
Beta Was this translation helpful? Give feedback.
-
|
@kailun-qin is exactly right. I remember hitting the same problem some time ago, and it was a case of missing dependencies. UPDATE: Found it, see #589. |
Beta Was this translation helpful? Give feedback.
-
Is there a way to change type of certification data used in the quote?
I'm referring to this:
(page
62from Data Center Attestation Primitives: ECDSA Quote Library API docs)The reason I ask is that I would ideally like to have the same quote type for SGXv1 and SGXv2 so that I can verify it with the same code regardless of the CPU version. I'm using this code that seems to support SGXv2 quotes only (with full PCK cert chain).
Currently my app is getting:
3(PPID_RSA3072_ENCRYPTED, i.e. PCK identifier: PPID encrypted using RSA-3072-OAEP, CPUSVN and PCESVN) for SGXv15(PCK_CERT_CHAIN, i.e. Concatenated PCK Cert Chain) for SGXv2Sorry, I don't have a full understanding of SGX quote wrapper structures and how Gramine uses them, so I'm not sure if that makes sense.
cc @smtmfft @johntaiko
Beta Was this translation helpful? Give feedback.
All reactions