Remote attestation framework for Fortanix EDP

This project is highly experimental at the current stage, so I would advise aginst using it in production. I will keep updating the code and adding more instructions.

• Fortanix EDP
• Clang 3.8 or older for building rust-mbedtls

Note: If your system has a newer version of Clang installed, try pointing clang-sys to a different version of Clang by exporting these environment variables, including LD_LIBRARY_PATH, before building. For example,

export PATH=/real/path/to/clang/bin/:$PATH
export LLVM_CONFIG_PATH=/real/path/to/clang/bin/llvm-config
export LD_LIBRARY_PATH=/real/path/to/clang/lib

before building and running (see below).

1. Sign up for a Development Access account at https://api.portal.trustedservices.intel.com/EPID-attestation. Make sure that the Name Base Mode is Linkable Quote (this is all the SDK can support for now). Take note of "SPID", "Primary key", and "Secondary key".
2. Modify the following fields in settings.json using the information from the previous step:

• "spid": "<SPID>"
• "primary_subscription_key": "<Primary Key>"
• "secondary_subscription_key": "<Secondary key>"

3. Download IAS's root certificate from this link and save the cerficate file in directory ra-sp/examples/data/. Make sure the file name is "Intel_SGX_Attestation_RootCA.pem".
4. Run the script build.sh and run.sh consecutively from the main directory.

If there are no error messages on the screen, then the remote attestation has run successfully.

• settings.json

  • linkable: true for Linkable Quotes or false for Unlinkable Quotes. Only Linkable Quotes are currently supported.
  • random_nonce: true for using Quote nonce or false otherwise. Quote nonce is currently unsupported.
  • use_platform_service: true to use Platform Service Enclave (PSE) or false otherwise. PSE is currently unsupported.
  • spid: Service Provider ID to talk to IAS.
  • primary_subscription_key: subscription key to talk to IAS.
  • secondary_subscription_key: subscription key to talk to IAS.
  • quote_trust_options: list of quote status options to be accepted as successful remote attestation. If left empty, quote status must be "OK" to be considered successful. For all the options, check the API documentation and look for "isvEnclaveQuoteStatus".
  • sp_private_key_pem_path: path to SP's private key file in PEM format. This is used for authentication during key-exchange so it must be regenerated and kept secret.
  • ias_root_cert_pem_path: path to IAS root certificate for SP to verify IAS during attestation. This can be downloaded from this link.
  • sigstruct_path: path to enclave's SIGSTRUCT generated by the sgxs-sign command. This is provided by the vendor, i.e. the party who builds and signs enclave files, to SP for SP to verify enclave authenticity.

• sp_vkey.rs, sp-keys/public_key.pem and sp-keys/private_key.pem: SP's signing and verification key. This key pair is used to provide authentication for SP to the enclave during key-exchange, and therefore must be fresh for every SP. private_key.pem must be kept secret by SP. sp_vkey.rs containts the same key as in public_key.pem, but sp_vkey.rs must be embeded in the enclave file at compile time, i.e. it must not be read into the enclave from the file system at runtime, in order to prevent man-in-the-middle attacks.

• vendor-keys/private_key.pem: Vendor's signing key. This is used by software vendors to sign enclave files with the sgxs-sign command. This signing key must be regenerated.

• Update aesm_client to version 0.4 to support Quote nonce and Linkable Quotes. See this commit.
• Use the secondary subscription key if the primary one fails.
• Support PSE (this doesn't seem to be supported by the main library yet.)