.. program:: gramine-sgx-ias-request
:program:`gramine-sgx-ias-request` -- Submit Intel Attestation Service request
:command:`gramine-sgx-ias-request` COMMAND [OPTION]...
gramine-sgx-ias-request submits requests to Intel Attestation Service (IAS). Possible commands are retrieving EPID signature revocation list and verifying attestation evidence for an SGX enclave quote.
.. option:: -h, --help Display usage.
.. option:: -v, --verbose Print more information.
.. option:: -m, --msb Print/parse hex strings in big-endian order.
.. option:: -k, --api-key IAS API key.
.. option:: sigrl Retrieve signature revocation list for a given EPID group. Possible ``sigrl`` options: .. option:: -g, --gid EPID group id (hex string). .. option:: -i, --sigrl-path Path to save retrieved SigRL to. .. option:: -S, --sigrl-url URL for the IAS SigRL endpoint (optional).
.. option:: report Verify attestation evidence (quote). Possible ``report`` options: .. option:: -q, --quote-path Path to quote to submit. .. option:: -r, --report-path Path to save IAS report to. .. option:: -s, --sig-path Path to save IAS report's signature to. .. option:: -n, --nonce Nonce to use (optional). .. option:: -c, --cert-path Path to save IAS certificate to (optional). .. option:: -R, --report-url URL for the IAS attestation report endpoint (optional).
SigRL retrieval:
$ gramine-sgx-ias-request sigrl -k $IAS_API_KEY -g ef0a0000 -i sigrl
No SigRL for given EPID group ID ef0a0000
Quote verification:
$ gramine-sgx-ias-request report -k $IAS_API_KEY -q gr.quote -r ias.report -s ias.sig -c ias.cert -v
Verbose output enabled
IAS request:
{"isvEnclaveQuote":"AgABAO8..."}
[...snip curl output...]
IAS response: 200
IAS report saved to: ias.report
IAS report signature saved to: ias.sig
IAS certificate saved to: ias.cert
IAS submission successful
$ cat ias.report
{"id":"205146415611480061439763344693868541328","timestamp":"2020-03-20T10:48:32.353294","version":3,"epidPseudonym":"Itmg0 [...]","isvEnclaveQuoteStatus":"GROUP_OUT_OF_DATE" [...]}