.. program:: gramine-sgx-ias-request
:program:`gramine-sgx-ias-request` -- Submit Intel Attestation Service request
:command:`gramine-sgx-ias-request` COMMAND [OPTION]...
gramine-sgx-ias-request submits requests to Intel Attestation Service (IAS). Possible commands are retrieving EPID signature revocation list and verifying attestation evidence for an SGX enclave quote.
.. option:: -h, --help Display usage.
.. option:: -v, --verbose Print more information.
.. option:: -m, --msb Print/parse hex strings in big-endian order.
.. option:: -k, --api-key IAS API key.
.. option:: sigrl
Retrieve signature revocation list for a given EPID group.
Possible ``sigrl`` options:
.. option:: -g, --gid
EPID group id (hex string).
.. option:: -i, --sigrl-path
Path to save retrieved SigRL to.
.. option:: -S, --sigrl-url
URL for the IAS SigRL endpoint (optional).
.. option:: report
Verify attestation evidence (quote).
Possible ``report`` options:
.. option:: -q, --quote-path
Path to quote to submit.
.. option:: -r, --report-path
Path to save IAS report to.
.. option:: -s, --sig-path
Path to save IAS report's signature to.
.. option:: -n, --nonce
Nonce to use (optional).
.. option:: -c, --cert-path
Path to save IAS certificate to (optional).
.. option:: -R, --report-url
URL for the IAS attestation report endpoint (optional).
SigRL retrieval:
$ gramine-sgx-ias-request sigrl -k $IAS_API_KEY -g ef0a0000 -i sigrl
No SigRL for given EPID group ID ef0a0000Quote verification:
$ gramine-sgx-ias-request report -k $IAS_API_KEY -q gr.quote -r ias.report -s ias.sig -c ias.cert -v
Verbose output enabled
IAS request:
{"isvEnclaveQuote":"AgABAO8..."}
[...snip curl output...]
IAS response: 200
IAS report saved to: ias.report
IAS report signature saved to: ias.sig
IAS certificate saved to: ias.cert
IAS submission successful
$ cat ias.report
{"id":"205146415611480061439763344693868541328","timestamp":"2020-03-20T10:48:32.353294","version":3,"epidPseudonym":"Itmg0 [...]","isvEnclaveQuoteStatus":"GROUP_OUT_OF_DATE" [...]}