Since Intel(R) prebuilt AEs have been signed by Intel's private key, it's hard to verify AE reproduciblity by comparing your local AE builds with Intel AEs using "diff" command.
So this doc will give an approach using your local AE builds to verify Intel(R) prebuilt AEs are:
- Built using same code and toolsets that being opensourced
- Signed using same config.xml that being opensourced
- intel_signed_ae:
It is the Intel(R) prebuilt AE to be verified, and can be downloaded from https://download.01.org/intel-sgx/latest/dcap-latest/linux/ (for ECDSA-based attestation) or https://download.01.org/intel-sgx/latest/linux-latest/. - user_build_unsigned_ae:
The unsigned AE is built by yourself in an SGX docker container. You can follow the reproducibility README.md to build all AEs in a container. - user_private_key:
This private key is generated by yourself for signing user_build_unsigned_ae. - intel_ae_config_xml:
It is the opensource enclave config.xml of Intel(R) prebuilt AE, and can be downloaded from Intel(R) SGX GitHub repo.
- Ensure Intel(R) SGX SDK is installed(https://github.com/intel/linux-sgx#install-the-intelr-sgx-sdk), and your environment is set:
$ source ${sgx-sdk-install-path}/environment
You can either verify by the provided automated scripts reproducibility_verifier.sh, or by manual.
To see the usage, you can directly run $./reproducibility_verifier.sh without any arguments.
To do verification, please follow below usage.
$ ./reproducibility_verifier.sh intel_signed_ae user_build_unsigned_ae user_private_key intel_ae_config_xml
The script MUST take four parameters in above order. For the parameters, please see the description Prequisites: Prepare below 4 materials
If the verification succeeds, you will see below info in command line window:
$ ./reproducibility_verifier.sh intel_signed_ae user_build_unsigned_ae user_private_key intel_ae_config_xml
...
Reproducibility Verification PASSED!
If the verification fails, you will see below info in command line window:
$ ./reproducibility_verifier.sh intel_signed_ae user_build_unsigned_ae user_private_key intel_ae_config_xml
...
Reproducibility Verification FAILED!
Please find the diff contents in output/metadata_diff.txt
Meanwhile, you can find the extracted intel & user metadata to be compared in ./output/intel_metadata.txt and ./output/user_metadata.txt.
- Dump the whole enclave_metadata of intel_signed_ae, and then extract partial enclave_metadata to "intel_metadata.txt" excluding below fields:
"enclave_css.header.date, enclave_css.enclave_css.key.modulus, enclave_css.key.exponent, enclave_css.key.signature, enclave_css.buffer.q1, enclave_css.buffer.q2"
# dump metadata
$ {SGX_SDK}/bin/x64/sgx_sign dump -enclave intel_signed_ae -dumpfile intel_metadata_orig.txt
# extract metadata
$ sed -n '/metadata->magic_num/,/metadata->enclave_css.header.module_vendor/p;/metadata->enclave_css.header.header2/,/metadata->enclave_css.header.hw_version/p;/metadata->enclave_css.body.misc_select/,/metadata->enclave_css.body.isv_svn/p;' intel_metadata_orig.txt > intel_metadata.txt
- Sign user_build_unsigned_ae with user_private_key and intel_ae_config_xml, and generate user_signed_ae.
$ {SGX_SDK}/bin/x64/sgx_sign sign -enclave user_build_unsigned_ae -key user_private_key -config intel_ae_config_xml -out user_signed_ae
- Dump the whole enclave_metadata of user_signed_a, and then extract partial enclave_metadata to "user_metadata.txt" excluding below fields:
"enclave_css.header.date, enclave_css.enclave_css.key.modulus, enclave_css.key.exponent, enclave_css.key.signature, enclave_css.buffer.q1, enclave_css.buffer.q2"
# dump metadata
$ {SGX_SDK}/bin/x64/sgx_sign dump -enclave intel_signed_ae -dumpfile intel_metadata_orig.txt
# extract metadata
$ sed -n '/metadata->magic_num/,/metadata->enclave_css.header.module_vendor/p;/metadata->enclave_css.header.header2/,/metadata->enclave_css.header.hw_version/p;/metadata->enclave_css.body.misc_select/,/metadata->enclave_css.body.isv_svn/p;' user_metadata_orig.txt > user_metadata.txt
- Compare the content of intel_metadata.txt and user_metadata.txt. If the result is same, then the verification succeeds; otherwise, the verification fails.
$ diff intel_metadata.txt user_metadata.txt