Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improvements to SGX attestation verification #490

Merged
merged 5 commits into from
May 29, 2024
Merged

Improvements to SGX attestation verification #490

merged 5 commits into from
May 29, 2024

Commits on May 28, 2024

  1. Make the sgx debug flag dependent on PDO_DEBUG_BUILD. 

    If PDO_DEBUG_BUILD is not set or set to 0, the enclave is built with
SGX_DEBUG_FLAG set to 0, and signed with the DisableDebug flag set to 1.
So this commit adds one more step in the enclave cmake build to
create the xml configuration file accordingly.

Co-authored-by: Mic Bowman <mic.bowman@intel.com>
Signed-off-by: Bruno Vavala <bruno.vavala@intel.com>
    @bvavala @cmickeyb
    bvavala and cmickeyb committed May 28, 2024
    Configuration menu
    Copy the full SHA
    56d114c View commit details
    Browse the repository at this point in the history

  2. Update PDO TP with more sgx attestation checks. 

    This commit adds the sgx debug flag to the TP policy,
dependent on PDO_DEBUG_BUILD.
Inside the TP, it adds the 64-bit flag check, and it checks
that that debug flag matches the one in registered TP policy.

Signed-off-by: Bruno Vavala <bruno.vavala@intel.com>
    @bvavala
    bvavala committed May 28, 2024
    Configuration menu
    Copy the full SHA
    3f539b8 View commit details
    Browse the repository at this point in the history

  3. Add sgx flag checks to pservice. 

    This normalizes the attestation verification checks with the TP.

Signed-off-by: Bruno Vavala <bruno.vavala@intel.com>
    @bvavala
    bvavala committed May 28, 2024
    Configuration menu
    Copy the full SHA
    36f7dde View commit details
    Browse the repository at this point in the history

  4. Port eservice build updates to pservice. 

    Co-authored-by: Mic Bowman <mic.bowman@intel.com>
Signed-off-by: Bruno Vavala <bruno.vavala@intel.com>
    @bvavala @cmickeyb
    bvavala and cmickeyb committed May 28, 2024
    Configuration menu
    Copy the full SHA
    1b9dae1 View commit details
    Browse the repository at this point in the history

  5. Change the default value of PDO_DEBUG_BUILD to 1. 

    This increases consistency with the SGX_MODE,
which is set to SIM by default.

Signed-off-by: Bruno Vavala <bruno.vavala@intel.com>
    @bvavala
    bvavala committed May 28, 2024
    Configuration menu
    Copy the full SHA
    252e9df View commit details
    Browse the repository at this point in the history