SGX Remote Attestation for Untrusted Enclaves
Intel(R) Software Guard Extensions (Intel SGX) is a promising technology to securely process information in isolated memory areas, or enclaves. Before a client can connect to an untrusted remote SGX enclave, the client needs to perform remote attestation over TLS to assess the enclave's trustworthiness. This requires a slightly different certificate verification scheme from that of TLS. The design of the new scheme can be found in this whitepaper.
Starting from 0.8.0, MesaLink has included experimental support for SGX remote
attestation. This can be enabled by passing
example is included in
examples/sgx_uera_client. A precompiled enclave
targeting x86_64 Linux is provided in
examples/sgx_uera_client/sgx_enclave_server, which is just a copy of Rust SGX
To run the example, please follow these steps:
Make sure your CPU supports SGX and
Compile MesaLink with examples and SGX support.
# ./configure --enable-sgx --enable-examples # make
- Run the enclave. The enclaves listens at localhost:3443.
# cd examples/sgx_uera_client/sgx_enclave_server # ./app
- Run the client.
# cd examples/sgx_uera_client # ./sgx_uera_client
For more details, please also refer to the Rust SGX SDK project.