Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
43 lines (33 sloc) 1.59 KB

SGX Remote Attestation for Untrusted Enclaves

Intel(R) Software Guard Extensions (Intel SGX) is a promising technology to securely process information in isolated memory areas, or enclaves. Before a client can connect to an untrusted remote SGX enclave, the client needs to perform remote attestation over TLS to assess the enclave's trustworthiness. This requires a slightly different certificate verification scheme from that of TLS. The design of the new scheme can be found in this whitepaper.

Starting from 0.8.0, MesaLink has included experimental support for SGX remote attestation. This can be enabled by passing --enable-sgx to configure. An example is included in examples/sgx_uera_client. A precompiled enclave targeting x86_64 Linux is provided in examples/sgx_uera_client/sgx_enclave_server, which is just a copy of Rust SGX SDK's ue-ra example.

To run the example, please follow these steps:

  1. Make sure your CPU supports SGX and /dev/isgx exists.

  2. Compile MesaLink with examples and SGX support.

# ./configure --enable-sgx --enable-examples
# make
  1. Run the enclave. The enclaves listens at localhost:3443.
# cd examples/sgx_uera_client/sgx_enclave_server
# ./app
  1. Run the client.
# cd examples/sgx_uera_client
# ./sgx_uera_client

For more details, please also refer to the Rust SGX SDK project.

You can’t perform that action at this time.