Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add test for verifying enclave config_id/config_svn fields in evidence claims for SGX #3903

Closed
yentsanglee opened this issue Mar 23, 2021 · 3 comments · Fixed by #3985
Closed

Add test for verifying enclave config_id/config_svn fields in evidence claims for SGX #3903

yentsanglee opened this issue Mar 23, 2021 · 3 comments · Fixed by #3985
Assignees
@manojrupireddy
Labels
SGX Tag indicating associated with Intel SGX testing Issue has to do with testing or quality management triaged This label classifies an issue/PR as having been triaged.
Projects
SIG-Attestation SIG-Testing
Milestone
v0.16

Comments

@yentsanglee
Copy link
Contributor

yentsanglee commented Mar 23, 2021
edited

Test case in #3799 does not cover the verification of the enclave config_id/config_svn are identical to evidence claim OE_CLAIM_SGX_CONFIG_ID and OE_CLAIM_SGX_CONFIG_SVN.

A test case is needed to verify the new fields when executed in supported hardware (I.e SGX Icelake).

For technical details, refer to #3054 SGX: Enable basic Key Separation and Sharing Support.

Related to #3890 and #3723
@yentsanglee yentsanglee mentioned this issue Mar 23, 2021
Closed
@radhikaj radhikaj added this to To do in SIG-Attestation via automation Mar 29, 2021
@radhikaj radhikaj changed the title Add test for verifying enclave config_id/config_svn fields in evidence claims Add test for verifying enclave config_id/config_svn fields in evidence claims for SGX Mar 29, 2021
@radhikaj
Copy link
Contributor

radhikaj commented Mar 29, 2021
edited

@yentsanglee Are config_id/config_svn SGX specific?
If so, why?

@radhikaj radhikaj added triaged This label classifies an issue/PR as having been triaged. testing Issue has to do with testing or quality management labels Mar 29, 2021
@radhikaj radhikaj added this to To do in SIG-Testing via automation Mar 29, 2021
@yentsanglee
Copy link
Contributor Author

@yentsanglee Are config_id/config_svn SGX specific?
If so, why?

config_id/config_svn are defined by SGX. Other TEEs may or may not have similar init-time claim input. All definitions added in PR #3799 are all SGX specific - OE_SGX_ENCLAVE_CONFIG_DATA, oe_sgx_enclave_setting_config_data, etc.

@yentsanglee yentsanglee removed their assignment Mar 29, 2021
@yentsanglee
Copy link
Contributor Author

Assigned to @manojrupireddy to complete the test coverage of PR #3799.

@dthaler dthaler added the SGX Tag indicating associated with Intel SGX label Apr 13, 2021
@shnwc shnwc added this to the 0.16 milestone Apr 21, 2021
@shnwc shnwc moved this from To do to In progress in SIG-Attestation Apr 21, 2021
@manojrupireddy manojrupireddy mentioned this issue Apr 29, 2021
Merged
bors bot pushed a commit that referenced this issue Jun 23, 2021
@oeciteam @manojrupireddy
Merge #3985
b2908df 
3985: Add positive testcases for config_id verification on icelake VMs r=mingweishih a=manojrupireddy

Additional check is added to skip tests on coffee lake VMs.
Fix #3903

Made changes to oesign tool. Users need to specify EnableKSS field in conf file to leverage SGX KSS features.
Signed-off-by: manoj rupireddy <marupire@microsoft.com>

Co-authored-by: manoj rupireddy <marupire@microsoft.com>
bors bot pushed a commit that referenced this issue Jun 24, 2021
@oeciteam @manojrupireddy
Merge #3985
e78170c 
3985: Add positive testcases for config_id verification on icelake VMs r=mingweishih a=manojrupireddy

Additional check is added to skip tests on coffee lake VMs.
Fix #3903

Made changes to oesign tool. Users need to specify EnableKSS field in conf file to leverage SGX KSS features.
Signed-off-by: manoj rupireddy <marupire@microsoft.com>

Co-authored-by: manoj rupireddy <marupire@microsoft.com>
@bors bors bot closed this as completed in 872051d Jun 24, 2021
SIG-Attestation automation moved this from In progress to Done Jun 24, 2021
SIG-Testing automation moved this from To do to Done Jun 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@manojrupireddy manojrupireddy

Labels
SGX Tag indicating associated with Intel SGX testing Issue has to do with testing or quality management triaged This label classifies an issue/PR as having been triaged.
Projects
SIG-Attestation
  
Done
SIG-Testing
  
Done
Milestone
v0.16
Development

Successfully merging a pull request may close this issue.

Add positive testcases for config_id verification on icelake VMs manojrupireddy/openenclave
5 participants
@radhikaj @dthaler @yentsanglee @shnwc @manojrupireddy