1

I wonder how MRENCLAVE value works in intel SGX remote attestation. I found that

"MRENCLAVE uniquely identifies any particular enclave, so using the Enclave Identity will restrict access to the sealed data only to instances of that enclave. NOTE: Different builds/versions of an enclave will result in a different MRENCLAVE value." (https://software.intel.com/en-us/blogs/2016/05/04/introduction-to-intel-sgx-sealing)

In my understanding, MRENCLAVE is used for client to check if received MRENCLAVE from service provider and intended MRENCLAVE that client generated are same. If not, then how can we check if service provider executes intended code and data in remote attestation?

I mean, Alice has enclave code and its MRENCLAVE(snapshot of code and data), then request to Bob to execute it. Then how can Alice check if Bob execute the exact intended code with quote Bob sent? I thought MRENCLAVE does it

stephenbez
  • 5,598
  • 3
  • 26
  • 31
송제호
  • 45
  • 5

1 Answers1

1

You can implement remote attestation to prove that a certain computation took place inside the enclave.

The attestation report contains both the MRSIGNER field and a report_data field that can be filled with arbitrary data. The first one can be used to verify the enclave source code as you already explained. The second one can be used to prove existence of a private key inside the enclave. Once you generate a key pair inside the enclave, you can place the public key in report_data field and use the private key to sign computation results.

You see complete explanation in this answer

proslaniec
  • 398
  • 1
  • 2
  • 13