MRENCLAVE VS .sig remote attestation

[nmwael]

Hi

Are there anyway to verify that a running enclave (MRENCLAVE ) are derived from a certain gramized application .sig?

Or are there another way of checking this? For example using isv_prod_id and isv_svn ?

The question was spawned from this:
#1343 (comment)

[dimakuv]

Are there anyway to verify that a running enclave (MRENCLAVE ) are derived from a certain gramized application .sig?

Yes.

Gramine dumps the SIGSTRUCT object into the .sig file. This SIGSTRUCT object has a bunch of Intel-SGX-technology-standardized fields. Here you can take a look at these fields:

gramine/python/graminelibos/sigstruct.py

Lines 19 to 41 in ede508c

	fields = {
	'header': (offs.SGX_ARCH_SIGSTRUCT_HEADER, '16s'),
	'vendor': (offs.SGX_ARCH_SIGSTRUCT_VENDOR, '<L'),
	'date_year': (offs.SGX_ARCH_SIGSTRUCT_DATE + 2, '<H'),
	'date_month': (offs.SGX_ARCH_SIGSTRUCT_DATE + 1, '<B'),
	'date_day': (offs.SGX_ARCH_SIGSTRUCT_DATE, '<B'),
	'header2': (offs.SGX_ARCH_SIGSTRUCT_HEADER2, '16s'),
	'swdefined': (offs.SGX_ARCH_SIGSTRUCT_SWDEFINED, '<L'),
	'modulus': (offs.SGX_ARCH_SIGSTRUCT_MODULUS, '384s'),
	'exponent': (offs.SGX_ARCH_SIGSTRUCT_EXPONENT, '<L'),
	'signature': (offs.SGX_ARCH_SIGSTRUCT_SIGNATURE, '384s'),
	'misc_select': (offs.SGX_ARCH_SIGSTRUCT_MISC_SELECT, '<L'),
	'misc_mask': (offs.SGX_ARCH_SIGSTRUCT_MISC_MASK, '<L'),
	'attribute_flags': (offs.SGX_ARCH_SIGSTRUCT_ATTRIBUTES, '<Q'),
	'attribute_xfrms': (offs.SGX_ARCH_SIGSTRUCT_ATTRIBUTES + 8, '<Q'),
	'attribute_flags_mask': (offs.SGX_ARCH_SIGSTRUCT_ATTRIBUTE_MASK, '<Q'),
	'attribute_xfrm_mask': (offs.SGX_ARCH_SIGSTRUCT_ATTRIBUTE_MASK + 8, '<Q'),
	'enclave_hash': (offs.SGX_ARCH_SIGSTRUCT_ENCLAVE_HASH, '32s'),
	'isv_prod_id': (offs.SGX_ARCH_SIGSTRUCT_ISV_PROD_ID, '<H'),
	'isv_svn': (offs.SGX_ARCH_SIGSTRUCT_ISV_SVN, '<H'),
	'q1': (offs.SGX_ARCH_SIGSTRUCT_Q1, '384s'),
	'q2': (offs.SGX_ARCH_SIGSTRUCT_Q2, '384s'),
	}

One of these fields is called enclave_hash in Gramine code, but it is typically named MRENCLAVE.

So you can extract the MRENCLAVE from the .sig file by reading bytes from a specific offset in this file. Or by using the Gramine Python API to access this SIGSTRUCT object. Or by using the gramine-sgx-view-sigstruct tool that will appear in the next release of Gramine.

---

Now can you extract MRENCLAVE from the SGX quote? Yes, you can. This value is found in sgx_quote::sgx_report::mrenclave field.

So if you have the SIGSTRUCT file and you received the SGX quote from a remote SGX enclave, you can verify that this SGX enclave has an expected MRENCLAVE by comparing sigstruct::enclave_hash == sgx_quote::sgx_report::mrenclave.

[nmwael]

Thanks a lot.