Updating the KMS Policy to Authorize Nitro Enclaves

In the previous section, you built a Nitro Enclave that decrypts a secret encrypted by AWS KMS Customer Master Key. In this section, you will update the policy associated with that Customer Master Key to authorize this Nitro Enclave to decrypt secrets ONLY IF it presents a valid Signed Attestation Document.

As a reminder, the Nitro Enclave measurements were shown in the previous section when you created the Enclave Image File. The output should look like this:

Start building the Enclave Image...
Enclave Image successfully created.
{
  "Measurements": {
    "HashAlgorithm": "Sha384 { ... }",
    "PCR0": "80cabd5643bccbc644bc299361b28d0fc095145733e4ef0552cf3491339d487fca325f1b497478bcf40d934051e79367",
    "PCR1": "a5b4408152040f6ec87941abc5788d63ba1e74be5714408a271c5081ede76bfdfed00b84d3f04d31e51b844d22f343b8",
    "PCR2": "fda83c68b97a328d07b7668897b34e5f705f2eec3035603fc65bbf1c93d9c240641220c8ffaa1d5d1a2e4dcc4831699e"
  }
}

When a Nitro Enclave started in DEBUG mode (i.e. with the –debug-mode command-line argument when using the anjuna-nitro-cli run-enclave utility) produces a Signed Attestation Document, the PRC0 measurement is always set to “000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000”.

This allows KMS administrators to create access policies that can differentiate between debug enclaves and production enclaves.

As a first step, you will verify that the Nitro Enclave (running in debug mode) can produce a Signed Attestation Document and submit it to AWS KMS. Once this succeeds, you will try with a production enclave.

In a typical deployment scenario, multiple measurements should be used, and debug enclaves should never be allowed to access secrets intended for production enclaves.

Find your Customer Master Key policy

In a browser, navigate to the KMS Web portal (make sure you select the correct AWS region):

https://console.aws.amazon.com/kms/home

Look for your Master Customer Key and select it to view its properties. On the “Policy” tab, click on the “Edit” button to update the policy.

Add the following Object in the JSON array Statement to the policy:

{
    "Sid": "Enable decrypt from enclave",
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::<ACCOUNT>:role/<IAM_ROLE>"
    },
    "Action": "kms:Decrypt",
    "Resource": "*",
    "Condition": {
        "StringEqualsIgnoreCase": {
            "kms:RecipientAttestation:PCR0": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
        }
    }
},

Make sure you update the following values to match your environment:

  • <ACCOUNT>

  • <IAM_ROLE>

This policy tells AWS KMS that an enclave that presents a Signed Attestation Document that matches the following properties should be allowed to use the Customer Master Key to decrypt data:

  • the enclave is running on an EC2 instance associated with the specified IAM Role,

  • the enclave PCR0 measurement (provided in the Signed Attestation Document) matches the specified value.

Updating the KMS policy using anjuna-nitro-kms-policy

Anjuna provides a tool to more easily manage specific enclave values in existing KMS policies. See the anjuna-nitro-kms-policy tool in the Command Reference section to view, add, update, and delete attestation values on a policy.

View the current policy

The following is an example of the command to view the contents of the policy.

You must specify an ARN value to the CMK flag, and it can be a direct ARN or an alias ARN as shown below:

$ anjuna-nitro-kms-policy show --cmk arn:aws:kms:us-east-2:0123456789012:alias/nitro-key | jq -r '.Statement[].Condition'
{
  "StringEqualsIgnoreCase": {
    "kms:RecipientAttestation:PCR0": [
      "42529fde5d2a37ac5a0120671941c1bc494c5706cfc279bd85131f65869bb82a5cffaa52525deab25bba8bd6e31d9f82"
    ]
  }
}

You will see output that contains content similar to the following example:

{
    "Sid": "Enable decrypt from enclave",
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::<ACCOUNT>:role/<IAM_ROLE>"
    },
    "Action": "kms:Decrypt",
    "Resource": "*",
},

Provide access to a specific enclave

The following is an example of the command to modify the policy in order to provide access to a specific enclave:

$ anjuna-nitro-kms-policy allow \
      --cmk arn:aws:kms:us-east-2:0123456789012:key/ea12c491-430c-4e69-85b1-be987379aa6c \
      --role arn:aws:iam::0123456789012:role/nitro_instance_role \
      --pcr0 f666e2eb6a5d999181e0a6bdb00fa60ac11717b7272fe8d010b50666f84945daeb8c4716b05cf4ed59ecd167af54f78b

You will see the following output:

Policy updated

After changing the Customer Master Key policy, AWS KMS will automatically grant permission to the specified enclave to decrypt data using that KMS key.

You are now ready to run the Nitro Enclave and verify that it could decrypt the secret using AWS KMS.