Concepts
This section explains a few high-level concepts that are important to understand when working with secure enclaves.
Remote attestation
Remote Attestation is a method by which a secure enclave on a remote host authenticates the hardware it runs on and the software it executes to another client or server. The goal is to enable a client (challenger) to establish trust in the security of a program running inside an Intel® SGX platform (or another secure enclave architecture).
Intel® SGX provides an attestation mechanism that is sufficiently flexible to attest to many aspects of software configuration, such as the hardware version and the microcode updates applied to it, an enclave measurement as well as custom data to attest dynamically changing values of a software configuration. This data is contained in what is called a report in the Intel® SGX terminology. The CPU signs this report, using a private key accessible only to the Intel® SGX hardware, producing a signed attestation quote.
Enclave measurement
Enclave measurement is carried out by the CPU upon initialization of a secure enclave. The secure enclave hardware (Intel® SGX) computes a cryptographic hash that essentially represents the initial state of the enclave.
Enclave signing
In order to run enclaves in Intel® SGX, they need to be signed. The purpose of signing enclaves is twofold: it is used by Intel® SGX to enforce launch policies based on a whitelist of approved vendors, and second, it enables data sharing between enclaves associated with the same vendor, while isolating it from other vendors. For each enclave, a hash of the public key, which can be used to verify the enclave signature, is attached to the enclave. This hash is called MRSIGNER in Intel® SGX terminology.
| A new Intel® SGX feature called Flexible Launch Control (FLC) enables replacing the default enclave launch policy with a custom one. |
Data sealing
The enclave architecture protects data at runtime using memory encryption and enclave memory isolation (which together ensure that data is protected both in RAM and inside the CPU cache from any entity other than the enclave). However, many real-world applications also require sensitive data to be persisted to storage (local or remote) allowing an application to save state across executions. With the Anjuna SGX Runtime, it is possible to encrypt data at rest so that it can only be decrypted by the same enclave that persisted the data in the first place.