《云原生机密计算最佳实践白皮书》——05编程框架——Intel SGX SDK/PSW/DCAP: Intel SGX 软件开发套件和平台软件服务(2) https://developer.aliyun.com/article/1231564?groupCode=aliyun_linux
验证SGX功能示例二:SGX远程证明示例
Intel® SGX SDK中提供了SGX示例代码用于验证SGX功能,默认位于/opt/intel/sgxsdk/SampleCode目录下。
本节演示其中的SGX远程证明示例(QuoteGenerationSample、QuoteVerifificationSample),效果为生成和验证Quote。该示例涉及被挑战方(在SGX实例中运行的SGX程序)和挑战方(希望验证SGX程序是否可信
的一方),其中QuoteGenerationSample为被挑战方生成Quote的示例代码,QuoteVerifificationSample为挑战方验证Quote的示例代码。
1. 安装编译工具及相关依赖
yum install -y git
2. 设置SGX SDK相关的环境变量
source /opt/intel/sgxsdk/environment
3. 安装SGX远程证明依赖的包
yum install --nogpgcheck -y libsgx-dcap-ql-devel libsgx-dcap-quote-verify-devel
4. 编译被挑战方示例代码QuoteGenerationSample
• 进入QuoteGenerationSample目录
• 编译QuoteGenerationSample
make
• 运行编译出的可执行文件生成Quote
./app
预期的结果为:
set the enclave load policy as persistent:succeed! Step1: Call sgx_qe_get_target_info:succeed! Step2: Call create_app_report:succeed! Step3: Call sgx_qe_get_quote_size:succeed! Step4: Call sgx_qe_get_quote:succeed!cert_key_type = 0x5 sgx_qe_cleanup_by_policy is valid in in-proc mode only. Clean up the enclave load policy:succeed!
5. 编译挑战方示例代码QuoteVerifificationSample
• 进入QuoteGenerationSample目录
git clone https://github.com/intel/SGXDataCenterAttestationPrimitives -b DCAP_1.15 cd SGXDataCenterAttestationPrimitives/SampleCode/QuoteVerifificationSample
• 编译QuoteVerifificationSample
make
• 生成签名密钥
openssl genrsa -out Enclave/Enclave_private_sample.pem -3 3072
• 对QuoteVerifificationSample Enclave进行签名
• 运行编译出的可执行文件验证Quote
./app
预期的结果为:
Info: ECDSA quote path: ../QuoteGenerationSample/quote.dat Trusted quote verifification: Info: get target info successfully returned. Info: sgx_qv_set_enclave_load_policy successfully returned. Info: tee_get_quote_supplemental_data_version_and_size successfully returned. Info: latest supplemental data major version: 3, minor version: 1, size: 336 Info: App: tee_verify_quote successfully returned. Info: Ecall: Verify QvE report and identity successfully returned. Info: App: Verifification completed successfully. Info: Supplemental data Major Version: 3 Info: Supplemental data Minor Version: 1 =========================================== Untrusted quote verifification: Info: tee_get_quote_supplemental_data_version_and_size successfully returned. Info: latest supplemental data major version: 3, minor version: 1, size: 336 Info: App: tee_verify_quote successfully returned. Info: App: Verifification completed successfully. Info: Supplemental data Major Version: 3 Info: Supplemental data Minor Version: 1
