Maybe I spoke too soon. Here's a paper from UC Berkeley & Microsoft appearing in CCS that talks about attesting a formally verified enclave running a few different enclaves: http://www.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-162.html
Pretty interesting. On Wed, Aug 26, 2015 at 1:41 PM, Steve Weis <[email protected]> wrote: > Yes, just to clarify: Remote attestation is clearly a design goal of SGX. > I just don't think they've built example code or tools for it yet. I don't > think the Linux SDK has even been kept up to date. > > On Wed, Aug 26, 2015 at 1:31 PM, Justin King-Lacroix < > [email protected]> wrote: > >> >> SGX is a really big step both because Intel has actually issued the >> equivalent of endorsement/platform credentials, so it's usable on the open >> Internet, and because it measures user-level code, which is what most >> applications of RA actually care about. (In fact, the partial isolation of >> the enclave code from the OS means the remote party often doesn't need to >> care about what OS is running.) >> >> I'm really not convinced RA is an afterthought for SGX. Intel have been >> talking about it from the get-go. >> >> On 26 August 2015 at 17:20, Steve Weis <[email protected]> wrote: >> >>> With SGX, remote attestation is possible but seems like an afterthought >>> right now. My understanding is that Intel expects someone to write an >>> attesting enclave that will handle attesting peer enclaves. I don't know of >>> any attestation enclave implementation or tooling around it that exists yet. >>> >>>
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
