Skip to content

Commit

Permalink
Update PDO TP with more sgx attestation checks.
Browse files Browse the repository at this point in the history
This commit adds the sgx debug flag to the TP policy,
dependent on PDO_DEBUG_BUILD.
Inside the TP, it adds the 64-bit flag check, and it checks
that that debug flag matches the one in registered TP policy.

Signed-off-by: Bruno Vavala <[email protected]>
  • Loading branch information
bvavala committed May 24, 2024
1 parent 5e18f99 commit a95fe15
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 14 deletions.
13 changes: 10 additions & 3 deletions eservice/bin/register-with-ledger.sh
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,23 @@ function Register {
else
VAR_MRENCLAVE=$(grep -o 'MRENCLAVE:.*' ${eservice_enclave_info_file} | cut -f2- -d:)
VAR_BASENAME=$(grep -o 'BASENAME:.*' ${eservice_enclave_info_file} | cut -f2- -d:)
if [ ${PDO_DEBUG_BUILD} = 1 ]; then SGX_DEBUG_FLAG="--sgx-debug-flag"; else SGX_DEBUG_FLAG= ; fi

: "${PDO_LEDGER_URL:?Registration failed! PDO_LEDGER_URL environment variable not set}"
: "IAS_KEY_PEM" "${IAS_KEY_PEM:?Registration failed! PDO_IAS_KEY_PEM environment variable not set}"

if [ ${PDO_LEDGER_TYPE} == "ccf" ]; then
yell Register enclave with CCF ledger: mrenclave=${VAR_MRENCLAVE} basename=${VAR_BASENAME}
yell Register enclave with CCF ledger: \
sgx_debug_flag=${SGX_DEBUG_FLAG} \
mrenclave=${VAR_MRENCLAVE} \
basename=${VAR_BASENAME}
source ${PDO_INSTALL_ROOT}/bin/activate
try ${PDO_INSTALL_ROOT}/bin/ccf_set_expected_sgx_measurements \
--logfile __screen__ --loglevel INFO --mrenclave ${VAR_MRENCLAVE} \
--basename ${VAR_BASENAME} --ias-public-key "$(cat $IAS_KEY_PEM)"
--logfile __screen__ --loglevel INFO \
--mrenclave ${VAR_MRENCLAVE} \
--basename ${VAR_BASENAME} \
--ias-public-key "$(cat $IAS_KEY_PEM)" \
${SGX_DEBUG_FLAG}
else
die unsupported ledger ${PDO_LEDGER_TYPE}
fi
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ def set_contract_enclave_expected_sgx_measurements(client, options):
params['mrenclave'] = options.mrenclave
params['basename'] = options.basename
params['ias_public_key'] = options.ias_public_key
params['sgx_debug_flag'] = options.sgx_debug_flag

r = client.post("/app/set_contract_enclave_expected_sgx_measurements", params)
if r.status_code != http.HTTPStatus.OK.value:
Expand All @@ -50,10 +51,13 @@ def Main() :
parser.add_argument('--basename', help="PDO enclave basename", type=str)
parser.add_argument('--ias-public-key',
help="IAS public key derived from cert used to verify report signatures", type=str)
parser.add_argument('--sgx-debug-flag', help="PDO enclave sgx debug flag", action='store_true')

local_options = parser.parse_args(unprocessed_args)

if (not local_options.mrenclave) or (not local_options.basename) or (not local_options.ias_public_key):
if (not local_options.mrenclave) or \
(not local_options.basename) or \
(not local_options.ias_public_key):
parser.print_help()
sys.exit(-1)

Expand Down
7 changes: 5 additions & 2 deletions ledgers/ccf/transaction_processor/enclave_registry.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,15 @@ namespace ccf
string mrenclave;
string basename;
string ias_public_key;
bool sgx_debug_flag;
};

DECLARE_JSON_TYPE(ContractEnclaveExpectedSGXMeasurements);
DECLARE_JSON_REQUIRED_FIELDS(ContractEnclaveExpectedSGXMeasurements,
mrenclave,
basename,
ias_public_key);
ias_public_key,
sgx_debug_flag);


struct ProofData{
Expand Down Expand Up @@ -134,6 +136,7 @@ namespace ccf
string mrenclave;
string basename;
string ias_public_key;
bool sgx_debug_flag;
};
};

Expand All @@ -152,6 +155,6 @@ namespace ccf
DECLARE_JSON_REQUIRED_FIELDS(RegisterContractEnclaveAttestionCheckFlag::In, check_attestation);

DECLARE_JSON_TYPE(RegisterContractEnclaveExpectedSGXMeasurements::In);
DECLARE_JSON_REQUIRED_FIELDS(RegisterContractEnclaveExpectedSGXMeasurements::In, mrenclave, basename, ias_public_key);
DECLARE_JSON_REQUIRED_FIELDS(RegisterContractEnclaveExpectedSGXMeasurements::In, mrenclave, basename, ias_public_key, sgx_debug_flag);

}
30 changes: 22 additions & 8 deletions ledgers/ccf/transaction_processor/pdo_tp.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ namespace ccfapp
expected_sgx_measurements.mrenclave = in.mrenclave;
expected_sgx_measurements.basename = in.basename;
expected_sgx_measurements.ias_public_key = in.ias_public_key;
expected_sgx_measurements.sgx_debug_flag = in.sgx_debug_flag;

//store the data
contract_enclave_expected_sgx_measurements_view->put(PDO_ENCLAVE_EXPECTED_SGX_MEASUREMENTS, expected_sgx_measurements);
Expand Down Expand Up @@ -246,15 +247,14 @@ namespace ccfapp
5. nonce
6. basename
7. user report data
8. 64-bit flag
9. sgx debug flag
Note that we do not currently verify whether the enclave debug
flag is turned on or not. In order to ensure that the enclave is
run in a mode that supports enhanced-confidentiality and
execution integrity, the debug flag (SGX_FLAGS_DEBUG /
0x0000000000000002ULL in the report's attribute) should be set
to 0. For additional details on how we plan to support this
check, please see
https://github.com/hyperledger-labs/private-data-objects/issues/195.
Note that we do not currently verify whether the TCB version of the enclave.
This must be implemented to ensure that the enclave does not run using an old
superseded TCB.
For additional details on how we plan to support this check, please see
https://github.com/hyperledger-labs/private-data-objects/issues/195.
*/

Expand Down Expand Up @@ -364,6 +364,20 @@ namespace ccfapp
HTTP_STATUS_BAD_REQUEST, ccf::errors::InvalidInput, "Enclave attestation report verification Failed. Invalid user report data");
}

// Verify 64-bit enclave
if((reportBody->attributes.flags & SGX_FLAGS_MODE64BIT) == 0)
return ccf::make_error(HTTP_STATUS_BAD_REQUEST, ccf::errors::InvalidInput,
"Enclave attestation report verification Failed. Enclave is not 64-bit");

// Verify SGX debug flag
bool flag = reportBody->attributes.flags & SGX_FLAGS_DEBUG;
if(flag != expected_sgx_measurements.sgx_debug_flag)
return ccf::make_error(HTTP_STATUS_BAD_REQUEST, ccf::errors::InvalidInput,
std::string("Enclave attestation report verification Failed. Enclave debug flag ") +
std::string(flag ? "True" : "False") +
std::string(" does not match policy flag ") +
std::string(expected_sgx_measurements.sgx_debug_flag ? "True" : "False"));

}


Expand Down

0 comments on commit a95fe15

Please sign in to comment.