Release date on remote attestation support ?

[thank...@gmail.com]

Hi Dears,

I wonder if there is any rough estimation of release date for remote attestation support ?

I am in a point judging whether to move exsting sgx projects to asylo or continue with intel SGX SDK.

Asylo provides much more convenient C++ eco-systems for me but I cannot find substitutions for RA.

It would be cool if grpc can generate its own certificates and provides RA with user_data=sha256(public cert). Then user can 

verify it is running in enclave via RA and make requests via TLS channel.

BTW,

Can I call intel SGX functions in asylo build system？Looks like it is patched in asylo to support something cool.

If I can use intel SGX sdk apis, it is possible for me to give a temporary solution for RA feature.

[asa...@google.com]

Hi, We don’t have a release date for SGX remote attestation support in Asylo yet, but it is something we are actively working on this year. Note that we are initially just targeting support for ECDSA-based remote attestation via DCAP and not EPID-based remote attestation. ECDSA/DCAP is a newer attestation architecture that is more widely accessible (no Intel API subscription required) and does not rely on online services for attestation-verification. Asylo’s remote attestation support will be integrated into our secure gRPC stack so that you can form secure channels to and from enclaves. If you are interested in migrating your apps to Asylo, you can use local attestation for now and switch to remote attestation once it is available. Yes, you can call SGX SDK APIs from Asylo applications (see the available libraries in the BUILD file and the sgx_deps Bazel rule), but note that the resulting code will not be portable across other backends. Let me know if you have further questions. Anna (Asylo Team)

[thank...@gmail.com]

Thanks Anna.

DCAP looks like helps cloud service provider get rid of accessing Intel IAS, which does not help in my case. My client is at customer side but is allowed to access Intel IAS.

BTW,

Do I have to run my asylo grpc client inside the enclave? If connecting server via local-attestation channel, I guess this must be yes.

Can I use asylo grpc client with remote attestation channel (i.e. set expected mrenclave and check) outside the enclave ? 

在 2019年2月27日星期三 UTC+8上午6:12:58，asa...@google.com写道：

[asa...@google.com]

There is no Intel Attestation Service (IAS) in the ECDSA attestation architecture. All the verification can happen without contacting Intel, you just need the Intel SGX Root CA certificate.

We may eventually provide support for EPID attestation in Asylo but it is not a focus right now. If you’re interested in looking into adding EPID support, you can take a look at the existing implementations under asylo/identity/null_identity and asylo/identity/sgx for guidance.

For local-attestation channels, you are correct that both endpoints (the gRPC server and the gRPC client) must be inside enclaves, as there is no way to verify a local attestation outside an enclave. Additionally, a local-attestation channel can only be established between enclaves running on the same SGX platform.

Remote-attestation channels can be created between enclaves and non-enclaves. That is, Asylo supports both enclave-to-enclave channels (including the case where the enclaves are on different SGX platforms) as well as enclave-to-non-enclave channels.

Hope that helps.

Anna (Asylo team)

[thank...@gmail.com]

Thanks Anna. Looking forward to RA support in grpc channel.

在 2019年3月7日星期四 UTC+8上午2:45:04，asa...@google.com写道：