support optionally validating SGXType #51
Conversation
| } | ||
|
|
||
| // SGXType represents the type of the platform for which the PCK certificate was created | ||
| type SGXType int |
There was a problem hiding this comment.
I'm not quite familiar with the "SGXType" concept. Is it something Intel defined? Can you provide a link to it?
There was a problem hiding this comment.
Yes, this is a concept by Intel. The values are defined in Intel® SGX PCK Certificate and Certificate Revocation List Profile Specification 1.5, 1.3.5 Intel® SGX PCK Certificate, SGX Type:
The difference between SGXTypeScalable and SGXTypeScalableWithIntegrity is explained in the Intel® Trust Domain Extensions white paper, 02. Intel TDX – Technical Explanation:
The SEAM-memory range [...] can operate in one of two available modes for memory integrity protection (to enable various memory configurations). Memory integrity may be enforced by either (the default) cryptographic-integrity protection scheme or a logical-integrity protection scheme. The cryptographic-integrity scheme uses a SHA-3-based, message-authentication code (MAC) (28-bit) that helps prevent host/system software accesses as well as detects state-tamper from software (e.g., rowhammer) and some hardware attacks. The logical-integrity protection scheme is designed to prevent host/system software accesses only.
and Intel® Trust Domain Extensions white paper, 02. Intel TDX – Technical Explanation, E. REMOTE ATTESTATION:
Platform configuration differences such as whether cryptographic vs. logical-integrity mode is enabled are reflected via the Provisioning Certificates.
I wasn't able to find any docs that directly state that the SGX type is the field recording this platform configuration difference, but I was able to confirm this experimentally by generating two quotes, one on a platform with logical integrity and one on a platform with cryptographic integrity, and comparing the values.
This field allows us to to differentiate between Scalable (TDX with logical integrity) and Scalable with Integrity (TDX with cryptographic integrity).
This patch lays the groundwork for validating extensions inside the PCK certificate beyond what's needed to verify that a quote is valid. This patch adds an optional validation option to check the SGX type. This can be used to differentiate platforms with logical and cryptographic integrity. In the future, we could validate other fields e.g. "SMT Enabled".
Freax13
force-pushed
the
feature/sgx-type
branch
from
60453db to
a1bd2f0
Compare
This PR lays the groundwork for validating extensions inside the PCK certificate beyond what's needed to verify that a quote is valid. This PR adds an optional validation option to check the SGX type. This can be used to differentiate platforms with logical and cryptographic integrity. In the future, we could validate other fields e.g. "SMT Enabled".