Attest the application code before enclave building #1853
Unanswered
ROF13ThFloor
asked this question in
Q&A
Replies: 1 comment 4 replies
-
Sorry, could you reformulate your question in a more precise manner? In particular, with code snippets of what you're doing. For example, what do you mean by "enclave building"? What do you mean by "I use attestation"? In general, the correct way is to:
After these steps, when you receive the attestation report on your local machine and verify the MRENCLAVE, you can be sure that the code of the app was not modified. |
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi all, I did not find the related thread, so I'm sorry if it's a repetitive question
I have a Node.js application which is deployed on the application. After deployment, I create the enclave in the cloud (Azure) and then before the execution Gramine use attestation to attest the application and codes.
My question is, Does attestation verify the application code before enclave creation?
In my deployment process, I copied the application to the target VM and then creat the enclave inside the cloud. But it seems that the attestation can verify the created enclave and if the code changes before building the enclave, then the building enclave and attestation works!
So my question is, is there any way to protect from code before enclave building? Is it possible to build an enclave before sending the application to the cloud?
I really appreciate any answer to my question
Thanks
Beta Was this translation helpful? Give feedback.
All reactions