Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handling SGX verification non-terminal results #84

Open
imlk0 opened this issue Aug 12, 2023 · 2 comments
Open

Handling SGX verification non-terminal results #84

imlk0 opened this issue Aug 12, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@imlk0
Copy link
Collaborator

imlk0 commented Aug 12, 2023

During SGX verfication on some older hardware it may respond with SGX_QL_QV_RESULT_OUT_OF_DATE error, which is actually a non-terminal result, meaning that whether or not to trust is left to the user. We need to provide the user with this interface in librats to confirm that the error is exempted.

librats/verifiers/sgx-ecdsa/verify_evidence.c

Lines 276 to 284 in 5ac0f98

case SGX_QL_QV_RESULT_CONFIG_NEEDED:
case SGX_QL_QV_RESULT_OUT_OF_DATE:
case SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED:
case SGX_QL_QV_RESULT_SW_HARDENING_NEEDED:
case SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED:
RATS_WARN("verification completed with Non-terminal result: %x\n",
quote_verification_result);
err = SGX_ECDSA_VERIFIER_ERR_CODE((int)quote_verification_result);
break;

@imlk0 imlk0 added the enhancement New feature or request label Aug 12, 2023
@JamesMenetrey
Copy link
Contributor

JamesMenetrey commented Aug 14, 2023
edited
Loading

Hello, Great idea!

To provide some thought material, I used librats on some not-that-old hardware, which returned SW_HARDENING_NEEDED. This was the expected result on that platform because that hardware is permanently affected by INTEL-SA-00334, even with the latest microcode updates.

Interestingly, this case should be considered a warning, as the developers have to _ evaluate the potential risk of an attack on these platforms and whether the attesting enclave employs adequate software hardening to mitigate the risk_.

This means that even though the attestation process may result in one of these cases, it should not be considered as an erroneous situation, but as you said, be left to the users to assess whether this must be regarded as ok or not.

Source of this issue: https://community.intel.com/t5/Intel-Software-Guard-Extensions/Receiving-ISV-Enclave-Trust-Status-as-Enclave-NOT-TRUSTED/m-p/1194130#M3844

Cheers

@imlk0
Copy link
Collaborator Author

imlk0 commented Aug 15, 2023

Hello, Great idea!

To provide some thought material, I used librats on some not-that-old hardware, which returned SW_HARDENING_NEEDED. This was the expected result on that platform because that hardware is permanently affected by INTEL-SA-00334, even with the latest microcode updates.

Interestingly, this case should be considered a warning, as the developers have to _ evaluate the potential risk of an attack on these platforms and whether the attesting enclave employs adequate software hardening to mitigate the risk_.

This means that even though the attestation process may result in one of these cases, it should not be considered as an erroneous situation, but as you said, be left to the users to assess whether this must be regarded as ok or not.

Source of this issue: https://community.intel.com/t5/Intel-Software-Guard-Extensions/Receiving-ISV-Enclave-Trust-Status-as-Enclave-NOT-TRUSTED/m-p/1194130#M3844

Cheers

Thanks for your feedback, we are considering adding options to address this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JamesMenetrey @imlk0