DemesneGH
commented
1 year ago Hi @prz23 The mutual attestation has been implemented in Teaclave and Teaclave SGX SDK (reference: incubator-teaclave/mutual-attestation.md at master · apache/incubator-teaclave · GitHub). Adding remote attestation support in the Teaclave TrustZone SDK is on our road map and we've made some progress on that.
Here's an overview of the related work:
- Our TLS support and client/server examples: incubator-teaclave-trustzone-sdk/examples/tls_server-rs at master · apache/incubator-teaclave-trustzone-sdk · GitHub
- OP-TEE's support for attestation in pseudo TA, which provides runtime measurements: core: pta: add remote attestation PTA · OP-TEE/optee_os@7e05ec2 · GitHub
- Remote attestation implementation in incubator-teaclave
In order to complete the TrustZone SDK implementation, we need to:
- Wrap the APIs for the TA to call the pseudo TA, such as
TEE_OpenTASession - Customize the TLS certificate based on our TLS client/server example
- Add the attestation module and attestation example
We'll keep you informed of any updates on this thread. If you're interested in implementing this feature, we'd appreciate your contribution. Thank you!
A TEE with remote attestation capability is required for it to function as a server, so I would like to ask if there are any plans for the Teaclave SDK to implement remote attestation capabilities?