关于enclave_signing_key.pem的问题

[gaojunjie03]

编译enclave程序的时候，比如frontend的enclave，我看到脚本sgx_link_sign上是使用了enclave_signing_key.pem 来对其进行签名生成一个签名共享库sign.so. 有两个问题 1、这个enclave_signing_key.pem是在哪里进行生成的没找到？还是说自己线下使用opessl就可以生成 不需要任何sgxsdk的参与？

2、app启动enclave的时候 我看到最后的binder.rs SgxEnclave::create 最后生成了enclave并没有指定enclave_signing_key.pem来生成这个enclave？没有指定也能使用吗？

[hiroki-chen]

1. Enclave's signing keys are generated on your own using tools like OpenSSL. This is an RSA asymmetric key pair. The enclave_signing_key.pem is the private key that is used by the sgx_sign tool to generate the signature of the enclave. The private key is crucial for the proof of the identity of the enclave provider.
2. We do not need a private key to verify the signature as we use public key instead. The public key is calculated from the private key directly and is embedded in the enclave's measurement which, upon the enclave is loaded, the hardware will verify. Tampered enclave.so will be rejected.

Hope this helps :)

[gaojunjie03]

哦哦 就是在sgx_sign的时候使用enclave_signing_key.pem对其进行签名之后生成的enclave.sign.so/enclave.so这个库里面就自动包含有了enclave_signing_key.pem对应的公钥了是吗？ 然后如果是这样的话，那enclave.sign.so/enclave.so这个库文件如果被其他人拿到，那其他人会不会窃取到里面的信息比如里面的程序代码？

[hiroki-chen]

Yes, you are correct. The public key is contained in enclave.signed.so if properly signed by sgx_sign. enclave.signed.so itself, however, is not encrypted, so if this shared library is somehow leaked, other unauthorized entities are able to steal the binary's code.

[gaojunjie03]

好的，明白 那还有个问题，你上面说到的当enclave被加载时，硬件会进行验证，被篡改的enclave.so会被拒绝。这个过程是怎么进行的？加载时如果enclave.so被篡改了，那里面的公钥也会跟着发生变化，然后硬件验证的时候会使用签名时的私钥对这个公钥进行验证，是这样吗还是？

[hiroki-chen]

You are kindly referred to these materials for in-depth details:

• overview-signing-whitelisting-intel-sgx-enclaves.pdf.
• Intel SGX explained where you can find the struct calledSIGSTRUCT.

[gaojunjie03]

ok thanks~