Is there time service inside enclave?

aws / aws-nitro-enclaves-nsm-api

This provides a library for interacting with the Nitro Secure Module, which provides Nitro Enclaves with attestation capability.

Apache License 2.0

62 stars 43 forks source link

Is there time service inside enclave? #15

Closed raindust closed 2 years ago

raindust commented 2 years ago

There are time services such as Amazon Time Sync Service outside the enclave, however, they should pass from parent instance client and we can't approve the time is not modified from outside. So is there any way I can get time from enclave? I can only find get attestation documents and random API here.

petreeftime commented 2 years ago

The time is automatically sync'ed via the KVM clock, there is no need to provide this via an external service. Did you detect any meaningful clock difference within the enclave?

raindust commented 2 years ago

Sorry for replying so late. I want to use time service in a Byzantine tolerance environment. So I have to know the clock is provided with proof to ensure it's not modified, or I have to design a voting mechanism to determine it is correct or not