peiwenhu
commented
2 years ago Hi, what's the status of this? Is there some existing library that helps verify an attestation document? thanks
Open petreeftime opened 3 years ago
peiwenhu
commented
2 years ago Hi, what's the status of this? Is there some existing library that helps verify an attestation document? thanks
dreemkiller
commented
2 years ago I have written something up that solves this issue for me, perhaps you will find it helpful (until AWS does it "officially" and "supported", in which case, definitely use theirs: https://github.com/veracruz-project/nitro-enclave-attestation-document
peiwenhu
commented
2 years ago Thanks! That's very helpful
paholg
commented
2 years ago @petreeftime would you accept a PR that incorporates @dreemkiller's solution?
richardfan1126
commented
1 year ago I had written similar code in Python for this purpose: https://github.com/richardfan1126/nitro-enclave-python-demo/blob/master/attestation_verifier/secretstore/attestation_verifier.py
Given that verifying attestation documents is mostly the task of an external component which doesn't directly work with NSM, should this feature included in nsm-lib? Or should it be included in some other external tools like Nitro CLI?
dreemkiller
commented
1 year ago I've also written some golang that does this: https://github.com/veracruz-project/go-nitro-enclave-attestation-document
I'm not sure the best place to put an "AWS Approved" parser/verifier.
Given a COSE binary, provide an API to extract the Attestation Document from it and verify the signature against a given root(s) of trust.