Closed emrahsariboz closed 5 months ago
Hi,
Thank you! This is very helpful. Couple more question:
1) I see the the code on OE. How is the signing operation (signing the report with Provisioning Certificate Key) is done in EGo? Where does it sign in GetRemoteReport? Does it retrieve PCK from PCCS using Azure DCAP client?
2) Rookie question. Why does DCAP also called ECDSA? Is it because PCK key is ECDSA?
Thanks for the great product. I would appreciate it if anyone could verify if my understanding of EGo's DCAP-based attestation works correct or wrong.
I understand that EGo uses DCAP-based attestation rather than EPID. And EGo depends on Open Enclave regarding the details of Quoting Enclave.
However, one thing that does not add up is the fact that remote attestation sample generates a report before the quote is generated and signed by Provisioning Certification Enclave (PCE).
1) My understanding of DCAP was the quote will be generated and signed by the PCE, which will then become a report. Could you please help me understand this?
2) Also, where in the code EGo calls the OE APIs regarding QE operations? I don't see any submodule or anything that will use OE. Can you point me to the file/repo?
3) Again, in the remote attestation sample, how does the client retrieves the TCB information when verifying the cached attestation collateral from PCCS using Azure Quote Provider? In other words, how does client knows which attestation collateral to retrieve? Server never sends this information to help client verify.