Open sqq0216 opened 4 years ago
lzha101
commented
4 years ago After you run gendata command and before catsig command, you need to generate the signature.hex with your private key and the enclave_hash.hex generated by the gendata command.
Please refer to Developer Reference, page 20 and page 22 for details.
sqq0216
commented
4 years ago yes, I have ran the gendata command,and it generated an enclave_hash.hex,but there is not a signature.hex, how can I generate it?
lzha101
commented
4 years ago You need to do it by yourself to generate the signature.hex with the enclave_hash.hex and you private key. You can calculate the hash (SHA256) of the content in enclave_hash.hex and then sign the hash with your RSA private key to generate the signature. You can try OpenSSL commands to achieve this. Or you can refer to the implementation https://github.com/intel/linux-sgx/blob/master/sdk/sign_tool/SignTool/sign_tool.cpp#L462 for the signature generation.
I use the two-step signing process to sign my enclave, the makefile is : $(Signed_Enclave_Name): $(Enclave_Name) @$(SGX_ENCLAVE_SIGNER) gendata -enclave $(Enclave_Name) -config $(Enclave_Config_File) -out enclave_hash.hex $(SGX_ENCLAVE_SIGNER) catsig -enclave enclave.so -config $(Enclave_Config_File) -out $@ -key Enclave/public_key.pem -sig signature.hex -unsigned enclave_hash.hex @echo "SIGN => $@" but there is an error:
tcs_num 10, tcs_max_num 10, tcs_min_pool 1 The required memory is 4485120B. Succeed. /home/ubuntu-sqq/Graphene/graphene_SGX/sgxsdk/bin/x64/sgx_sign catsig -enclave enclave.so -config Enclave/Enclave.config.xml -out enclave.signed.so -key Enclave/public_key.pem -sig signature.hex -unsigned enclave_hash.hex
tcs_num 10, tcs_max_num 10, tcs_min_pool 1 The required memory is 4485120B. Failed to open file "signature.hex". The signature file "signature.hex" is not correct. Error happened while signing the enclave. Makefile:250: recipe for target 'enclave.signed.so' failed make: *** [enclave.signed.so] Error 255
what is wrong and what should I do? Thanks!