Open testiado opened 1 year ago
lzha101
commented
1 year ago There are many changes between 2.15 and 2.20, including some attributes changes which may impact the sealing key. Perhaps you can try to build the unseal enclave with SDK 2.15 and then unseal the sealed data. If you want to migrate your enclaves to 2.20, you can then use the enclave built with SDK 2.20 to seal the unsealed data again.
testiado
commented
1 year ago @lzha101 Thank you for the answer. The thing here is that it will be very hard for me to do such thing due to the architecture of my project. Actually checked the details again and to be more accurate I was using version 2.17 and the key I'm using is "auto key" (derived from my MRSIGNER) so it is very strange for me because the MRSIGNER is the same.
I have a sealed file that was sealed by an enclave that was signed by version 2.15 sdk (sgx_sign using MRSIGNER). I then created a new enclave that I signed with the same key only used version 2.20 of the sdk and somehow the new enclave is failing to unseal the previously sealed data. Also one of the things that I noticed was that the sizes of the signature dumps of both enclaves are different (28k vs 9k) Any idea of what was changed and how can I make it work?