intel / sgx-ra-sample

Other
178 stars 64 forks source link

Enclave is NOT TRUSTED and COMPLICATED #72

Open apastorgalindo opened 3 years ago

apastorgalindo commented 3 years ago

Hi, I deploy the project and in the last message, in PIB, I get that the Enclave Trust is NOT TRUSTED and COMPLICATED. (Client out of date).

Enclave Report Details: ---- Enclave Report Details ------------------------------------------------ cpu_svn = 1011ffffff8000000000000000000000 misc_select = 00000000 attributes = 07000000000000000700000000000000 mr_enclave = 13f9c47e7dcb10113cc02829987de53f167b37d8317e655dcc5229d5222aebba mr_signer = bd71c6380ef77c5417e8b2d1ce2d4b6504b9f418e5049342440cfff2443d95bd isv_prod_id = 0000 isv_svn = 0001 report_data = 37e8906241e726a568df14b8a4bebd25bc547a7ce81bd3c77b70116acb80716a0000000000000000000000000000000000000000000000000000000000000000

IAS Report: ---- IAS Report - JSON - Optional Fields ----------------------------------- platformInfoBlob = 150200650400090000111102040180060000000000000000000C00000C000000020000000000000BC9A7FC65A0739F03D82C32F46257C9EC83AA13B3C52A23412DD35B8842FD475BA572A6AB6EA21003E179E14F500DB473C297AA3E5568D5356B812BA96F0A933ACB revocationReason = pseManifestStatus = pseManifestHash = nonce = epidPseudonym = q+a2DvoFbVP35xyterhZejpqnSeaNgPDshSHRYFb3YByiZPVtkEQRPsAp3Gi0YpytDg8mQ9UPY4cMeLZM5HPCV75ISWoQklWst/MqREm88du2SW1kglVyKwW+ykOV8IxVsq+W9DQ2SagjTziiJPWFva5uzFUjBhmBDvcZddG+Ts= advisoryURL = https://security-center.intel.com advisoryIDs = INTEL-SA-00219,INTEL-SA-00289,INTEL-SA-00477,INTEL-SA-00381,INTEL-SA-00389

I updated BIOS on my Huawei Matebook X PRO. Could you help me?

XNinety9 commented 3 years ago

You might want to check Intel's community forum, this topic has been extensively discussed over there.

Tu sum things up: some SAs can be fixed using a microcode update, some can't. It's up to your RA server to decide whether the platform (client's CPU/BIOS/SGX stack) can be trusted of not, using IAS's report.