Open remyut opened 2 years ago
Hy @dayeol
I'm a bit confused with the ed25519 implementation in the bootrom, sm, and the sdk.
So I was wondering if the keystone EDDSA has some modification compared to RFC defined EDDSA. it will be difficult to perform remote attestation againts external entity (some server in the cloud) that uses standard ED25519.
Yes, thank you for bringing this up. Our ed25519 was modified and is non-standard. Rohit was working on switching to standard (and more common) SHA256 + ECDSA (https://github.com/keystone-enclave/keystone/tree/dev-rohit-sha256) for the measured boot + attestation, but I don't know how far he got.
FYI, our measured boot is based on MIT Sanctum's secure bootloader (https://github.com/ilebedev/secure_bootloader/)
Thanks for the clarification @dayeol
just wondering why you need to implement modified ED25519. why not use standard library like libsodium, libgcrypt or other lib? I think it's better to use existing and well-tested library, especially crypto to ensure the security for the crypto computation.
Hi,
What crytpo lib do you recommend for ECDSA 256 p1 to run inside the enclave? I can only find libsodium, but it only support eddsa (ed25519)
Thanks