Open pegahnikbakht opened 2 years ago
I am pretty sure SGX attestation is based on a TPM. TPM has its own format for signing and carrying the payload of what is signed that was defined decades ago.
You could do something where you use a UCCS format EAT (unsigned EAT), hash it and feed the hash into the TPM to sign. The claims in the EAT would not originate in the TPM, but that may be OK. You could maybe make that some variant of a detached eat bundle (DEB).
Also see this: https://mailarchive.ietf.org/arch/msg/rats/KIIfvl2CnlNxjmmPZWNTSruhcNE/
Hi, I'm implementing remote attestation, I was wondering if there is any way of mapping of Intel SGX attestation quote to EAT token available?