EAT and intel SGX attestation - Githubissues

laurencelundblade / ctoken

Encodes and decodes CWT, EAT and similar format tokens. It supports COSE format signing and verification as well as the UCCS unsigned format.

BSD 3-Clause "New" or "Revised" License

9 stars 6 forks source link

EAT and intel SGX attestation #56

Open pegahnikbakht opened 2 years ago

pegahnikbakht commented 2 years ago

Hi, I'm implementing remote attestation, I was wondering if there is any way of mapping of Intel SGX attestation quote to EAT token available?

laurencelundblade commented 2 years ago

I am pretty sure SGX attestation is based on a TPM. TPM has its own format for signing and carrying the payload of what is signed that was defined decades ago.

You could do something where you use a UCCS format EAT (unsigned EAT), hash it and feed the hash into the TPM to sign. The claims in the EAT would not originate in the TPM, but that may be OK. You could maybe make that some variant of a detached eat bundle (DEB).

Also see this: https://mailarchive.ietf.org/arch/msg/rats/KIIfvl2CnlNxjmmPZWNTSruhcNE/