Add code to generate an attestation document at runtime for your chosen trusted execution environment (e.g. AMD SEV, Intel SGX, or AWS Nitro Enclaves)
Build the application enclave and measure it.
Run the enclave.
Now that we have known-good measurements, clients can attempt verification:
The client fetches the enclave’s attestation document using a challenge-response mechanism.
The client verifies the attestation document, comparing the software measurement of the running software with the known-good measurement obtained from the build. If they match, trust in the software is established.
Notes / Open questions
Increased rewards for those that run signed binary (might be required to run in a VM >?)
Add code to generate an attestation document at runtime for your chosen trusted execution environment (e.g. AMD SEV, Intel SGX, or AWS Nitro Enclaves)
Build the application enclave and measure it.
Run the enclave.
Now that we have known-good measurements, clients can attempt verification:
The client fetches the enclave’s attestation document using a challenge-response mechanism.
The client verifies the attestation document, comparing the software measurement of the running software with the known-good measurement obtained from the build. If they match, trust in the software is established.
High level with TEE
Now that we have known-good measurements, clients can attempt verification:
Notes / Open questions
References