Closed l-monninger closed 2 years ago
@Jonas-Metzger @krishpop
It's a hex encoded binary cose_sign1 structure. Below is a colab notebook that verifies an attestation, if you want to explore a bit what that means:
https://colab.research.google.com/drive/1V8ub0klHSoByYhDH2rJm8R0g5Bwdp5IJ#scrollTo=HPGMZRdqXWpO
Main.js does that automatically, in this function: https://github.com/open-contracts/open-contracts.github.io/blob/a78d86fa4f23bfa204729c6103620c2831447aa9/main.js#L242
The measurements (=hashes=PCRs) that matter for us are PCR0-2, and their verification is crucial to the security of the protocol, but their verification is currently skipped: 1) because they are still changing and 2) because they are set to all 0s by AWS since we're running the enclaves in debugging mode while we develop.
It's good to know how this stuff works, but beyond main.js, the frontend does not need to worry about it.
What is the shape of attestation data?
Right now I have:
Do we also have measurements?: https://docs.aws.amazon.com/enclaves/latest/user/set-up-attestation.html