@scom/scom-enclave-attestation v0.1.1

Remote Attestation

To install

docker compose run --rm install

To get an attestation document

Run the commands from https://github.com/scom-repos/scom-enclaves?tab=readme-ov-file#to-get-attestation-document on an EC2 instance and transfer the doc.cbor file to test/ directory.

To test in cmd

docker compose run --rm test

To test in browser

docker compose up browser-test

Go to http://127.0.0.1:8008/

PCRs

From https://docs.aws.amazon.com/enclaves/latest/user/set-up-attestation.html#where for the meanings of pcr0-8 | PCR | Hash of ... | Description | | --- | --- | --- | | PCR0 | Enclave image file | A contiguous measure of the contents of the image file, without the section data. | | PCR1 | Linux kernel and bootstrap | A contiguous measurement of the kernel and boot ramfs data. | | PCR2 | Application | A contiguous, in-order measurement of the user applications, without the boot ramfs. | | PCR3 | IAM role assigned to the parent instance | A contiguous measurement of the IAM role assigned to the parent instance. Ensures that the attestation process succeeds only when the parent instance has the correct IAM role. | |PCR4 | Instance ID of the parent instance | A contiguous measurement of the ID of the parent instance. Ensures that the attestation process succeeds only when the parent instance has a specific instance ID. | | PCR8 | Enclave image file signing certificate | A measure of the signing certificate specified for the enclave image file. Ensures that the attestation process succeeds only when the enclave was booted from an enclave image file signed by a specific certificate. |