treewide: sgx setup and documentation fixes

Signed-off-by: Simon Ott <[email protected]>

doc/Architecture.md

@@ -57,23 +57,24 @@ Platform Configuration Registers (PCRs) during the *Measured Boot* and to genera
 which can be used to verify the platform state. Furthermore, the *tpmdriver* can use the *ima*
 package interfacing with the kernel's Integrity Measurement Architecture (IMA) for obtaining
 detailed measurement lists of the kernel modules, firmware and optionally further components
-running on the platform. The *tpmdriver* can therefore act as *Measurement* as well as as
-*Signer* interface.
+running on the platform.
 
 __snpdriver:__
 The *snpdriver* interfaces with the AMD SEV-SNP SP. It retrieves SNP measurements in the form of
 an SNP attestation report as well as the certificate chain for this attestation report from the
-respective AMD servers. Currently, it can only act as *Measurement* interface.
+respective AMD servers.
 
 __sgxdriver:__
-The *sgxdriver* interfaces with the Intel SGX CPU. It retrieves SGX measurements in the form of an SGX attestation report signed by the SGX quoting enclave. It implements a small caching mechanism to fetch and store the certificate chain used for report verification from the Intel SGX API. Currently, the driver only acts as a *Measurement* interface.
+The *sgxdriver* interfaces with the Intel SGX CPU. It retrieves SGX measurements in the form of an
+SGX attestation report signed by the SGX quoting enclave. It implements a small caching mechanism to
+fetch and store the certificate chain used for report verification from the Intel SGX API.
 
 __tdxdriver:__
 *Will be implemented as soon as Intel TDX hardware is available.*
 
 __swdriver:__
-The *swdriver* simply creates keys in software for testing purposes and can be used as *Signer*
-interface. **Note**: This should mainly be used for testing purposes.
+The *swdriver* simply creates keys in software for testing purposes. Currently, it does not implement
+a measurement functionality. **Note**: This should mainly be used for testing purposes.
 
 __estserver:__
 During provisioning, the cmcd requires interaction with a provisioning server (*estserver*). The

doc/manual-setup.md

@@ -5,18 +5,29 @@ platform and run and test the tools. It was tested on Ubuntu 22.04 LTS.
 
 ## Install Prerequisites
 
+Install utilities for building and setting up the PKI:
 ```sh
-# Install utils
 sudo apt install moreutils golang-cfssl build-essential
+```
 
-# Install tpm-pcr-tools for calculating/parsing TPM PCR values for TPM-based attestation
+### TPM-specific Setup
+Install tpm-pcr-tools for calculating/parsing TPM PCR values for TPM-based attestation:
+```sh
 sudo apt install -y build-essential zlib1g-dev libssl-dev
 git clone https://github.com/Fraunhofer-AISEC/tpm-pcr-tools.git
 cd tpm-pcr-tools
 make
 sudo make install # Or launch from individual folders
 ```
 
+### Intel SGX-specific Setup
+
+Install the Intel SGX DCAP libraries and utilities according to the Intel
+[manual](https://www.intel.com/content/www/us/en/developer/articles/guide/intel-software-guard-extensions-data-center-attestation-primitives-quick-install-guide.html).
+
+Install the [EGo framework](https://github.com/edgelesssys/ego).
+
+
 ## Build and Install the CMC and Tools
 
 ```sh
@@ -151,8 +162,8 @@ tbd
 
 The reference values for Intel SGX consist of a fingerprint of the Intel Root CA certificate, the TCB Info and QE Identity structures, the enclave product ID (ISV Prod ID), the security version of the enclave (ISVSVN), expected enclave attributes (e.g. DEBUG, Mode64Bit, etc.), a hash of the enclave measurement (MRENCLAVE) and a hash of the enclave signing key (MRSIGNER).
 
-The Root CA certificate, TCB Info and QE Identity structures can be retrieved from the [Intel API](https://api.portal.trustedservices.intel.com/content/documentation.html). ISV SVN and ISV Prod ID are assigned by the enclave author. The EGo framework sets these values to 1 by default. 
-The MRENCLAVE and MRSIGNER values for an enclave can be retrieved via the EGo CLI tool with the commands ```ego uniqueid $ENCLAVE_PROGRAM``` and ```ego signerid $ENCLAVE_PROGRAM```. 
+The Root CA certificate, TCB Info and QE Identity structures can be retrieved from the [Intel API](https://api.portal.trustedservices.intel.com/content/documentation.html). ISV SVN and ISV Prod ID are assigned by the enclave author. The EGo framework sets these values to 1 by default.
+The MRENCLAVE and MRSIGNER values for an enclave can be retrieved via the EGo CLI tool with the commands ```ego uniqueid $ENCLAVE_PROGRAM``` and ```ego signerid $ENCLAVE_PROGRAM```.
 
 ### 4. Sign the metadata
 

example-setup/enclave.json

@@ -1,5 +1,5 @@
 {
- "exe": "testtool",
+ "exe": "../testtool/testtool",
  "key": "private.pem",
  "debug": false,
  "heapSize": 512,
@@ -16,4 +16,4 @@
  ],
  "env": null,
  "files": null
-}
+}

testtool/Makefile

@@ -8,6 +8,6 @@ all:
 	go build
 
 egocmc: 
-	CGO_CFLAGS=-D_FORTIFY_SOURCE=0 ego-go build && ego sign testtool
+	CGO_CFLAGS=-D_FORTIFY_SOURCE=0 ego-go build && ego sign ../example-setup/enclave.json