README.md

How to Verify Intel(R) Prebuilt Architectural Enclaves (AE) Reproducibility

Purpose

Intel® prebuilt AEs have been signed by Intel which include the Enclave Signature Structure to the files. Therefore, it's not easy to verify they are reproducible by comparing the checksums of your AE builds with the ones found in Intel(R) prebuilt AEs.
This document outlines a process to guarantee Intel(R) prebuilt AEs are:

• Built using the open source codebase and toolchain
• Signed using the open source enclave config.xml

Prerequisites

• Ensure Intel(R) SGX SDK is installed (https://github.com/intel/linux-sgx#install-the-intelr-sgx-sdk), and the required environment variables are set:

  $ source ${sgx-sdk-install-path}/environment

• Prepare below 4 materials

  • intel_signed_ae
    The Intel(R) prebuilt AE to be verified, which can be downloaded from https://download.01.org/intel-sgx/latest/linux-latest/ or https://download.01.org/intel-sgx/latest/dcap-latest/linux/.
  • user_build_unsigned_ae
    The unsigned AE built by yourself in an SGX docker container by following the reproducibility README.md.
  • user_private_key
    The private key file generated by yourself for signing user_build_unsigned_ae.
    It should follow the PEM format which contains an unencrypted RSA 3072-bit key. The public exponent must be 3.
    E.g. 'openssl genrsa -out my_priv_key.pem -3 3072'
  • intel_ae_config_xml
    The open source enclave configuration file of the Intel(R) prebuilt AE.
    E.g. the config.xml of PCE: https://github.com/intel/linux-sgx/blob/master/psw/ae/pce/config.xml

How to verify

• Run below command to verify

  $ ./reproducibility_verifier.sh intel_signed_ae user_build_unsigned_ae user_private_key intel_ae_config_xml [output_dir]

  Note:

  • To show the usage, please run ./reproducibility_verifier.sh.
  • The first four required arguments MUST in the same order above. (See Prerequisites - Prepare below 4 materials).
  • The last argument 'output_dir' is optional. If not provided, it will use 'output' by default. The result will be generated in 'output_dir'.

• Check the verification result

  • If successful, the exit code will be 0, and the following message will be displayed:

    $ ./reproducibility_verifier.sh intel_signed_ae user_build_unsigned_ae user_private_key intel_ae_config_xml
    ...
    Reproducibility Verification PASSED!

  • If it fails, the exit code will be 1 or 2, and the following message will be displayed:

    $ ./reproducibility_verifier.sh intel_signed_ae user_build_unsigned_ae user_private_key intel_ae_config_xml output
    ...
    Reproducibility Verification FAILED!
    Please find the diff contents in output/metadata_diff.txt

    Meanwhile, you can find the metadata of Intel and user are generated in ./output/intel_metadata.txt and ./output/user_metadata.txt