initc3 / auditee Public

Notifications You must be signed in to change notification settings
Fork 6
Star 4

Tool to verify the reproducibility of SGX enclave builds

auditee.readthedocs.io

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 29 Commits
auditee		auditee
docs		docs
examples		examples
tests		tests
.dockerignore		.dockerignore
.flake8		.flake8
.gitignore		.gitignore
.gitmodules		.gitmodules
.readthedocs.yml		.readthedocs.yml
Dockerfile		Dockerfile
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
Makefile		Makefile
README.md		README.md
docker-compose.yml		docker-compose.yml
pyproject.toml		pyproject.toml
setup.cfg		setup.cfg
setup.py		setup.py

Repository files navigation

auditee

WORK IN PROGRESS -- DO NOT USE -- DO NOT TRUST

auditee is a tool to help verifying that an SGX enclave that has been remotely attested matches some given source code.

The idea is as follows:

Given:

a signed enclave binary file (e.g. Enclave.signed.so),
the source code used to build the enclave, and
an attestation report,

an auditor verifies:

whether the signed enclave build can be reproduced, using the source code, and a nix & docker based toolchain to rebuild the enclave binary;
whether the MRENCLAVE and ATTRIBUTES of the provided signed Enclave match that of the rebuilt one;
whether the MRENCLAVE and ATTRIBUTES match the ones from the provided report.

The verification can allow an external user gain confidence in the user or applicaiton specific data that may be included in the remote attestation report. The verification may also allow a user to deploy the provided signed enclave with confidence that it corresponds to some source code.