occlum

History

Zheng, Qi eba7e08453 [demos] Add MAA demo		2022-05-27 00:02:17 +08:00
..
config	[demos] Add MAA demo	2022-05-27 00:02:17 +08:00
gen_quote	[demos] Add MAA demo	2022-05-27 00:02:17 +08:00
maa.yaml	[demos] Add MAA demo	2022-05-27 00:02:17 +08:00
README.md	[demos] Add MAA demo	2022-05-27 00:02:17 +08:00
run.sh	[demos] Add MAA demo	2022-05-27 00:02:17 +08:00

README.md

Sample code for Occlum Remote Attestation to generate Microsoft Azure Attestation json file

References

Part of the sample code, specifically the part to generate MAA format json file, is derived from the Sample code for Intel® SGX Attestation using Microsoft Azure Attestation service and Intel® SGX SDK for Linux OS

Prerequisites

Platform: Intel SGX enabled platform with DCAP installed. Follow DCAP Quick Install Guide for the detailed installation procedure.
Container: Start the Occlum latest docker container image for the demo. Follow the guide.

Remember to configure /etc/sgx_default_qcnl.conf in the container according to your PCCS setting after running the docker image.

Overview

The full Microsoft Azure Attestation flow includes generating a quote in an SGX enclave and then get it validated by the Microsoft Azure Attestation (MAA) service.

There are five steps for a full flow MAA.

Build an SGX enclave
Launch an SGX enclave and get SGX quote
Persist SGX quote and Enclave Held Data (EHD) to JSON file
Call Azure Attestation for validation
Output validation results

This demo only covers the first three steps.

Build and Run

# ./run.sh

Once successful, four different MAA format json files are saved in out dir. With the generated MAA format json files, users could continue on step 4 and 5 with general MAA service APIs to do validation.