occlum

History

Zheng, Qi dd295c1391 [demos] Refactor and update the Azure attestation demos		2022-08-02 14:38:35 +08:00
..
config	[demos] Refactor and update the Azure attestation demos	2022-08-02 14:38:35 +08:00
gen_quote	[demos] Refactor and update the Azure attestation demos	2022-08-02 14:38:35 +08:00
maa.yaml	[demos] Refactor and update the Azure attestation demos	2022-08-02 14:38:35 +08:00
README.md	[demos] Refactor and update the Azure attestation demos	2022-08-02 14:38:35 +08:00
run.sh	[demos] Refactor and update the Azure attestation demos	2022-08-02 14:38:35 +08:00

README.md

Sample code for Occlum Remote Attestation to generate Microsoft Azure Attestation json file

References

Part of the sample code, specifically the part to generate MAA format json file, is derived from the Sample code for Intel® SGX Attestation using Microsoft Azure Attestation service and Intel® SGX SDK for Linux OS

Overview

The full Microsoft Azure Attestation flow includes generating a quote in an SGX enclave and then get it validated by the Microsoft Azure Attestation (MAA) service.

There are five steps for a full flow MAA.

Build an SGX enclave
Launch an SGX enclave and get SGX quote
Persist SGX quote and Enclave Held Data (EHD) to JSON file
Call Azure Attestation for validation
Output validation results

This demo only covers the first three steps.

Build and Run

# ./run.sh

Once successful, four different MAA format json files are saved in out dir. With the generated MAA format json files, users could continue on step 4 and 5 with general MAA service APIs to do validation.