RFC: Two-step signing feature

Question

RFC: Two-step signing feature

bigdata-memory opened this issue 3 years ago · comments

Description of the problem

Currently, Graphene has single step signing feature only which requires the access to the signing key pair on the local build system. However, for production use, the signing key generated by ISV usually is not stored on local build system. therefore, the two-step signing feature is important for platform deployment. for details, please refer to SGX Developer Reference P18

As of now, no official two-step signing support yet, but at this moment, there are two PRs are associated with it, they are PR #2528, #2596.

Hans Wang · Answer 1 · Sat Aug 14 2021 05:05:58 GMT+0800 (China Standard Time)

@bigdata-memory We want to include a built Graphene-SGX into a docker base image of an application for people to download to build their workspace for the application. If I don't want to include the signing key into the base image, what is the best way for the user who downloads the base image to sign the files for enclaves?

Gordon King · Answer 2 · Sat Aug 14 2021 12:29:58 GMT+0800 (China Standard Time)

@hanboa Thank you for this question, I think it could be a typical scenario that needs this two-step signing feature. In the production environment, the signing key is rare to be available to use in building environment/workspace, this feature is preferred in this case, basically, it generates signing material first. and then send this material to signing facility because the signing key usually located in that place and strictly protected. once got the signature data, it could continue to complete the whole signing process. please refer to the following one that is excerpted from SGX Developer Reference p20.

I hope the above is useful for you to apply this process to your working case, thanks.

Michał Kowalczyk · Answer 3 · Sat Aug 14 2021 20:31:48 GMT+0800 (China Standard Time)

@hanboa I think your case is completely unrelated to two-step signing, but maybe I'm missing something? What you need is just to ship a container with Graphene installed and probably some stub manifest written and then just let people finish the setup and then build the enclave and sign it.

What @bigdata-memory mentioned is the case where you want to use an HSM or a separate facility for signing, but this sounds unrelated to your problem (you just want to ship some preconfigured Graphene installation).

Hans Wang · Answer 4 · Wed Aug 18 2021 01:01:20 GMT+0800 (China Standard Time)

@mkow Thanks for the comment. In our case, the signer and the enclave runner are separated, so when the enclave runner builds the workspace with the pre-built Graphene-SGX to run their application inside the enclave, it may need the signer who provides the codes to sign the codes for the enclave runner to execute.

Michał Kowalczyk · Answer 5 · Wed Aug 18 2021 01:06:26 GMT+0800 (China Standard Time)

@hanboa: Sorry, but I just didn't understand your comment.

Hans Wang · Answer 6 · Wed Aug 18 2021 08:15:21 GMT+0800 (China Standard Time)

@mkow following your comments of "...let people finish the setup and then build the enclave and sign it.". People who finish the setup and build the enclave will need the ISV to sign it.

Dmitrii Kuvaiskii · Answer 7 · Tue Aug 31 2021 17:36:03 GMT+0800 (China Standard Time)

@hanboa writes:

People who finish the setup and build the enclave will need the ISV to sign it.

First, why is it important that the ISV signs the final enclave in your scenario? Typically, whoever finishes the setup (bundles the prebuilt Graphene-SGX binaries with the application binaries + application manifest) is responsible for signing -- you call these people enclave runners.

Second, if you really want the ISV to sign the final enclave, then why not just:

The enclave runner prepares the bundle <Graphene-SGX binaries + application binaries + application manifest>.
The enclave runner sends this bundle to the ISV signer.
The ISV signer signs this bundle (final enclave) -- the result of this signing process is the SIGSTRUCT file.
The ISV signer sends the SIGSTRUCT file to the enclave runner.
The enclave runner inspects the MRENCLAVE and possibly other fields in SIGSTRUCT to make sure MRENCLAVE correctly reflects the bundle that the enclave runner sent to the ISV in step 2.
Now we have two artifacts:
- The bundle (final enclave) prepared by the enclave runner
- The SIGSTRUCT file prepared by the ISV signer

Michał Kowalczyk · Answer 8 · Tue Aug 31 2021 17:50:11 GMT+0800 (China Standard Time)

@dimakuv: This is problematic, I don't think ISV should ever sign the enclave. It has no reasonable way to introspect the bundle and check what's actually being signed, it just gets a bunch of unknown binaries to sign. IMO it always has to be the last party which added/modified something in the enclave.

Michał Kowalczyk · Answer 9 · Fri Sep 10 2021 08:15:47 GMT+0800 (China Standard Time)

This was superseded by gramineproject/gramine#11, which is the design we'll implement.