Assignment-7-sgximpl #13

Merged
saschato merged 62 commits from Assignment-7-sgximpl into Assignment-7 2024-07-08 11:03:28 +02:00
Showing only changes of commit ee1b66a24b - Show all commits

View file

@ -6,6 +6,16 @@ For more informationm, read the [project description](doc/abgabe.pdf).
We recommend viewing the [repository](https://git.pfzetto.de/RubNoobs/Systemsicherheit/src/branch/Assignment-7-sgximpl/7-SGX_Hands-on) we worked on together at. We recommend viewing the [repository](https://git.pfzetto.de/RubNoobs/Systemsicherheit/src/branch/Assignment-7-sgximpl/7-SGX_Hands-on) we worked on together at.
## Requirements
You will need the latest version of OpenSSL.
Execute the following command to automatically meet all requirements.
```bash
$ ./src/setup
```
## Compiling ## Compiling
This project can be compiled for simulation environments or directly on the hardware. This project can be compiled for simulation environments or directly on the hardware.
@ -26,20 +36,26 @@ At project root type the command
$ make $ make
``` ```
This creates the following directory tree: That creates all the necessary objects and binaries to execute.
The executable binary will be `src/signatureproxy`.
``` ## Running
out
├── bin <- here is the executable binary file ## Running story
└── obj <- here are the object files generated by the compiling process
``` To execute an example usage of the project, execute `./src/simulate`.
Note, that this will only work, if you sucessfully compiled the project.
## Manual Usage
### Setup
Go to the `src` directory.
# Usage
## Setup
Initialize the Enclave keypair by executing: Initialize the Enclave keypair by executing:
`./signatureproxy proxysetup -pkey <sealed_proxy_key.bin> > <proxy_public_key.pem>` `./signatureproxy proxysetup -pkey <sealed_proxy_key.bin> > <proxy_public_key.pem>`
## Sign ### Sign
1. Create employee signature using `./signatureproxy employee -firm <firmware.bin> -ekey <employee_privat_key.pem> > <employee_signature.der>` 1. Create employee signature using `./signatureproxy employee -firm <firmware.bin> -ekey <employee_privat_key.pem> > <employee_signature.der>`
This step can also be done using OpenSSL: `openssl dgst -sha256 -sign <employee_private_key.pem> -out <employee_signature.der> -in <firmware.bin>` This step can also be done using OpenSSL: `openssl dgst -sha256 -sign <employee_private_key.pem> -out <employee_signature.der> -in <firmware.bin>`
2. Use the signature proxy to resign the firmware using `./signatureproxy proxy -pkey <sealed_proxy_key.bin> -epub <employee_public_key.der> -firm <firmware.bin> > <proxy_signature.der>` 2. Use the signature proxy to resign the firmware using `./signatureproxy proxy -pkey <sealed_proxy_key.bin> -epub <employee_public_key.der> -firm <firmware.bin> > <proxy_signature.der>`