# Signature Relay for firmware Documentation of the Assignment 7 in Systems Security at Ruhr-Universität Bochum. This is a program, that uses a TEE to build a signature relay to sign firmware with a master key. For more informationm, read the [project description](doc/abgabe.pdf). We recommend viewing the [repository](https://git.pfzetto.de/RubNoobs/Systemsicherheit/src/branch/Assignment-7-sgximpl/7-SGX_Hands-on) we worked on together at. ## Compiling This project can be compiled for simulation environments or directly on the hardware. 1. **Simulated environment** At project root type the command ```bash $ make SGX_MODE=SIM ``` 2. **Hardware** At project root type the command ```bash $ make ``` This creates the following directory tree: ``` out ├── bin <- here is the executable binary file └── obj <- here are the object files generated by the compiling process ``` # Usage ## Setup Initialize the Enclave keypair by executing: `./signatureproxy proxysetup -pkey > ` ## Sign 1. Create employee signature using `./signatureproxy employee -firm -ekey > ` This step can also be done using OpenSSL: `openssl dgst -sha256 -sign -out -in ` 2. Use the signature proxy to resign the firmware using `./signatureproxy proxy -pkey -epub -firm > ` The enclave verifies the employee signature and signs the firmware if the signature is valid. 3. Verify signature using `cat | ./signatureproxy embedded -firm -ppub ` This step can also be done using OpenSSL: `openssl dgst -sha256 -verify -signature ` ## License Everything we did ourselves is licensed under the [GNU GPLv3 License](./LICENSE) ## Contributors - Benjamin Haschka - Sascha Tommasone - Paul Zinselmeyer