# Signature Relay for firmware Documentation of the Assignment 7 in Systems Security at Ruhr-Universität Bochum. This is a program, that uses a TEE to build a signature relay to sign firmware with a master key. For more informationm, read the [project description](doc/abgabe.pdf). We recommend viewing the [repository](https://git.pfzetto.de/RubNoobs/Systemsicherheit/src/branch/master/Assignment 7 - SGX Hands-on) we worked on together at. ## Requirements You will need the latest version of OpenSSL. Execute the following command inside the src directory to automatically meet all requirements. ```bash $ ./setup ``` ## Compiling This project can be compiled for simulation environments or directly on the hardware. 1. **Simulated environment** In the src directory type the command ```bash $ make SGX_MODE=SIM ``` 2. **Hardware** In the src directory type the command ```bash $ make ``` That creates all the necessary objects and binaries to execute. The executable binary will be `src/signatureproxy`. ## Running ## Running story To execute an example usage of the project, execute `./simulate` in src directory. Note, that this will only work, if you sucessfully compiled the project. ## Manual Usage ### Setup Go to the `src` directory. Initialize the Enclave keypair by executing: `./signatureproxy proxysetup -pkey > ` ### Sign 1. Create employee signature using `./signatureproxy employee -firm -ekey > ` This step can also be done using OpenSSL: `openssl dgst -sha256 -sign -out -in ` 2. Use the signature proxy to resign the firmware using `./signatureproxy proxy -pkey -epub -firm > ` The enclave verifies the employee signature and signs the firmware if the signature is valid. 3. Verify signature using `cat | ./signatureproxy embedded -firm -ppub ` This step can also be done using OpenSSL: `openssl dgst -sha256 -verify -signature ` ## License Everything we did ourselves is licensed under the [GNU GPLv3 License](./LICENSE) ## Contributors - Benjamin Haschka - Sascha Tommasone - Paul Zinselmeyer