History

chronal 2fd8f87432 Assignment 7 sgximpl: GNU GPLv3 License		2024-07-07 22:48:24 +02:00
..
employee_keys	[Assignment-7] add keys of Bob and Oskar	2024-07-06 17:52:46 +02:00
src	[Assignment-7] final	2024-07-07 22:33:11 +02:00
.gitkeep	[Assignment-7] Flake + App base	2024-07-03 16:16:24 +02:00
flake.lock	[Assignment-7] Flake + App base	2024-07-03 16:16:24 +02:00
flake.nix	[Assignment-7] update flake and add missing enclave files	2024-07-06 17:42:39 +02:00
LICENSE	Assignment 7 sgximpl: GNU GPLv3 License	2024-07-07 22:48:24 +02:00
README.md	Assignment 7 sgximpl: readme compilation hint	2024-07-07 17:11:55 +02:00

Signature Relay for firmware

Documentation of

Compiling

This project can be compiled for simulation environments or directly on the hardware.

At project root type the command

$ make SGX_MODE=SIM

At project root type the command

$ make

This creates the following directory tree:

out
├── bin <- here is the executable binary file
└── obj <- here are the object files generated by the compiling process

Initialize the Enclave keypair by executing: ./signatureproxy proxysetup -pkey <sealed_proxy_key.bin> > <proxy_public_key.pem>

Create employee signature using ./signatureproxy employee -firm <firmware.bin> -ekey <employee_privat_key.pem> > <employee_signature.der> This step can also be done using OpenSSL: openssl dgst -sha256 -sign <employee_private_key.pem> -out <employee_signature.der> -in <firmware.bin>
Use the signature proxy to resign the firmware using ./signatureproxy proxy -pkey <sealed_proxy_key.bin> -epub <employee_public_key.der> -firm <firmware.bin> > <proxy_signature.der> The enclave verifies the employee signature and signs the firmware if the signature is valid.
Verify signature using cat <proxy_signature.der> | ./signatureproxy embedded -firm <firmware.bin> -ppub <proxy_public_key.pem> This step can also be done using OpenSSL: openssl dgst -sha256 -verify <proxy_public_key.pem> -signature <proxy-signature.der> <firmware.bin>