⚙️
Morphisms: Confidential Serverless Containers
  • Introduction
  • Preliminaries
    • What is Confidential Computing?
      • Threat Model
      • Intel SGX
        • Threat Model
        • Memory Layout
        • Memory encryption
        • Enclave Lifecycle
        • Entering and Exiting an Enclave
        • Measurement
        • Certificate
        • Key Derivation
        • Attestation
        • Gramine
        • SGX2
        • Secret Key Provisioning
      • AMD SEV-SNP
        • Encrypted CPU Registers
        • Memory encryption
        • Secure Nested Paging
        • Virtual Machine Privilege Levels (VMPL's)
        • Cryptographic Keys
        • Secret Key Provisioning
        • Guest Deployment
    • Serverless (FaaS)
      • Knative
  • Confidential Serverless Containers
    • Introduction
    • Intel SGX
      • Threat Model
      • Remote attestation verification
      • Secure Storage
        • HashiCorp's Vault
      • Architecture
        • Confidential Knative
        • Certificates
        • Session Management
      • Confidential Container Configuration
    • AMD SEV-SNP
      • Threat Model
      • Architecture
        • Network communication
        • KMS
        • Updates
        • Key rotation
      • Design Decision
  • Benchmarks
    • Hardware
    • Results
    • Architecture Comparison
  • Getting Started
    • FAQ
    • Intel SGX
    • AMD SEV-SNP
  • Glossary
    • SGX Glossary
    • AMD SEV-SNP Glossary
Powered by GitBook
On this page
  1. Preliminaries
  2. What is Confidential Computing?
  3. Intel SGX

Certificate

Prior to EINIT, each enclave must be signed by the enclave author by issuing a certificate for it. Intel SGX supports only 3072-bit RSA as a signing algorithm, with the public exponent always set to 3. It is the enclave author's responsibility to store the corresponding private key securely, for example in a hardware security module. In addition, the enclave author must be whitelisted by Intel in a production environment and will be verified by EINIT. These certificates are called SIGSTRUCT and include the MRENCLAVE, an enclave product ID, the security version number (SVN), the enclave attributes in the SECS, and a vendor field. The product ID is used to identify the software version of an enclave, and the security version number is incremented when a security update is released. Secrets of the same enclave can only be migrated from enclaves with a lower security number to enclaves with a higher security number (enclave-to-enclave secret migration is not required). An enclave's SECS also contains a value called MRSIGNER, which is the SHA2-256 hash of the enclave's author's public key used to verify certificates. This assigns the enclaves to the enclave author and is synonymous with the author's identity. If a certificate does not exist when EINIT is invoked, EINIT will fail.

PreviousMeasurementNextKey Derivation

Last updated 1 year ago