How Attestation Works
Attestation is the process used to verify the contents and identity of an enclave. When an enclave is initialized or accessed, it generates and returns an attestation document, which is a block of data based on the enclave's attributes, generated by a feature of AWS Nitro enclaves. The document is signed by the hypervisor it is running on, and the key is signed by the AWS root key. There’s no way for Cape to forge this signature, so the document confirms that your secure enclave is as expected with the features that you requested.
Cape has added another layer of functionality to the attestation process to provide our customers with more peace of mind regarding our security. Cape verifies that your apps and data are going into a valid enclave by using Attestation and verifying the checksum of an application. Attestation proves that an enclave is a trustworthy entity based on the code and configuration running within a particular enclave. Checksums are tied to the application a user has deployed to ensure the user is indeed running that application.
With attestation, you can verify:
- Signatures & root certificate
- Key Management System (KMS) policy
- Platform Configuration Registers (PCR)
- Checksums (a Cape Privacy addition to the attestation process)
For further reading, please see https://docs.aws.amazon.com/enclaves/latest/user/set-up-attestation.html
Auditing the Enclave Image File (EIF)
The EIF is an image of the code that’s running within an enclave. Cape allows users to download the EIF and generate the measurements to confirm that the file matches what they expect (and approve) to be running in the enclave.
Platform Configuration Registers (PCR)
PCRs are cryptographic measurements of an enclave used to verify that no changes have been made to the software or hardware since it was created. PCRs include, but are not limited to:
- The build measurements of the enclave itself
- Measurements of the software running in the enclave
- User data in regard to the function loaded by a Cape user
PCRs are a series of hashes returned within an attestation document, and automatically verified with each connection to Cape. You can also receive a checksum from Cape in the form of a hash of your specific function prior to invocation. When the known good hashes match the measurements you receive from Cape, you can be confident that you’re using the right code and enclave.