Attestation examples

Example: Local attestation

This example shows you how to use the EREPORT functionality of the CPU to generate local attestation reports. Refer to the Intel SGX documentation for more information about the EREPORT instruction.

Add the following to the [dependencies] section in your crate's Cargo.toml:

sgx-isa = { version = "0.2", features = ["sgxstd"] }

Local attestation reports are always generated for a particular target enclave. You must first obtain the Targetinfo for that enclave. You can call Report::for_self to get the Targetinfo for you own enclave.

use sgx_isa::{Report, Targetinfo};

let targetinfo = Targetinfo::from(Report::for_self());

Once you have the Targetinfo, you can call Report::for_target. For example, here's a simple TCP server that will generate local attestations on request.

use std::net::{TcpListener, TcpStream};
use std::io::{self, Read, Write};

fn main() -> io::Result<()> {
    for stream in TcpListener::bind("localhost:0")?.incoming() {
        let mut stream = stream?;

        // Read targetinfo from stream
        let targetinfo = read_targetinfo(&mut stream)?;

        // Issue local attestation report
        let report = Report::for_target(&targetinfo, &[0; 64]);

        // Write report to stream
        stream.write_all(report.as_ref())?;
    }
    Ok(())
}

And the definition of read_targetinfo:

fn read_targetinfo(stream: &mut TcpStream) -> io::Result<Targetinfo> {
    let mut buf = [0; Targetinfo::UNPADDED_SIZE];
    stream.read_exact(&mut buf)?;
    if !stream.read(&mut [0]).ok().map_or(false, |n| n == 0) {
        return Err(io::ErrorKind::InvalidData.into())
    }
    // unwrap ok: array is correct size
    Ok(Targetinfo::try_copy_from(&buf).unwrap())
}