This sample demonstrates how to execute Remote Attestation on SGX with [librats](https://github.com/inclavare-containers/librats) and run it with iwasm. It can only build on [SGX supported processors](https://www.intel.com/content/www/us/en/support/articles/000028173/processors.html), please check it.
Before starting, we need to download and install [SGX SDK](https://download.01.org/intel-sgx/latest/linux-latest/distro) and [SGX DCAP Library](https://download.01.org/intel-sgx/latest/dcap-latest) referring to this [guide](https://download.01.org/intel-sgx/sgx-dcap/1.8/linux/docs/Intel_SGX_DCAP_Linux_SW_Installation_Guide.pdf).
You can optionally grant users to communicate with the SDK platform using the following command.
Otherwise, enclaves must be launched with root privileges.
```shell
sudo usermod -a -G sgx_prv <username>
```
### Intel Provisioning Certification Service (Intel PCS)
Intel DCAP connects to Intel PCS to download the attestation collateral for SGX-enabled machines.
Intel provides a [quick install guide](https://www.intel.com/content/www/us/en/developer/articles/guide/intel-software-guard-extensions-data-center-attestation-primitives-quick-install-guide.html) to set up a simplified environment.
Set the PCCS service to accept local connections only? [Y] (Y/N)
```
Answer "N" to this question. We want the PCCS service to accept connections from other systems.
```
Set your Intel PCS API key (Press ENTER to skip)
```
Enter either your primary or secondary key retrieved from the previous subsection.
If you already subscribed, you can retrieve them [here](https://api.portal.trustedservices.intel.com/developer).
```
Choose caching fill method : [LAZY] (LAZY/OFFLINE/REQ)
```
Answer "REQ" to this question. This places the caching service in the "on request" mode, which means it will fetch the attestation collateral for hosts as provisioning requests are received.
```
Set PCCS server administrator password:
Re-enter administrator password:
Set PCCS server user password:
Re-enter user password:
```
Enter two passwords for the PCCS server.
```
Do you want to generate insecure HTTPS key and cert for PCCS service? [Y] (Y/N)
Adapt the configuration file of `PCKIDRetrievalTool` located in `/opt/intel/sgx-pck-id-retrieval-tool/network_setting.conf` and make the following changes:
- Change the **PCCS_URL** to match your caching service's location.
- Uncomment the **user_token** parameter, and set it to the user password you created when configuring the PCCS.
- Set the **proxy_type** to fit your environment (most likely, this will be `direct`)
- Ensure **USE_SECURE_CERT** is set to `FALSE` since we're using a self-signed certificate for testing purposes.
In case of validation issues expressed as a value of `0xeXXX`, the corresponding error reason is explained in [this header file](https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/quote_wrapper/common/inc/sgx_ql_lib_common.h).
## Validate quotes on non-SGX platforms
Quotes created on an Intel SGX platform can also be verified on systems that do not support SGX (e.g., a different CPU architecture).
This scenario typically arises when deploying trusted applications in a cloud environment, which provides confidential computing.
For that purpose, we are required to install a subset of Intel SGX libraries to support quote validation.
The steps below highlight how to set up such an environment.
$ cd SGXDataCenterAttestationPrimitives/tools/PccsAdminTool
$ sudo apt-get install -y python3 python3-pip
$ pip3 install -r requirements.txt
# Configuring the Intel PCCS. Input the PCS/PCCS password as requested.
# 1. Get registration data from PCCS service
./pccsadmin.py get
# 2. Fetch platform collateral data from Intel PCS based on the registration data
./pccsadmin.py fetch
# 3. Put platform collateral data or appraisal policy files to PCCS cache db
./pccsadmin.py put
# 4. Request PCCS to refresh certificates or collateral in cache database
./pccsadmin.py refresh
```
### Validation of the quotes
The Wasm application can then be modified to validate precomputed quotes using the exposed function `librats_verify`.
Alternatively, the underlying library `librats` may be directly used if the non-SGX platforms do not execute WebAssembly code (without WAMR).
Examples are provided in the directory [non-sgx-verify/](non-sgx-verify/).
### Claims validation
Once the runtime has validated the signature of the quote, the application must also check the other claims embedded in the quote to ensure they match their expected value.
The documentation _Data Center Attestation Primitives: Library API_ describes in Section _3.8 Enclave Identity Checking_ defines the claims for the user to check.
Here is a summary of them:
- **Enclave Identity Checking**: either check the hash _MRENCLAVE_ (the enclave identity) or _MRSIGNER_ and the _product id_ (the software provider identity).
- **Verify Attributes**: production enclaves should not have the _Debug_ flag set to 1.
- **Verify SSA Frame extended feature set**
- **Verify the ISV_SVN level of the enclave**: whenever there is a security update to an enclave, the ISV_SVN value should be increased to reflect the higher security level.
- **Verify that the ReportData contains the expected value**: This can be used to provide specific data from the enclave or it can be used to hold a hash of a larger block of data which is provided with the quote. Note that the verification of the quote signature confirms the integrity of the report data (and the rest of the REPORT body).
- [Intel SGX Software Installation Guide For Linux OS](https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_SW_Installation_Guide_for_Linux.pdf)
- [Documentation of the PCCS administration tool](https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/tools/PccsAdminTool/README.txt)
