Enarx
Last updated
Enarx is CPU-architecture independent, letting developers deploy the same application code transparently across multiple targets. It provides a single runtime and attestation framework which is hardware vendor and CSP neutral.
Enarx uses wasmtime as a runtime for WebAssembly, and if a Wasm application runs well in wasmtime, it should work equally well on Enarx
Enarx provides attestation, packaging and provisioning of the application to take place in a way which is transparent to the user. Every instance of an application goes through three steps:
Attestation: Enarx checks that the host to which you’re planning to deploy is a genuine TEE instance.
Packaging: Once the attestation is complete and the TEE instance verified, the Enarx management component encrypts the application, along with any required data.
Provisioning: Enarx then sends the application and data along to the host for execution in the Enarx Keep.
At no point is the host system able to look inside or change the code or data within a Keep.
Steward, which is a confidential computing aware certificate authority, performs an attestation process that receives via an HTTP Post a CSR(Certificate Signed Request) with an extension, which encodes the evidence of the attestor within the CSR. An attestation report is directly generated by the hardware and includes a vendor CRL(Certificate Revocation List). Several features are checked such as if the attestation report signature matches the CPU public key and report body and if the CPU’s certificate is in the PKI chain from the Vendor CA to the intermediate cert and following the CPU certificate.
Drawbridge is a confidential-computing aware workload repository which releases to Enarx if it authenticates with a Steward-signed certificate. This workload data is stored as a merkle tree and uses OpenID Connect to handle authentication through a provider.
The two supported hardware vendors AMD and Intel have slight differences in the CSR to be checked. In AMD the CSR extension must ensure unused parts of the report are zeroed and the policy flags specific to AMD are configured in an appropriate way. The Intel extension has the additional checks that are performed when the TCB report is sent to ensure that the firmware is updated and that Intel advisories for the firmware are included. Additionally there is a signing certificate and signature for the TCB to guarantee it is part of Intel’s PKI chain, the update date for the TCB hasn’t passed, and the signature is valid. Steward checks that the FMPSC(Flexible Microcode Signing Platform Configuration) from the public key matches the TCB report. This uniquely identifies the platform and its security properties. Differences are noted that hashes required for AMD are SHA-384 while Intel requires SHA-256.
Enarx, Steward and Drawbridge work together to facilitate the attestation process. When an application is deployed the following steps occur: Enarx communicates with Drawbridge to obtain the URL of the Steward. Enarx calculates the hash of the intended workload and creates an empty enclave(Keep). It then asks the CPU for an attestation report including the workload hash. Enarx generates a private key, CSR, adds the attestation report to the CSR as an extension and sends the CSR to the Steward for validation. Steward validates the CSR and responds with a signed certificate. Enarx authenticates itself to Drawbridge which ensures the Enarx certificate is in Steward’s PKI chain, and if so, responds with the workload back to Enarx. Enarx ensures the workload’s hash matches the expected hash which allows the application to run using the Steward-signed certificate to communicate with third parties.
