Re-attestation

Although we can provide software guarantees that the boot cycle is secure, we still want others to be able to verify that nothing has changed(new evidence hasn’t been exchanged with what we have stored).

While attestation can verify a platform's trustworthiness, it mainly focuses on measurements taken during boot or launch. Intel argues that there is a significant gap in runtime integrity measurement, and have been developing an Integrity Measurement Architecture(IMA) in the Linux kernel. It is used to validate that the programs and applications running on the server are measurable and verifiable during runtime. Low level monitoring of enclave integrity is a useful feature to be sure, providing hardened guarantees that the enclave behaves as expected, but we can use a blockchain and external verifiers to accomplish the same goal.

This brings us to the second purpose of the accumulator. Instead of performing runtime integrity monitoring of the enclave we can use our blockchain to every so often compare the hash of the enclave measurement to the value stored on-chain(given during the initial boot-cycle) when our computation node fetches the smart contract from state. This demonstrates to us that nothing has changed from the initial launch cycle and is considered to be a re-attestation.