Remote Attestation

An important aspect of TEE’s is the ability to perform remote attestation to assess the trustworthiness of the setup. The attester wants to convince the challenger that it is a genuine enclave running on an up-to-date platform. Based on the enclave’s attested attributes, the challenger decides whether to trust the enclave or not.

An attestation requires the validation of the software source code, and recreation of the measurement hash. This only works if the software is deterministically reproducible, which means the binary executable created by compiling the source code can be reproduced byte-for-byte when recompiling it (on the same or a different machine). The measurement hash can be recreated by anyone with the binary, so it is relatively easy to verify (no need for special hardware).

Commonly, remote attestation is used to establish an attested secure channel to provision secrets to the enclave.