| <!DOCTYPE html> |
| <html lang="en-US"> |
| <head> |
| <meta charset="utf-8"> |
| <meta name="viewport" content="width=device-width,initial-scale=1"> |
| <title>Mutual Attestation: Why and How | Apache Teaclave (incubating)</title> |
| <meta name="generator" content="VuePress 1.9.7"> |
| <link rel="alternate" type="application/rss+xml" href="https://teaclave.apache.org/rss.xml" title="Apache Teaclave (incubating) RSS Feed"> |
| <link rel="alternate" type="application/atom+xml" href="https://teaclave.apache.org/feed.atom" title="Apache Teaclave (incubating) Atom Feed"> |
| <link rel="alternate" type="application/json" href="https://teaclave.apache.org/feed.json" title="Apache Teaclave (incubating) JSON Feed"> |
| <meta name="description" content="Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple."> |
| <meta property="article:modified_time" content="2023-06-07T06:50:15.000Z"> |
| <meta property="og:site_name" content="Apache Teaclave (incubating)"> |
| <meta property="og:title" content="Mutual Attestation: Why and How"> |
| <meta property="og:type" content="website"> |
| <meta property="og:url" content="https://teaclave.apache.org/docs/mutual-attestation/"> |
| <meta name="twitter:title" content="Mutual Attestation: Why and How"> |
| <meta name="twitter:url" content="https://teaclave.apache.org/docs/mutual-attestation/"> |
| <meta name="twitter:card" content="summary_large_image"> |
| <meta name="twitter:site" content="@ApacheTeaclave"> |
| |
| <link rel="preload" href="/assets/css/0.styles.7a68c1e3.css" as="style"><link rel="preload" href="/assets/js/app.416a7edd.js" as="script"><link rel="preload" href="/assets/js/6.cb964028.js" as="script"><link rel="preload" href="/assets/js/1.d73ee85d.js" as="script"><link rel="preload" href="/assets/js/90.67a108d9.js" as="script"><link rel="prefetch" href="/assets/js/10.dd5d6438.js"><link rel="prefetch" href="/assets/js/100.46160955.js"><link rel="prefetch" href="/assets/js/101.9f777f97.js"><link rel="prefetch" href="/assets/js/102.db34fcee.js"><link rel="prefetch" href="/assets/js/103.2c909920.js"><link rel="prefetch" href="/assets/js/104.62a09edf.js"><link rel="prefetch" href="/assets/js/105.1137ce46.js"><link rel="prefetch" href="/assets/js/106.7b874960.js"><link rel="prefetch" href="/assets/js/107.4acbae6d.js"><link rel="prefetch" href="/assets/js/108.dc9f4f34.js"><link rel="prefetch" href="/assets/js/109.a752bc7e.js"><link rel="prefetch" href="/assets/js/11.ae218e97.js"><link rel="prefetch" href="/assets/js/110.b94b1daf.js"><link rel="prefetch" href="/assets/js/111.5e1135dd.js"><link rel="prefetch" href="/assets/js/112.e62d88dd.js"><link rel="prefetch" href="/assets/js/12.1d03a56a.js"><link rel="prefetch" href="/assets/js/13.fc7df053.js"><link rel="prefetch" href="/assets/js/14.6ad08dcc.js"><link rel="prefetch" href="/assets/js/15.ac8415d3.js"><link rel="prefetch" href="/assets/js/16.196140b7.js"><link rel="prefetch" href="/assets/js/17.1555cdf6.js"><link rel="prefetch" href="/assets/js/18.c4ade0d2.js"><link rel="prefetch" href="/assets/js/19.1f86150d.js"><link rel="prefetch" href="/assets/js/2.f85cce33.js"><link rel="prefetch" href="/assets/js/20.0106ee82.js"><link rel="prefetch" href="/assets/js/21.551cda9a.js"><link rel="prefetch" href="/assets/js/22.a1deb586.js"><link rel="prefetch" href="/assets/js/23.bea9a769.js"><link rel="prefetch" href="/assets/js/24.a111f8c3.js"><link rel="prefetch" href="/assets/js/25.94b105d2.js"><link rel="prefetch" href="/assets/js/26.6eb02834.js"><link rel="prefetch" href="/assets/js/27.cb815dd7.js"><link rel="prefetch" href="/assets/js/28.95da7ad2.js"><link rel="prefetch" href="/assets/js/29.41c82c76.js"><link rel="prefetch" href="/assets/js/30.2d4f6457.js"><link rel="prefetch" href="/assets/js/31.f85c3079.js"><link rel="prefetch" href="/assets/js/32.6327034e.js"><link rel="prefetch" href="/assets/js/33.3db23b15.js"><link rel="prefetch" href="/assets/js/34.4b677f53.js"><link rel="prefetch" href="/assets/js/35.74c2bfa1.js"><link rel="prefetch" href="/assets/js/36.aac34e45.js"><link rel="prefetch" href="/assets/js/37.ba75de3f.js"><link rel="prefetch" href="/assets/js/38.25a187b5.js"><link rel="prefetch" href="/assets/js/39.a708e045.js"><link rel="prefetch" href="/assets/js/40.6961c007.js"><link rel="prefetch" href="/assets/js/41.33532c91.js"><link rel="prefetch" href="/assets/js/42.f5927854.js"><link rel="prefetch" href="/assets/js/43.223d6216.js"><link rel="prefetch" href="/assets/js/44.d8df7ac3.js"><link rel="prefetch" href="/assets/js/45.9a21ca3e.js"><link rel="prefetch" href="/assets/js/46.949f9fe6.js"><link rel="prefetch" href="/assets/js/47.ba103762.js"><link rel="prefetch" href="/assets/js/48.e7764c1b.js"><link rel="prefetch" href="/assets/js/49.d05175f8.js"><link rel="prefetch" href="/assets/js/5.0eeb0687.js"><link rel="prefetch" href="/assets/js/50.4240669f.js"><link rel="prefetch" href="/assets/js/51.b33563db.js"><link rel="prefetch" href="/assets/js/52.146509f4.js"><link rel="prefetch" href="/assets/js/53.72230e92.js"><link rel="prefetch" href="/assets/js/54.7d5c4465.js"><link rel="prefetch" href="/assets/js/55.f0e9528b.js"><link rel="prefetch" href="/assets/js/56.6aa20eb5.js"><link rel="prefetch" href="/assets/js/57.793df332.js"><link rel="prefetch" href="/assets/js/58.2c88c658.js"><link rel="prefetch" href="/assets/js/59.29946c67.js"><link rel="prefetch" href="/assets/js/60.987ce7ea.js"><link rel="prefetch" href="/assets/js/61.e911a08e.js"><link rel="prefetch" href="/assets/js/62.280f7f41.js"><link rel="prefetch" href="/assets/js/63.0f3bb444.js"><link rel="prefetch" href="/assets/js/64.2b6ea649.js"><link rel="prefetch" href="/assets/js/65.219b780b.js"><link rel="prefetch" href="/assets/js/66.96999c9e.js"><link rel="prefetch" href="/assets/js/67.c2dec1a1.js"><link rel="prefetch" href="/assets/js/68.42fec217.js"><link rel="prefetch" href="/assets/js/69.61ecb198.js"><link rel="prefetch" href="/assets/js/7.847a8d20.js"><link rel="prefetch" href="/assets/js/70.ae576e11.js"><link rel="prefetch" href="/assets/js/71.3578bb66.js"><link rel="prefetch" href="/assets/js/72.b649388b.js"><link rel="prefetch" href="/assets/js/73.c03d947c.js"><link rel="prefetch" href="/assets/js/74.74092564.js"><link rel="prefetch" href="/assets/js/75.f5fb1db6.js"><link rel="prefetch" href="/assets/js/76.5e90f553.js"><link rel="prefetch" href="/assets/js/77.0bf63761.js"><link rel="prefetch" href="/assets/js/78.04e1fbee.js"><link rel="prefetch" href="/assets/js/79.5f71740f.js"><link rel="prefetch" href="/assets/js/8.68e95cf5.js"><link rel="prefetch" href="/assets/js/80.5da4cdab.js"><link rel="prefetch" href="/assets/js/81.ce072043.js"><link rel="prefetch" href="/assets/js/82.25ce02b0.js"><link rel="prefetch" href="/assets/js/83.9f374702.js"><link rel="prefetch" href="/assets/js/84.d4de12eb.js"><link rel="prefetch" href="/assets/js/85.e934db2b.js"><link rel="prefetch" href="/assets/js/86.084c1fd9.js"><link rel="prefetch" href="/assets/js/87.fbf2870d.js"><link rel="prefetch" href="/assets/js/88.c480980d.js"><link rel="prefetch" href="/assets/js/89.6a5a74c1.js"><link rel="prefetch" href="/assets/js/9.be5ff211.js"><link rel="prefetch" href="/assets/js/91.7c7ba95c.js"><link rel="prefetch" href="/assets/js/92.0ae5dd81.js"><link rel="prefetch" href="/assets/js/93.5353cf22.js"><link rel="prefetch" href="/assets/js/94.f7d41210.js"><link rel="prefetch" href="/assets/js/95.5f5bed22.js"><link rel="prefetch" href="/assets/js/96.59de9d4b.js"><link rel="prefetch" href="/assets/js/97.0d914caf.js"><link rel="prefetch" href="/assets/js/98.d751f4be.js"><link rel="prefetch" href="/assets/js/99.2bb8c143.js"><link rel="prefetch" href="/assets/js/vuejs-paginate.8e583f31.js"> |
| <link rel="stylesheet" href="/assets/css/0.styles.7a68c1e3.css"> |
| </head> |
| <body> |
| <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><img src="/assets/img/logo.svg" alt="Apache Teaclave (incubating)" class="logo"> <span class="site-name can-hide" style="display:none;">Teaclave</span></a> <div class="links"><!----> <nav class="nav-links can-hide"><div class="nav-item"><a href="/" class="nav-link"> |
| ABOUT |
| </a></div><div class="nav-item"><a href="/powered-by/" class="nav-link"> |
| POWERED BY |
| </a></div><div class="nav-item"><a href="/community/" class="nav-link"> |
| COMMUNITY |
| </a></div><div class="nav-item"><a href="/download/" class="nav-link"> |
| DOWNLOAD |
| </a></div><div class="nav-item"><a href="/contributors/" class="nav-link"> |
| CONTRIBUTORS |
| </a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="DOCS" class="dropdown-title"><span class="title">DOCS</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/docs/" class="nav-link router-link-active"> |
| Teaclave |
| </a></li><li class="dropdown-item"><!----> <a href="/sgx-sdk-docs/" class="nav-link"> |
| Teaclave SGX SDK |
| </a></li><li class="dropdown-item"><!----> <a href="/trustzone-sdk-docs/" class="nav-link"> |
| Teaclave TrustZone SDK |
| </a></li><li class="dropdown-item"><h4> |
| APIS |
| </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/client-sdk-rust/" target="_self" rel="" class="nav-link external"> |
| Teaclave Client SDK (Rust) |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/client-sdk-python/" target="_self" rel="" class="nav-link external"> |
| Teaclave Client SDK (Python) |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/sgx-sdk/" target="_self" rel="" class="nav-link external"> |
| Teaclave SGX SDK |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/trustzone-sdk/optee-teec" target="_self" rel="" class="nav-link external"> |
| Teaclave TrustZone SDK (Host) |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/trustzone-sdk/optee-utee" target="_self" rel="" class="nav-link external"> |
| Teaclave TrustZone SDK (TA) |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/crates-enclave/" target="_self" rel="" class="nav-link external"> |
| Crates in Teaclave (Enclave) |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/crates-app/" target="_self" rel="" class="nav-link external"> |
| Crates in Teaclave (App) |
| <!----></a></li></ul></li></ul></div></div><div class="nav-item"><a href="/blog/" class="nav-link"> |
| BLOG |
| </a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="REPOS" class="dropdown-title"><span class="title">REPOS</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Teaclave |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-sgx-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Teaclave SGX SDK |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-trustzone-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Teaclave TrustZone SDK |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-java-tee-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Teaclave Java TEE SDK |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-website" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Teaclave Website |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="Apache Software Foundation" class="dropdown-title"><span class="title">ASF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://www.apache.org/" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| ASF Homepage |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/licenses/" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| License |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Sponsorship |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/security/" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Security |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Privacy |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Thanks |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/events/current-event.html" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Events |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div> <!----></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="/" class="nav-link"> |
| ABOUT |
| </a></div><div class="nav-item"><a href="/powered-by/" class="nav-link"> |
| POWERED BY |
| </a></div><div class="nav-item"><a href="/community/" class="nav-link"> |
| COMMUNITY |
| </a></div><div class="nav-item"><a href="/download/" class="nav-link"> |
| DOWNLOAD |
| </a></div><div class="nav-item"><a href="/contributors/" class="nav-link"> |
| CONTRIBUTORS |
| </a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="DOCS" class="dropdown-title"><span class="title">DOCS</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/docs/" class="nav-link router-link-active"> |
| Teaclave |
| </a></li><li class="dropdown-item"><!----> <a href="/sgx-sdk-docs/" class="nav-link"> |
| Teaclave SGX SDK |
| </a></li><li class="dropdown-item"><!----> <a href="/trustzone-sdk-docs/" class="nav-link"> |
| Teaclave TrustZone SDK |
| </a></li><li class="dropdown-item"><h4> |
| APIS |
| </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/client-sdk-rust/" target="_self" rel="" class="nav-link external"> |
| Teaclave Client SDK (Rust) |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/client-sdk-python/" target="_self" rel="" class="nav-link external"> |
| Teaclave Client SDK (Python) |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/sgx-sdk/" target="_self" rel="" class="nav-link external"> |
| Teaclave SGX SDK |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/trustzone-sdk/optee-teec" target="_self" rel="" class="nav-link external"> |
| Teaclave TrustZone SDK (Host) |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/trustzone-sdk/optee-utee" target="_self" rel="" class="nav-link external"> |
| Teaclave TrustZone SDK (TA) |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/crates-enclave/" target="_self" rel="" class="nav-link external"> |
| Crates in Teaclave (Enclave) |
| <!----></a></li><li class="dropdown-subitem"><a href="https://teaclave.apache.org/api-docs/crates-app/" target="_self" rel="" class="nav-link external"> |
| Crates in Teaclave (App) |
| <!----></a></li></ul></li></ul></div></div><div class="nav-item"><a href="/blog/" class="nav-link"> |
| BLOG |
| </a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="REPOS" class="dropdown-title"><span class="title">REPOS</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Teaclave |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-sgx-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Teaclave SGX SDK |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-trustzone-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Teaclave TrustZone SDK |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-java-tee-sdk" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Teaclave Java TEE SDK |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://github.com/apache/incubator-teaclave-website" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Teaclave Website |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="Apache Software Foundation" class="dropdown-title"><span class="title">ASF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://www.apache.org/" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| ASF Homepage |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/licenses/" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| License |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Sponsorship |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/security/" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Security |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Privacy |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Thanks |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://www.apache.org/events/current-event.html" target="_blank" rel="noopener noreferrer" class="nav-link external"> |
| Events |
| <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div> <!----></nav> <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><p class="sidebar-heading"><span>Try</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/docs/my-first-function/" class="sidebar-link">My First Function</a></li><li><a href="/docs/functions-in-python/" class="sidebar-link">Write Functions in Python</a></li><li><a href="/docs/builtin-functions/" class="sidebar-link">How to Add Built-in Functions</a></li><li><a href="/docs/azure-confidential-computing/" class="sidebar-link">Deploying Teaclave on Azure Confidential Computing Virtual Machines</a></li><li><a href="/docs/executing-wasm/" class="sidebar-link">Executing WebAssembly in Teaclave</a></li><li><a href="/docs/inference-with-tvm/" class="sidebar-link">Inference Task with TVM in Teaclave</a></li></ul></section></li><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>Design</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/docs/threat-model/" class="sidebar-link">Threat Model</a></li><li><a href="/docs/mutual-attestation/" aria-current="page" class="active sidebar-link">Mutual Attestation: Why and How</a></li><li><a href="/docs/access-control/" class="sidebar-link">Access Control in Teaclave</a></li><li><a href="/docs/build-system/" class="sidebar-link">Build System</a></li><li><a href="/docs/service-internals/" class="sidebar-link">Teaclave Service Internals</a></li><li><a href="/docs/adding-executors/" class="sidebar-link">Adding Executors</a></li><li><a href="/docs/papers-talks/" class="sidebar-link">Papers, Talks, and Related Articles</a></li></ul></section></li><li><section class="sidebar-group depth-0"><p class="sidebar-heading"><span>Contribute</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/docs/release-guide/" class="sidebar-link">Release Guide</a></li><li><a href="/docs/development-tips/" class="sidebar-link">Development Tips</a></li><li><a href="/docs/rust-guildeline/" class="sidebar-link">Rust Development Guideline</a></li></ul></section></li><li><section class="sidebar-group depth-0"><p class="sidebar-heading"><span>Codebase</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/docs/codebase/attestation/" class="sidebar-link">Attestation in Teaclave</a></li><li><a href="/docs/codebase/binder/" class="sidebar-link">Binder</a></li><li><a href="/docs/codebase/cli/" class="sidebar-link">Teaclave Command Line Tool</a></li><li><a href="/docs/codebase/common/" class="sidebar-link">Common Libraries</a></li><li><a href="/docs/codebase/config/" class="sidebar-link">Configurations in Teaclave</a></li><li><a href="/docs/codebase/crypto/" class="sidebar-link">Crypto Primitives</a></li><li><a href="/docs/codebase/dcap/" class="sidebar-link">Data Center Attestation Service</a></li><li><a href="/docs/codebase/docker/" class="sidebar-link">Teaclave Docker</a></li><li><a href="/docs/codebase/examples/" class="sidebar-link">Examples</a></li><li><a href="/docs/codebase/executor/" class="sidebar-link">Function Executors</a></li><li><a href="/docs/codebase/file-agent/" class="sidebar-link">File Agent</a></li><li><a href="/docs/codebase/function/" class="sidebar-link">Built-in Functions</a></li><li><a href="/docs/codebase/rpc/" class="sidebar-link">RPC</a></li><li><a href="/docs/codebase/runtime/" class="sidebar-link">Executor Runtime</a></li><li><a href="/docs/codebase/sdk/" class="sidebar-link">Client SDK</a></li><li><a href="/docs/codebase/services/" class="sidebar-link">Teaclave Services</a></li><li><a href="/docs/codebase/tests/" class="sidebar-link">Test Harness and Test Cases</a></li><li><a href="/docs/codebase/third-party/" class="sidebar-link">Third-Party Dependency Vendoring</a></li><li><a href="/docs/codebase/tools/" class="sidebar-link">Tools</a></li><li><a href="/docs/codebase/types/" class="sidebar-link">Types</a></li><li><a href="/docs/codebase/worker/" class="sidebar-link">Teaclave Worker</a></li></ul></section></li></ul> </aside> <main class="page"> <div class="theme-default-content content__default"><h1 id="mutual-attestation-why-and-how"><a href="#mutual-attestation-why-and-how" class="header-anchor">#</a> Mutual Attestation: Why and How</h1> <p>The standard procedure to establish a secure and trusted communication channel |
| from a client to an enclave is through remote attestation. However, when the |
| client itself is also an enclave and <em>mutual</em> trust between two enclaves is |
| required, we need additional design and implementation effort. The Teaclave |
| platform consists of multiple enclave services and most of the |
| enclave-to-enclave RPC communications need bidirectional authentication. This |
| document entails the methodology and process of Teaclave's mutual enclave remote |
| attestation.</p> <h2 id="problem"><a href="#problem" class="header-anchor">#</a> Problem</h2> <p>The identity of an enclave is defined through a pair of cryptographically secure |
| hash values, i.e., MRSIGNER and MRENCLAVE. MRSIGNER indicates the builder of the |
| enclave, thus shared by enclaves signed by the same party. MRENCLAVE is unique |
| to each individual enclave. Teaclave assumes that users do not trust the |
| software builder, so verifying MRSIGNER is not enough. For each enclave service |
| in Teaclave, it must strictly check the unique identity of the other enclaves it |
| communicates to through MRENCLAVE.</p> <p>Since the SGX enclave trusts no outside input, the MRENCLAVE should be |
| hard-coded into source files used for identity verification logic. Therefore, |
| changing the MRENCLAVE value an enclave tries to match against will change the |
| MRENCLAVE of the enclave itself. When two enclaves want to remotely attest each |
| other, it is impossible to decide which enclave is to be built first.</p> <h2 id="solution"><a href="#solution" class="header-anchor">#</a> Solution</h2> <p>Teaclave resolves this problem by relying on third-party auditors. We assume |
| that there will be several parties trusted by all participants of Teaclave's |
| computation tasks (cloud platforms, data providers, and customers, etc). The |
| source code and binaries of Teaclave are audited by these trusted parties. Once |
| the auditors decided that Teaclave is secure, they sign and publish the |
| identities of audited enclaves. The <em>public keys</em> of the auditors are |
| hard-coded in Teaclave enclave source via build time configuration, while the |
| enclave measures and their signatures are loaded from outside at runtime. Each |
| enclave will verify that the enclave measures are indeed signed by the auditors |
| before serving any requests.</p> <h2 id="in-the-repository"><a href="#in-the-repository" class="header-anchor">#</a> In the Repository</h2> <p>The <a href="https://github.com/apache/incubator-teaclave/tree/master/config/keys" target="_blank" rel="noopener noreferrer">keys</a> |
| directory in the source tree contain the key pairs of three fake auditing |
| parties for PoC purposes. Private keys are also included to deliver a smooth |
| build and test process. In production, builders of Teaclave should obtain the |
| public keys, enclave identities, and the signatures directly from the auditors.</p></div> <footer class="page-edit"><!----> <div class="last-updated"><span class="prefix">Last Updated:</span> <span class="time">6/7/2023, 6:50:15 AM</span></div></footer> <div class="page-nav"><p class="inner"><span class="prev"> |
| ← |
| <a href="/docs/threat-model/" class="prev"> |
| Threat Model |
| </a></span> <span class="next"><a href="/docs/access-control/"> |
| Access Control in Teaclave |
| </a> |
| → |
| </span></p></div> <div class="footer"> |
| Apache Teaclave (incubating) is an effort undergoing incubation at The Apache |
| Software Foundation (ASF), sponsored by the Apache Incubator. |
| Incubation is required of all newly accepted projects until a further review |
| indicates that the infrastructure, communications, and decision making process |
| have stabilized in a manner consistent with other successful ASF projects. While |
| incubation status is not necessarily a reflection of the completeness or |
| stability of the code, it does indicate that the project has yet to be fully |
| endorsed by the ASF. |
| Copyright © 2020 The Apache Software Foundation. |
| Licensed under the Apache License, Version 2.0. |
| Apache Teaclave, Apache, the Apache feather, and the Apache Teaclave project logo are either |
| trademarks or registered trademarks of the Apache Software Foundation. |
| </div></main></div><div class="global-ui"><!----></div></div> |
| <script src="/assets/js/app.416a7edd.js" defer></script><script src="/assets/js/6.cb964028.js" defer></script><script src="/assets/js/1.d73ee85d.js" defer></script><script src="/assets/js/90.67a108d9.js" defer></script> |
| </body> |
| </html> |
