Jinzhao Attest provides unified attestation workflows for TEE compatibility, usability, and security.
.----------------------------.
.---->| Unified Attestation Report +----.
| '----------------------------' |
| Unified Attestation Interface | Unified Attestation Interface
| (Report Generation) | (Report Verification)
| v
.-------+-------. .--------------.
| TEE Platforms | | Verifier |
'-------+-------' '--------------'
| ^
| |
| .----------------------------. |
'---->| Unified Attestation Policy +----'
'----------------------------'
The following table shows all the TEE platforms we currently support, and the supported interfaces for each TEE platform.
TEE platforms | UAR Generation | UAR Verification |
---|---|---|
Intel SGX1 | Yes | Yes |
Intel SGX2 | Yes | Yes |
HyperEnclave | Yes | Yes |
Kunpeng Trustzone | No | Yes |
Hygon CSV | No | Yes |
git submodule update --init --recursive
./dockerenv.sh --init # create the container instance
./dockerenv.sh --exec # enter the container instance
In the development environment container, run the following command:
./build.sh --with-samples --mode SIM
NOTES: SIM mode is used here, which means you can try the quick start in the environment without TEE. If you want to try it in real TEE, you need to setup the TEE and configure remote attestation firstly. For example, in SGX2 platform, you need to register the platform to PCCS, and set the PCCS URL in /etc/sgx_default_qcnl.conf and in /etc/kubetee/unified_attestation.json (or by environment variable UA_ENV_PCCS_URL). For How to setup the PCCS, please refer to Intel DCAP document.
In the development environment container, run any application samples, for example, report generation sample like this:
mkdir /etc/kubetee
cp ./deployment/conf/unified_attestation.json /etc/kubetee/
cd build/out
./app-sample-unified-attestation-generation
./app-sample-unified-attestation-verification-untrusted
Jinzhao Attest provides UAL which can be integrated into an application with SGX SDK, Occlum LibOS, or without TEE at all.
Please choose C++ or C ABI header files according to your programming language.
Header files for C++ programming language: have almost all the public interfaces
Header files for other programming languages which are compatible with C ABI: have limited public interfaces
This step is only for SGX-liked TEE platforms and SGX-SDK development model
In different TEE platforms and different development containers(see also dockerenv.sh), you will build out different libraries:
NOTES: Please refer to the example applications in the ./samples directory for more details.
Anyone is welcome to provide any form of contribution, for example:
Please check CONTRIBUTING.md.
Please check LICENSE for details.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。