Under-development
This project is still under development, any feedback and contribution on this project would be helpful 😃
Attestation ​
As explained before, attestation is one of the core aspects of Confidential Computing.
In this section we are going to detail the theory behind while explaining the security protocols and communications that comes into place.
For more detailed and practical use-cases for each TEE implementation, see the following chapters depending on each TEE.
Local Attestation vs Remote Attestation ​
An Enclave or a Confidential VM has two ways of attesting itself.
Local attestation can be used to attest an enclave locally on the same machine. This can be used to attest an enclave against another one on the same machine.
Remote attestation is used to attest a enclave remotely. A way to verify a machine from a remote user.
Remote Attestation ​
The following part is a theoretical part, it defines the concepts and keywords around the remote attestation and the crucial roles that needs to be connected together.
An RFC defines the multiple roles and definitions around the Remote Attestation.
Who does what ? ​
Remote Attestation is usually defined by three roles : the Attester, the Verifier and the Third Party.
The Attester ​
The Attester creates the evidence. It defines the platform that has the secure processor and is able to generate the evidence.
The Verifier ​
The Verifier uses the evidence generated by the attester (among other information such as the appraisal policy - Security policy) to produce the attestation results that are used by the relying party. In pratice, the verifier could be a Certificate Authority, that helps verify the certificate chain in the evidence and other information against the policy expected so that the relying party could trust the attester.
The relying Party ​
The relying party