This file defines macros for SGX evidence format IDs and claims.
A number of SGX specific format IDs are defined for evidence generation and verification.
The API function oe_get_evidence() supports the values listed below in its format_id parameter. The output evidence will be prefixed with an oe_attestation_header if the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit in its flags parameter is set.
The API function oe_verify_evidence() supports the values listed below in its format_id parameter.
- The input evidence is generated by oe_get_evidence(), with the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit set in its flags parameter.
- The input evidence is generated by oe_get_evidence() for format OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION, with the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit cleared in its flags parameter.
- The input evidence is generated by oe_get_evidence() for format OE_FORMAT_UUID_SGX_ECDSA, with the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit cleared in its flags parameter.
- The input evidence is an OE report generated by the legacy API function oe_get_report() with the OE_REPORT_FLAGS_REMOTE_ATTESTATION flag.
- The input evidence is an SGX ECDSA quote generated by the Intel SGX SDK DCAP library, or the quote-ex library with algorithm ID SGX_QL_ALG_ECDSA_P256.
The table below shows the structure of the evidence data for all the supported SGX format IDs, as generated by an attester plugin or verified by a verifier plugin.
Format ID | Evidence structure |
OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION | [ oe_attestation_header ] || SGX_report(hash) || custom_claims_buffer |
OE_FORMAT_UUID_SGX_ECDSA | [ oe_attestation_header ] || SGX_ECDSA_quote(hash) || custom_claims_buffer |
OE_FORMAT_UUID_SGX_EPID_LINKABLE | [ oe_attestation_header ] || SGX_EPID_linkable_quote(custom_claims_buffer) |
OE_FORMAT_UUID_SGX_EPID_UNLINKABLE | [ oe_attestation_header ] || SGX_EPID_unlinkable_quote(custom_claims_buffer) |
OE_FORMAT_UUID_LEGACY_REPORT_REMOTE | oe_report_header (for remote attestation) || SGX_ECDSA_quote(custom_claims_buffer) |
OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA | SGX_ECDSA_quote(custom_claims_buffer) |
In the above table:
- The optional header oe_attestation_header is a structure of type oe_attestation_header_t.
- For every format supported by oe_get_evidence(), the evidence will be prefixed with an oe_attestation_header when the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit in its flags parameter is set. oe_report_header is the OE report header of type oe_report_header_t.
- hash is the SHA256 hash of the custom claims held in a flat buffer custom_claims_buffer.
- An SGX report (SGX_report(), of type sgx_report_t) or quote (SGX_*quote(), of type sgx_quote_t) embeds a flat buffer of 64 bytes for its SGX report data field. Depending on the format, this field holds either the hash of the custom claims, or the custom claims directly.