39-6 Vol. 3D
ENCLAVE OPERATION
The values of the Measurement Registers are included in attestations to identify the enclave to remote parties. The
MRs are also included in most keys, binding keys to enclaves with specific MRs.
39.4.1.1 MRENCLAVE
MRENCLAVE is a unique 256 bit value that identifies the code and data that was loaded into the enclave during the
initial launch. It is computed as a SHA256 hash that is initialized by the ECREATE leaf function. EADD and EEXTEND
leaf functions record information about each page and the content of those pages. The EINIT leaf function finalizes
the hash, which is stored in SECS.MRENCLAVE. Any tampering with the build process, contents of a page, page
permissions, etc will result in a different MRENCLAVE value.
Figure 39-2 illustrates a simplified flow of changes to the MRENCLAVE register when building an enclave:
•
Enclave creation with ECREATE.
•
Copying a non-enclave source page into the EPC of an un-initialized enclave with EADD.
•
Updating twice of the MRENCLAVE after modifying the enclave’s page content, i.e. EEXTEND twice.
•
Finalizing the enclave build with EINIT.
Details on specific values inserted in the hash are available in the individual instruction definitions.
39.4.1.2 MRSIGNER
Each enclave is signed using a 3072 bit RSA key. The signature is stored in the SIGSTRUCT. In the SIGSTRUCT, the
enclave's signer also assigns a product ID (ISVPRODID) and a security version (ISVSVN) to the enclave.
MRSIGNER is the SHA-256 hash of the signer's public key.
In attestation, MRSIGNER can be used to allow software to approve of an enclave based on the author rather than
maintaining a list of MRENCLAVEs. It is used in key derivation to allow software to create a lineage of an applica-
tion. By signing multiple enclaves with the same key, the enclaves will share the same keys and data. Combined
with security version numbering, the author can release multiple versions of an application which can access keys
for previous versions, but not future versions of that application.
Figure 39-2. Measurement Flow of Enclave Build Process
SHA_INIT
MRENCLAVE
SHA_UPDATE
MRENCLAVE
SHA_UPDATE
MRENCLAVE
SHA_UPDATE
MRENCLAVE
SHA_FINAL
MRENCLAVE
Page
Metadata
Data
Chunk 1
Data
Chunk 2
Chunk 1
Metadata
Chunk 2
Metadata
ECREATE
EADD
EEXTEND
EEXTEND
EINIT