CARV
CARVPlayPortalProtocol
  • Overview
    • Introducing CARV
  • SVM - AI AGENTIC CHAIN
    • Introduction
      • Architecture
      • AI Agent in TEE environment
      • CARV Verifier Nodes
    • Quick Start
      • Bridge Token
      • Explorer
      • Command line tool
      • Reading from CARV SVM Network
      • Writing to the Network
      • Network Info
  • D.A.T.A. - AI FRAMEWORK
    • Introduction
      • DeepSeek Integration
      • D.A.T.A's Core Features
      • How It Empowers AI Agents
      • Driving the Future of AI and Blockchain
      • Leveraging CARV SVM Chain for Privacy and Trustless Data Sharing
    • Quick Start Guide
    • Architecture
    • ERC-7231 (CARV ID)
    • Examples
      • On-Chain Insights
    • Getting Started
      • D.A.T.A Framework Plugin for Eliza
    • Use Cases and Implementation
      • Getting On-Chain Data for AI Agents
      • What's Coming with the D.A.T.A Framework
    • API Documentation
      • News
      • On-chain Data SQL Query
        • Ethereum Schema
        • Bitcoin Schema
        • Base Schema
        • Solana Schema
      • On-chain Data SQL Query by LLM
      • Token Info and Price
      • User Balance by Twitter ID
      • User Balance by Discord ID
  • CARV Ecosystem
    • CARV Play
      • Portal Access
      • Integration Guide
        • .Play Name Service Integration
        • API-Verified Quest (RESTFUL)
        • API-Verified Quest (GraphQL)
        • CARV ID OAuth 2.0
        • CARV ID Telegram SDK
      • Smart Contracts & Security
    • MOFF Bot & Customer Data Platform
    • CARV Account
      • ERC 7231
    • Verifier Nodes
      • How to Purchase Nodes
      • Buyback Program
      • Why Verifier Nodes
      • How do Verifier Nodes Work
        • CARV/veCARV Token
        • CARV Vault
        • CARV NFT License
        • CARV Protocol Service
        • Trusted Execution Environment (TEE)
        • Verifier Node
        • Attestation
        • Delegation
        • Rewards
        • SGX Attestation Verification
      • Verifier Node Sale Dynamics
      • Smart Contract Addresses
      • License Key (NFT)
      • Delegation
      • Node Rewards
      • Join Mainnet Verifier Nodes
        • Prerequisites
        • Delegation Tutorial
        • Operating a Verifier Node
          • Running in VPS
          • Running in CLI
            • Using Source Code
            • Using Docker
            • Gasless Server API
          • Running in Desktop App
      • Explorer
      • FAQ
        • Node Sale
        • Node Operation
  • CARV LABS
    • Introduction
    • Working with CARV Labs
  • Tokenomics
    • Utility
      • veCARV(s)
    • Distribution & Vesting
  • DECENTRALIZED GOVERNANCE
    • ⚔️Universal Guardian Program
    • 📔DAO Governance
    • 🌏Community Programs & Activities
  • Resources
    • 🗜️Writings
    • 🗞️CARV in the News
    • 🫶Social & Community Links
    • 🅰️Brand Guideline
    • 💰Job Openings
Powered by GitBook
On this page
  • SGX Attestation Verification Flow
  • Verification fields and methods
  • References
  1. CARV Ecosystem
  2. Verifier Nodes
  3. How do Verifier Nodes Work

SGX Attestation Verification

SGX Attestation Verification Flow

A SGX-based Gramine service generates a TEE attestation, which is uploaded to a smart contract. Verifiers are required to read and verify the TEE attestation. The verification process typically includes the following steps:

  1. Extract the Attestation: Initially, extract the attestation data from the smart contract.

  2. Parse the Attestation: Parse the extracted attestation data, which usually includes the report body, signature, and signing certificate.

    • Report Body: The main part of the report containing information about the execution environment, such as the security version number, attributes, attribute mask, and measurements.

    • Report Data: The data section of the report, containing user-defined data.

    • Signature: The signature over the report body and report data, used to verify the report's integrity and authenticity.

  3. Verify the Signature: Check the validity of the attestation's signature. This often involves using the public key from the signing certificate to validate the signature.

  4. Certificate Chain Verification: Confirm that the signing certificate's chain of trust is valid and issued by a trusted root certificate.

  5. Report Body Verification: Analyze the information in the report body to ensure it meets the expected criteria, including:

    • MRENCLAVE Verification: Ensure the MRENCLAVE value in the report body matches the expected value to confirm the executed code is as intended.

    • Timestamp: Verify the timestamp of the report to ensure it is current.

    • User Data Verification: If user data is included in the report body, verify that this data meets the expected standards.

Verification fields and methods

  • Signature Verification: Validate the signature using the public key to ensure the attestation has not been tampered with.

  • Certificate Chain Verification: Inspect the certificate chain to ensure the signing certificate is issued by a trusted CA.

  • MRENCLAVE Verification: Compare the MRENCLAVE value in the report body with the expected value to ensure the correct executable code is loaded (to do in version 1).

  • Timestamp: Check the report’s generation time to ensure the information is up to date.

  • User Data: If applicable, verify the user-defined data in the report body.

References

PreviousRewardsNextVerifier Node Sale Dynamics

Last updated 1 year ago

https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/main/SampleCode/RustQuoteVerificationSample/src/main.rshttps://github.com/intel/SGXDataCenterAttestationPrimitives/blob/main/QuoteVerification/dcap_quoteverify/sgx-dcap-quoteverify-rs/src/lib.rsgithub.com
SGXDataCenterAttestationPrimitives/QuoteVerification/dcap_quoteverify/sgx-dcap-quoteverify-rs/src/lib.rs at main · intel/SGXDataCenterAttestationPrimitivesGitHub
Logo