volcano0dr edited a comment on issue #369: URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/369#issuecomment-1018393715
We can't call `sgx_report_attestation_status` with a `platformInfoBlob` generated on another physical machine. Please refer to: [https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf](url) 3.2 Verify Attestation Evidence 3.2.1 Description > Optionally, a signed Platform Info Blob Type-Length-Value (TLV)will be generated and included in the report (as defined in Platform Info Blobsection).The SP involved in the remote attestation process shouldforward Platform Info Blob, excluding the TLV header, to ISV SGX application running on the client platform that is being attested.The ISV SGX application can then process the Platform Info Blob using SGX SDK API sgx_report_attestation_status(). So, The `mutual-ra` can't run on a different physical machine. Later, I will remove the call of `ocall_get_update_info`in the function that validates the `mra` certificate. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org For additional commands, e-mail: notifications-h...@teaclave.apache.org
