`enclaver run` attestation verification flag
robszumski opened this issue · 0 comments
robszumski commented
Determine if we think it is useful enough to verify an attestation before running an enclave image:
enclaver run --verify-before-run attestation.jsonwill verify an attestation of an image after fetching it, but before executing it. If the comparison fails, the violating PCRs will be logged and the command will fail with an exit code.
Due to our threat model, this is more of a corruption check due to a hostile host manipulating the functionality.
- If we move forward, update
Verifying Cryptographic Attestationsin architecture docs