1.0 Introduction
The purpose of this article is to provide details on why and how to enable attestation of Fortanix-Data-Security-Manager (DSM) installed on Intel® Software Guard Extension (SGX) enabled FX2200 appliances and Azure Confidential Computing Virtual Machines (VM).
2.0 What is Intel SGX Attestation?
Intel® Software Guard Extensions (SGX) is a technology that allows software developers to encrypt their application’s data at run time. It achieves this by allowing applications to launch specially protected software containers, also known as enclaves. These enclaves can be used for protecting the application’s data from adversaries who could have root privileges or even physically tap the memory bus. Fortanix DSM software is designed to run entirely within these enclave boundaries, which allows safeguarding user’s cryptographic keys from any kind of privilege attacks in your network.
Just running an application within an enclave is not sufficient. To utilize the security guarantees of SGX fully, the user must also verify that the application that they have built is running unmodified inside a secure enclave. With the clustered environment, it is also important that each node shares data only after verifying the authenticity of the Software and Hardware of the other node. Intel provides a way to achieve this using remote attestation by a service called Data Center Attestation Primitives (DCAP).
The SGX attestation process helps each node of Fortanix DSM software to cryptographically prove that:
The DSM software, as-built and signed by Fortanix, is running unmodified in a genuine SGX enclave.
The hardware on which it is running is a secure SGX platform with all the necessary microcode updates applied at boot time.
The hardware and software configurations needed for SGX are correctly applied.
3.0 Attestation Events
Attestation is performed when substantial changes are made to a Fortanix DSM cluster. Fortanix DSM communicates with the DCAP service when a valid attestation is required for a node. Below are the events when this is required:
Creation of a new cluster.
Addition of a new node to the cluster.
Replacing nodes in an existing cluster (for example: replacing failed hardware nodes)
Software upgrade. All nodes require attestation.
Node reboot post-BIOS changes.
Once the above events pass with valid attestations, no further attestation is sought during the normal software execution or API requests.
WARNING
Intel has announced the End of Life (EOL) of their Intel Attestation Service (IAS) for Intel SGX (https://community.intel.com/t5/Intel-Software-Guard-Extensions/IAS-End-of-Life-Announcement/td-p/1545831). Fortanix DSM does not support IAS attestation; you must use DCAP attestation to verify the integrity of the nodes’ CPUs as they are enrolled in a DSM cluster. Refer to the Fortanix DSM Installation Guide to use any one of the DCAP Attestation configurations as per your requirement.
4.0 Intel SGX Attestation Configuration
Attestation is enabled by default on a Fortanix DSM cluster. However, attestation can be disabled explicitly during the cluster creation phase.
NOTE
Attestation configuration (whether enabled or disabled) cannot be changed after the cluster is created.
4.1 Prerequisites
The following URLs from the public internet are required to be accessible for outbound access. These endpoints are required for the remote attestation process. Fortanix supports the configuration of an HTTP Proxy if required for this access.
https://trustedservices.intel.com/content/CRL, port 443
http://trustedservices.intel.com/ocsp, port 80
http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin, port 80
https://pccs.fortanix.com, port 443
https://api.trustedservices.intel.com, port 443
NOTE
For platform attestation, when using pcs: FortanixPCCS, you must whitelist the URL: https://pccs.fortanix.com to create an end-to-end encrypted and authenticated connection.
URLs with port 443 above need to be enabled with SSL Pass-through.
https://api.trustedservices.intel.com needs to be whitelisted only in Azure
4.2 Configuration
For more information on the attestation configuration, refer to the Fortanix Data Security Manager Installation Guide - On-Prem.
5.0 Frequently Asked Questions
How useful is attestation?
Attestation allows Fortanix DSM Cluster to correctly validate the software signature and the hardware configuration around Intel SGX. It prevents malicious hardware (not Intel SGX supported) from being part of the cluster and checks that the Intel SGX microcode is patched to the most current version. For cloud-based setup (Azure Confidential Computing VMs), attestation is more important, as Fortanix customers have less control of the hardware and the network.What are the risks if I do not enable attestation?
If attestation is not enabled, Fortanix DSM still runs entirely within Intel SGX enclaves. However, you must ensure that hardware nodes, which are part of a cluster, support Intel SGX and have the current microcode patches. There is a risk to data safety if non-SGX hardware gains access to the cluster or if an old microcode is leveraged for a vulnerability. These risks are significantly higher in cloud-based deployments.How frequently is attestation required?
The administration events, as mentioned in Section: Attestation Events, are when valid attestation is requested from Intel SGX DCAP. API requests for Fortanix DSM usage (examples: Key management, cryptography, account/user/group/app management, plugins) never seek attestations.What happens if attestation fails?
Attestation is a fail-secure kind of mechanism that will halt the cluster modification activity if it fails. In the case of a new node addition, a failure will cause the new node not to join, but the existing cluster will continue to serve the API requests. In the case of a software upgrade, the first node that fails the attestation will halt the upgrade process. However, the rest of the cluster will continue to serve API requests. By following a rolling upgrade strategy (recommended), a maximum of one node will be affected before the upgrade halts.
In the case of an attestation failure, a ticket should be opened with Fortanix Customer Success at https://support.fortanix.com. Typically, patching the hardware with the most current microcode is the solution. Fortanix software releases include microcode updates; hence it is advisable to upgrade the cluster to a recent version of the Fortanix DSM software.If I do not enable attestation today, can I perform attestation later?
The attestation must be enabled or disabled during the cluster setup phase. Once configured, this cannot be changed. Request for attestation is automatic during node addition or upgrade. If attestation configuration is enabled for a cluster, you cannot postpone or delay attestation if a node addition or upgrade happens.Some of the outbound attestation URLs are running on port 80. Is communication with these endpoints secure?
The endpoints listening on port 80 are used by Intel to exchange data, which includes digitally signed messages and certificates. Intel uses cryptographic protections (other than TLS) to safeguard any sensitive information. More details on Intel SGX remote endpoints can be found here: https://www.intel.com/content/www/us/en/homepage.htmlHow to validate if a cluster node is enabled for intel attestation?
The following commands can be used to validate if a node is enabled to do Intel Attestation successfully.curl -vvv https://pccs.fortanix.com openssl s_client -connect pccs.fortanix.com:443 -showcerts
In the above output, please validate that the server certificate is signed by any publicly accepted CA, for example: Amazon CA, and so on.