Fortanix Data Security Manager Cluster Attestation Guide (on-prem only)

Introduction

The purpose of this article is to provide details on why and how to enable attestation of Fortanix-Data-Security-Manager (DSM) installed on Intel® Software Guard Extension (SGX) enabled FX2200 appliances and Azure Confidential Computing Virtual Machines (VM).

What is Intel SGX Attestation?

Intel® Software Guard Extensions (SGX) is a technology that allows software developers to encrypt their application’s data at run time. It achieves this by allowing applications to launch specially protected software containers, also known as enclaves. These enclaves can be used for protecting the application’s data from adversaries who could have root privileges or even physically tap the memory bus. Fortanix DSM software is designed to run entirely within these enclave boundaries, which allows safeguarding user’s cryptographic keys from any kind of privilege attacks in your network.

Just running an application within an enclave is not sufficient. To utilize the security guarantees of SGX fully, the user must also verify that the application which they have built is running unmodified inside a secure enclave. With the clustered environment, it is also important that each node is sharing data only after verifying the authenticity of the Software and Hardware of the other node. Intel provides a way to achieve this using remote attestation by a service called Intel Attestation Service (IAS).

The SGX attestation process helps each node of Fortanix DSM Software to cryptographically prove that:

  1. The DSM Software, as-built and signed by Fortanix, is running unmodified in a genuine SGX enclave.

  2. The hardware in which it is running is a secure SGX platform with all the necessary microcode updates applied at boot time.

  3. The hardware and software configurations needed for SGX are correctly applied.

Attestation Events

Attestation is performed when substantial changes are performed on a Fortanix DSM cluster. Fortanix DSM communicates with the IAS service when a valid attestation is required for a node. Below are the events when this is required:

  • Creation of a new cluster.

  • Addition of a new node to the cluster.

  • Software upgrade. All nodes require attestation.

  • Node reboot post-BIOS changes.

Once the above events pass with valid attestations, no further attestation is sought during the normal software execution or API requests.

Intel SGX Attestation Configuration

Attestation is enabled by default on a Fortanix DSM cluster.  However, attestation can be disabled explicitly during the cluster creation phase.

NOTE

Attestation configuration (whether enabled or disabled) cannot be changed after the cluster is created.

Prerequisites

The following URLs from the public internet are required to be accessible for outbound access. These endpoints are required for the remote attestation process.  Fortanix supports the configuration of HTTP Proxy if required for this access.

  • http://ps.sgx.trustedservices.intel.com:80, port 80

  • https://trustedservices.intel.com/content/CRL, port 443

  • http://trustedservices.intel.com/ocsp, port 80

  • http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin, port 80

  • https://iasproxy.fortanix.com, port 443
    URLs with port 443 above, needs to be enabled with SSL Pass through.

Configuration

Details on attestation configuration setup can be found in the Fortanix DSM Installation guide at https://support.fortanix.com/v1/docs/fortanix-data-security-manager-installation-guide-on-prem#531-setup-deployment-specific-configuration-file (See section Remote Attestation Options).

Frequently Asked Questions

  • How useful is attestation?
    Attestation allows Fortanix DSM Cluster to correctly validate the software signature and the hardware configuration around Intel SGX. It prevents malicious hardware (not Intel SGX supported) from being part of the cluster and checks that the Intel SGX microcode is patched to the most current version. For cloud-based setup (Azure Confidential Computing VMs), attestation is more important, as Fortanix customers have less control of the hardware and the network.

  • What are the risks if I do not enable attestation?
    If attestation is not enabled, Fortanix DSM still runs entirely within Intel SGX enclaves. However, you must ensure that hardware nodes, which are part of a cluster, support  Intel SGX and have the current microcode patches. There is a risk of data safety if non-SGX hardware gains access to the cluster, or if an old microcode is leveraged for a vulnerability. These risks are significantly higher in cloud-based deployments.

  • How frequently is attestation required?
    The administration events as mentioned in Section: Attestation Events are when valid attestation is requested from Intel Attestation Service (IAS). API requests for Fortanix DSM usage (examples: Key management, cryptography, account/user/group/app management, plugins) never seek attestations.

  • What happens if attestation fails?
    Attestation is a fail-secure kind of mechanism which will halt the cluster modification activity if it fails. In the case of a new node addition, a failure will cause the new node not to join, but the existing cluster will continue to serve the API requests. In the case of a software upgrade, the first node that fails the attestation will halt the upgrade process. However, the rest of the cluster will continue to serve API requests. By following a rolling upgrade strategy (recommended), a maximum of one node will get affected before the upgrade halts.
    In the case of an attestation failure, a ticket should be opened with Fortanix Customer Success at https://support.fortanix.com. Typically, patching the hardware with the most current microcode is the solution. Fortanix software releases include microcode updates, hence it is advisable to upgrade the cluster to a recent version of the Fortanix DSM software.

  • If I do not enable attestation today, can I perform attestation later?
    The attestation must be enabled or disabled during the cluster setup phase. Once configured, this cannot be changed. Request for attestation is automatic during node addition or upgrade. If attestation configuration is enabled for a cluster, you cannot postpone or delay attestation if a node addition or upgrade happens.

  • Some of the outbound attestation URLs are running on port 80. Is communication with these endpoints secure?
    The endpoints listening on port 80 are used by Intel to exchange data which includes digitally signed messages and certificates. Intel uses cryptographic protections (other than TLS) to safeguard any sensitive information. More details on Intel SGX remote endpoints can be found here: https://www.intel.com/content/www/us/en/homepage.html

  • How to validate if a cluster node is enabled for intel attestation?
    The following commands can be used to validate if a node is enabled to do intel attestation successfully.

    export http_proxy=http://10.239.9.190:443
    export https_proxy=http://10.239.9.190:443
    curl -vvv https://iasproxy.fortanix.com
    openssl s_client -connect iasproxy.fortanix.com:443 -showcerts

    In the above output, please validate that the server certificate is signed by any publicly accepted CA, for example: Amazon CA and so on.