Will this library support remote attestation?

[prz23]

A TEE with remote attestation capability is required for it to function as a server, so I would like to ask if there are any plans for the Teaclave SDK to implement remote attestation capabilities?

[DemesneGH]

Hi @prz23 The mutual attestation has been implemented in Teaclave and Teaclave SGX SDK (reference: incubator-teaclave/mutual-attestation.md at master · apache/incubator-teaclave · GitHub). Adding remote attestation support in the Teaclave TrustZone SDK is on our road map and we've made some progress on that.

Here's an overview of the related work:

• Our TLS support and client/server examples: incubator-teaclave-trustzone-sdk/examples/tls_server-rs at master · apache/incubator-teaclave-trustzone-sdk · GitHub
• OP-TEE's support for attestation in pseudo TA, which provides runtime measurements: core: pta: add remote attestation PTA · OP-TEE/optee_os@7e05ec2 · GitHub
• Remote attestation implementation in incubator-teaclave

In order to complete the TrustZone SDK implementation, we need to:

• Wrap the APIs for the TA to call the pseudo TA, such as TEE_OpenTASession
• Customize the TLS certificate based on our TLS client/server example
• Add the attestation module and attestation example

We'll keep you informed of any updates on this thread. If you're interested in implementing this feature, we'd appreciate your contribution. Thank you!