远程证明服务

阿里云远程证明服务是一个统一的解决方案,用于验证平台的可信度和在该平台中运行的代码的完整性。该服务支持对基于可信平台模块TPM(Trusted Platform Module)的平台进行证明,以及对可信加密执行环境TEE(Trusted Execution Environment)的状态进行证明。本文介绍远程证明服务的工作原理及如何使用远程证明服务。

工作原理

阿里云远程证明服务以背调模型(Background-Check Model)为基础,可用于验证阿里云安全增强型实例的安全状态和可信性。该服务涉及以下角色:

  • 证明者(Attester):使用阿里云ECS实例的用户,需要向依赖方证明ECS实例的身份及可信度。

  • 依赖方(Relying Party):需要验证证明者身份及可信度的实体,依赖方会基于TPM、TEE等度量信息作为基准数据生成评估策略。

  • 验证方(Verifier):阿里云远程证明服务,负责将证据与评估策略进行比较,并得出验证结果。

具体证明流程如下:

  1. 证明者在ECS实例中收集和生成证据。

  2. 证明者将证据传递给依赖方。

  3. 依赖方将其直接转发给验证方。

  4. 验证方将证据与其评估策略进行比较。

  5. 验证方将证明结果返回给依赖方。

  6. 依赖方将证明结果与自己的评估策略进行比较。

在该验证过程中,证明结果由可信的验证方通过安全信道传递给依赖方,因此安全性较高。关于更多背调模型说明,请参见Background-Check Model

在基于背调模型的阿里云远程证明服务设计中,除了支持由依赖方中转证据外,还支持证明者直接将证据传递给远程证明服务,依赖方可以随时向远程证明服务查询特定实体的证明结果。这种方式可以大大降低依赖方的负载,并有利于管理员集中管理其所有实体的状态。

image

计费说明

阿里云远程证明服务本身不收费。

但您需要对使用远程证明服务的ECS实例进行付费。

远程证明服务OpenAPI示例

阿里云远程证明服务支持基于vTPM平台模块的可信计算实例和基于Intel SGX/TDX/Enclave的机密计算实例。

  • 针对vTPM的远程证明服务,您需要使用阿里云账号开通云安全中心服务。

  • 针对机密计算实例特性Intel SGX/TDX等的远程证明服务,您可以通过匿名的HTTP方式访问。

远程证明vTPM可信实例

更多可信实例信息,请参见可信计算能力概述

上报证据

请求参数示例(该接口需鉴权后方可调用,请参考请求结构和签名机制进行调用):

access https://trusted-server.cn-hangzhou.aliyuncs.com?Action=PutMessage&PropertyUuid=0f74b5cc-ff0e-4fa6-b457-1dc58072****&FileData=******************

请求响应示例:

{
	"PropertyName": "instance-name",
	"SystemTrustDetail": {
		"pcr3": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
		"pcr4": "c35cef3b92c3850dc0bfa6139b25dc1c4c3d642b8587bde0fiemd847ufjxxxx",
		"pcr5": "aabd7d8c76c931dabed7ea53d1c8f96036c42a29435680ddff3f3148ff70xxxx",
		"pcr6": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
		"pcr0": "d22aa1bba22e829456f0cfda0d87690e6c252032864643da353133f161xxxx",
		"pcr1": "d9f056a703f04e4f408445752e97e92c890266d32e2ff1df3e80545aab4fxxxx",
		"pcr2": "d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198exxxx",
		"pcr7": "dd794f2d0c4cfa28dc9b5a3266e8516378ba551190d9844c38b890f7ad27xxxx",
		"pcr8": "deb301d065009d62980110d8173e350bbd43a4997ad74bf358ce5399c0ecxxxx",
		"pcr9": "ffe25e93ac7d245159184ac68c7dd5783e4cea978fafb1ad036bc861a8cdxxxx"
	},
	"RequestId": "D0E0C1D2-2937-54D4-9C52-XXXXXXXXXXXX",
	"SystemExceptionNum": 0,
	"ProgramWhiteListId": -1,
	"SystemWhiteListId": 1234,
	"ProgramTrustStatus": 4,
	"SystemTrustStatus": 1,
	"GmtModified": 1698975648000,
	"ProgramWhiteListName": "",
	"GmtRecentReport": 1698975648000,
	"OnlineStatus": 1,
	"Extensions": {
		"pcr5": "d1dac9c104c63c7e24f27962f4ad1df639a3f3224b1a968a45916207cf3xxxx"
	},
	"PropertyPrivateIp": "1.1.X.X",
	"PropertyPublicIp": "1.1.X.X",
	"GmtCreate": 1698385542000,
	"PropertyUuid": "c13fcabe-6683-4a9f-8cdd-xxxxxxxxxxxx",
	"ProgramTrustDetail": "{}",
	"ProgramExceptionNum": 0,
	"PropertyAffiliation": 1
}

查询证明结果

请求参数示例:

access https://trusted-server.cn-beijing.aliyuncs.com?Action=DescribeInstance&PropertyUuid=0f74b5cc-ff0e-4fa6-b457-1dc58072****

请求响应示例:

{
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3****"
  "data": {
    "nextClientIMAIndex": 0,
    "systemVerificationResult": {
      "status": 1,
      "code": "TrustedStatus"
    },
    "programVerificationResult": {
      "status": 1,
      "code": "TrustedStatus"
    }
  }
}

远程证明SGX/TDX机密实例

更多SGX/TDX机密实例信息,请参见构建SGX机密计算环境构建TDX机密计算环境

获取平台TCB信息

请求参数示例:

curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/tcb?fmspc=00606A000000

请求响应示例:

{
	"tcbInfo": {
		"version": 2,
		"issueDate": "2023-10-11T08:09:33Z",
		"nextUpdate": "2023-12-18T08:09:33Z",
		"fmspc": "00606A000000",
		"pceId": "0000",
		"tcbType": 0,
		"tcbEvaluationDataNumber": 12,
		"tcbLevels": [{
			"tcb": {
				"sgxtcbcomp01svn": 4,
				"sgxtcbcomp02svn": 4,
				"sgxtcbcomp03svn": 3,
				"sgxtcbcomp04svn": 3,
				"sgxtcbcomp05svn": 255,
				"sgxtcbcomp06svn": 255,
				"sgxtcbcomp07svn": 0,
				"sgxtcbcomp08svn": 0,
				"sgxtcbcomp09svn": 0,
				"sgxtcbcomp10svn": 0,
				"sgxtcbcomp11svn": 0,
				"sgxtcbcomp12svn": 0,
				"sgxtcbcomp13svn": 0,
				"sgxtcbcomp14svn": 0,
				"sgxtcbcomp15svn": 0,
				"sgxtcbcomp16svn": 0,
				"pcesvn": 11
			},
			"tcbDate": "2021-11-10T00:00:00Z",
			"tcbStatus": "UpToDate"
		}, {
			"tcb": {
				"sgxtcbcomp01svn": 4,
				"sgxtcbcomp02svn": 4,
				"sgxtcbcomp03svn": 3,
				"sgxtcbcomp04svn": 3,
				"sgxtcbcomp05svn": 255,
				"sgxtcbcomp06svn": 255,
				"sgxtcbcomp07svn": 0,
				"sgxtcbcomp08svn": 0,
				"sgxtcbcomp09svn": 0,
				"sgxtcbcomp10svn": 0,
				"sgxtcbcomp11svn": 0,
				"sgxtcbcomp12svn": 0,
				"sgxtcbcomp13svn": 0,
				"sgxtcbcomp14svn": 0,
				"sgxtcbcomp15svn": 0,
				"sgxtcbcomp16svn": 0,
				"pcesvn": 10
			},
			"tcbDate": "2020-11-11T00:00:00Z",
			"tcbStatus": "OutOfDate"
		}, {
			"tcb": {
				"sgxtcbcomp01svn": 4,
				"sgxtcbcomp02svn": 4,
				"sgxtcbcomp03svn": 3,
				"sgxtcbcomp04svn": 3,
				"sgxtcbcomp05svn": 255,
				"sgxtcbcomp06svn": 255,
				"sgxtcbcomp07svn": 0,
				"sgxtcbcomp08svn": 0,
				"sgxtcbcomp09svn": 0,
				"sgxtcbcomp10svn": 0,
				"sgxtcbcomp11svn": 0,
				"sgxtcbcomp12svn": 0,
				"sgxtcbcomp13svn": 0,
				"sgxtcbcomp14svn": 0,
				"sgxtcbcomp15svn": 0,
				"sgxtcbcomp16svn": 0,
				"pcesvn": 5
			},
			"tcbDate": "2018-01-04T00:00:00Z",
			"tcbStatus": "OutOfDate"
		}]
	},
	"signature": "21750a9a4173140379971c9eeaeee8dd27364cae4fdc45e19825bcddb0e5942941cb7cad8067aaaa98c75a0a0cfa9de329eb7d875957bd633a248bc328a0xxxx"
}

获取QE身份

请求参数示例:

curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/qe/identity

请求响应示例:

{
	"enclaveIdentity": {
		"id": "QE",
		"version": 2,
		"issueDate": "2023-11-01T14:57:38Z",
		"nextUpdate": "2023-12-01T14:57:38Z",
		"tcbEvaluationDataNumber": 16,
		"miscselect": "00000000",
		"miscselectMask": "FFFFFFFF",
		"attributes": "11000000000000000000000000000000",
		"attributesMask": "FBFFFFFFFFFFFFFF0000000000000000",
		"mrsigner": "8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C5xxxx",
		"isvprodid": 1,
		"tcbLevels": [{
				"tcb": {
					"isvsvn": 8
				},
				"tcbDate": "2023-08-09T00:00:00Z",
				"tcbStatus": "UpToDate"
			},
			{
				"tcb": {
					"isvsvn": 6
				},
				"tcbDate": "2021-11-10T00:00:00Z",
				"tcbStatus": "OutOfDate"
			}, {
				"tcb": {
					"isvsvn": 5
				},
				"tcbDate": "2020-11-11T00:00:00Z",
				"tcbStatus": "OutOfDate"
			}, {
				"tcb": {
					"isvsvn": 4
				},
				"tcbDate": "2019-11-13T00:00:00Z",
				"tcbStatus": "OutOfDate"
			}, {
				"tcb": {
					"isvsvn": 2
				},
				"tcbDate": "2019-05-15T00:00:00Z",
				"tcbStatus": "OutOfDate"
			}, {
				"tcb": {
					"isvsvn": 1
				},
				"tcbDate": "2018-08-15T00:00:00Z",
				"tcbStatus": "OutOfDate"
			}
		]
	},
	"signature": "593f79398d6400e62d14f1066e69e4e5bb44ed7544b18713d8020354e7601481681dc812a124672bfedd0e54ab31179fac442400c011ebca6b00c44d805bxxxx"
}

获取QvE身份

请求参数示例:

curl https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v3/qve/identity

请求响应示例:

{
	"enclaveIdentity": {
		"id": "QVE",
		"version": 2,
		"issueDate": "2023-11-01T15:45:01Z",
		"nextUpdate": "2023-12-01T15:45:01Z",
		"tcbEvaluationDataNumber": 16,
		"miscselect": "00000000",
		"miscselectMask": "FFFFFFFF",
		"attributes": "01000000000000000000000000000000",
		"attributesMask": "FBFFFFFFFFFFFFFF0000000000000000",
		"mrsigner": "8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C5xxxx",
		"isvprodid": 2,
		"tcbLevels": [{
			"tcb": {
				"isvsvn": 3
			},
			"tcbDate": "2023-08-09T00:00:00Z",
			"tcbStatus": "UpToDate"
		}]
	},
	"signature": "251bb1301cb499cb8161a9b885fad8ceeb06b497f1e4a83c8de2d0f2e9e82c3ce0f22ce2ef6c6a789dcc287bb0a1da12a822a465395b54c9046aacfee7ceaff6"
}