How the SigRL is used by IAS to determine the validity of an Intel® Software Guard Extensions (Intel® SGX) platform
During remote attestation, the Service Provider (SP) has to query IAS for two things:
- Get SigRL(gid)
- Get Report(quote)
In the function sgx_get_quote the p_sig_rl argument can be NULL.
The SigRL returned by IAS is not signed meaning it could have been modified before being used in sgx_get_quote.
If we ignore the first IAS query will IAS know whether the processor is legitimate, up to date, and not blacklisted?
An Intel® Enhanced Privacy ID (Intel® EPID) group can have valid platforms and revoked, invalid platforms. The SigRL contains signatures of revoked platforms in an Intel® EPID group.
The SP must get the SigRL from IAS and send it to the Intel® SGX platform being attested so that the platform can include it in its report back to IAS. If the SigRL gets tampered with in any way, the platform, whether it's valid or not, will fail attestation because the IAS will know that the platform's report does not contain the appropriate SigRL.
If a valid platform signs it's quote with an empty SigRL and it is part of an Intel® EPID group that has revoked platforms in it (the SigRL is not supposed to be empty), then that valid platform will fail.
An empty SigRL list exists only for Intel® EPID groups without any revoked platforms. You can send empty SigRLs only to platforms in clean Intel® EPID groups.