Cross-Vendor Open Enclave Attestation Plugins

Project Structure

• attester/ — GPU runtime attestation logic and plugin
• verifier/ — Evidence verification plugin
• plugin/ — Cross-vendor plugin registration
• utils/ — Utility functions (e.g., logging)

Getting Started

Prerequisites

• GCC or Clang
• Git

Setup

1. Clone the repository
2. Initialize submodules if any
3. Install dependencies (see above)

Build & Test

To build and run unit tests:

# Build and run attester test
cd attester && gcc test_attester.c -o test_attester && ./test_attester

# Build and run verifier test
cd ../verifier && gcc test_verifier.c -o test_verifier && ./test_verifier

# Build and run logging test
cd ../utils && gcc test_logging.c -o test_logging && ./test_logging

# Build and run cross-vendor attestation demo
cd ../plugin && gcc demo_cross_vendor_attestation.c -o demo_cross_vendor_attestation && ./demo_cross_vendor_attestation

CI/CD

GitHub Actions workflow is provided in .github/workflows/c-build-test.yml for automated build and test.

Security & Compliance

• Security events are logged with timestamps (see utils/logging.c).
• Review and extend tests for production use.

License

MIT

Chimera Attestation Framework (Q3 2024 MVP)

Features

• Cross-vendor attestation (Intel, AMD, NVIDIA)
• Pluggable attester/verifier architecture
• Simple policy engine
• Audit logging
• Easy integration and extension

TEE Simulation & Cryptographic Evidence

This MVP simulates TEE (Trusted Execution Environment) attestation by cryptographically signing evidence in each attester plugin using HMAC-SHA256. Each verifier plugin checks the signature to ensure evidence integrity and authenticity, mimicking real TEE sealing/unsealing.

• Crypto is implemented in core/crypto.c using OpenSSL.
• Each vendor plugin uses a unique key for HMAC.

Prerequisites

• GCC or Clang
• Git
• OpenSSL development libraries (libssl-dev on Linux, brew install openssl on Mac)

Build & Run

mkdir -p logs
# On Mac, you may need to add OpenSSL flags:
gcc demo/demo_main.c core/attestation_api.c core/policy_engine.c core/audit_log.c core/crypto.c \
    plugins/intel/attester.c plugins/intel/verifier.c \
    plugins/amd/attester.c plugins/amd/verifier.c \
    plugins/nvidia/attester.c plugins/nvidia/verifier.c \
    -o chimera_demo -lssl -lcrypto -I/usr/local/include -L/usr/local/lib
./chimera_demo
cat logs/audit.log

Testing

To run all tests:

cd tests
chmod +x run_all_tests.sh
./run_all_tests.sh

Contributing as a Design Partner

• To add a new plugin, copy an existing plugin and update the logic.
• To add a new policy, edit core/policy_engine.c.
• Please log feedback and suggestions in docs/FEEDBACK.md.

Feedback

We value your feedback! Please use docs/FEEDBACK.md to log issues, suggestions, and integration notes.

Running with Simulated and Real TEE Plugins

• The demo registers both simulated (HMAC) and real (Intel SGX/Open Enclave) plugins.
• Use "IntelSGX" as the vendor name for real TEE attestation.

Simulated Plugins (Default Dockerfile)

docker build -t chimera-demo .
docker run --rm chimera-demo

Real TEE (Intel SGX/Open Enclave, Simulation Mode)

docker build -t chimera-sgx-demo -f Dockerfile.openenclave .
docker run --rm chimera-sgx-demo

• For real SGX hardware, you may need to pass through SGX devices (see Open Enclave docs).
• In simulation mode, no special hardware is required.