Support for PCR0 signing

[zhanjh]

Issue #, if available:

Description of changes:

This PR is based on aws-nitro-enclaves-image-format/pull/30

• Add subcommand measure-enclave to generate measurements without writing output enclave image file
• Add subcommand sign-pcr0 to sign PCR0 with private key and write output signature file
• Change subcommand build-enclave to accept signed signature.

For security reasons, the private key is usually in a separated environment, so it may not be possible to build an enclave with private key in a single step from the building pipeline. Inspired by Digest Signing in oesign,

1. In building environment, generate PCR0 of the enclave
2. Send PCR0 to the environment containing the private key for signing
3. Back in the building environment, build enclave with certificate and signed signature.

# 1. generate PCR0
nitro-cli measure-enclave --docker-uri example:latest

# 2. sign PCR0 in another environment with private key
nitro-cli sign-pcr0 \
  --pcr0 "pcr0-hash-in-hex" \
  --private-key key.pem \
  --output-file pcr0.sig


# 3. build enclave with certificate and signature
nitro-cli build-enclave \
  --docker-uri example:latest \
  --signing-certificate certificate.pem \
  --signature pcr0.sig \
  --output-file example.signed.eif

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[atanzu]

Hi @zhanjh ,

Thank you for opening this PR.

Our recent changes introduced a new command sign-eif, which takes a pre-built EIF file and allows to sign it with a local private key or a KMS key. It allows the following workflow:

1. Build an EIF in building environment.
2. Transfer that EIF into signing (separate) environment.
3. Sign the EIF using the private key from the signing environment.

If I understand that correctly, it is similar to oesign sign command. Could you please let us know if this flow works for you?

[zhanjh]

Hi @zhanjh ,

Thank you for opening this PR.

Our recent changes introduced a new command sign-eif, which takes a pre-built EIF file and allows to sign it with a local private key or a KMS key. It allows the following workflow:

1. Build an EIF in building environment.

2. Transfer that EIF into signing (separate) environment.

3. Sign the EIF using the private key from the signing environment.

If I understand that correctly, it is similar to oesign sign command. Could you please let us know if this flow works for you?

Hi @atanzu

Thank you for your patience. It's been a while since you responded. I hope this message finds you well.

Yes, you're right.

However, there's another problem : we cannot use private keys for direct signing. Instead, we need to implement MPC (Multi-Party Computation) or Multi-Sig solutions for the signing process.

So could we consider decoupling the signing process from the Nitro CLI command sequence? Here is a possible workflow:

1. Build an EIF in a building environment.
2. Obtain the cryptographic digest of the EIF
3. Transmit the digest to a separate signing environment
4. Perform the signing operation using any chosen method (private key, AWS KMS, MPC or Multi-Sig)
5. Return the generated signature to the build environment for:
   • Signature verification
   • Final EIF packaging with embedded signature

Looking forward to your insights
Best regards.