The key manager service is responsible for coordinating the SGX-based key manager runtimes. It stores and publishes policy documents and status updates required for key manager replication.
A key manager policy document defines the policy that key manager implementations use to enforce access control to key material. At this point the policy document is specifically designed to work with our Intel SGX-based key manager runtime.
The policy document specifies the following access control policies that are enforced by the key manager runtime based on the calling enclave identity:
- Enclaves that may query private keys. These are usually enclave identities of confidential runtimes that need access to per-runtime private keys to decrypt state.
- Enclaves that may replicate the master secret. These are usually enclave identities of new key manager enclave versions, to support upgrades. Own enclave identity is implied (to allow key manager replication) and does not need to be explicitly specified.
In order for the policy to be valid and accepted by a key manager enclave it must be signed by a configured threshold of keys. Both the threshold and the authorized public keys that can sign the policy are hardcoded in the key manager enclave.
Policy update enables the key manager runtime owning entity to update the current key manager policy. A new update policy transaction can be generated using
The body of an update policy transaction must be a
SignedPolicySGX which is a signed key manager access control policy. The signer of the transaction must be the key manager runtime’s owning entity.