Auditor example with Remote Attestation

[sbellem]

• Figure out how to install the PSW in the nix environment -- currently running into issues to build the installer (make psw_install_pkg fails with -lpthread not available) -- see issue Reproducible builds for the PSW intel/linux-sgx#645 to follow.
• Use an example that has remote attestation (e.g. remoteattestation, or something else)
• Provide a simple demo script that would be use by an auditor.

auditor script

inputs:

• a signed enclave (enclave.signed.so) to be checked for its reproducibility, and
• enclave.so (optional)
• the source code to reproduce the build
• maybe: an attestation verification report from Intel -- from the enclave.signed.so the MRSIGNER can be extracted and compared against the one in the report -- hence, if the enclave.signed.so can be reproduced, and its MRSIGNER matches the one in the report, and the code "passes" the audit, then enclave.signed.so can be "trusted"

outputs:

• true/success - meaning it is reproducible and "trusted", OR false/failing otherwise, with the reason (unreproducible, MRSIGNER and/or MRENCLAVE mismatch)

verbose/debug info:

• the sha256sum of the metadata of the enclave.signed.so file under audit (the one given as input)
• the sha256sum of the metadata of the built and signed enclave (built by the script) -- the sha256sums should match if the script outputs true/success for reproducibility
• MRSIGNER extracted from enclave.signed.so
• MRSIGNER extracted from report
• MRENCLAVE extracted from report

Notes about MRSIGNER

See https://github.com/intel/sgx-ra-sample/blob/master/Makefile.am#L97-L100 for an example on how to extract the MRSIGNER from a signed enclave .so file.