AWS Setup for Enclave

Signing Certificate

The signing certificate is used to sign the EIF file. Its SHA-384 hash becomes PCR8 — the KMS key policy condition that gates decryption.

1. Generate a signing keypair (do this once, store the key securely):

   openssl ecparam -name secp384r1 -genkey -noout -out signing_key.pem
   openssl req -new -x509 -key signing_key.pem -out signing_cert.pem \
     -days 3650 -subj "/CN=containment-chamber"

2. Extract the PCR8 hash (after building the EIF):

   nitro-cli build-enclave \
      --docker-uri containment-chamber:latest-enclave \
     --signing-certificate signing_cert.pem \
     --private-key signing_key.pem \
     --output-file enclave.eif
   
   nitro-cli describe-eif --eif-path enclave.eif | jq -r '.Measurements.PCR8'
   # → abc123def456...  (your PCR8 hash)

3. Extract the PCR0 hash (changes on every rebuild):

   nitro-cli describe-eif --eif-path enclave.eif | jq -r '.Measurements.PCR0'
   # → 789xyz...  (your PCR0 hash)

Protect the signing key

Anyone with the signing key can sign a malicious enclave that passes PCR8. Store it in a hardware security module or a separate, restricted AWS account. PCR0 provides defense-in-depth: even with the signing key, an attacker cannot forge the binary hash.

Terraform Configuration

Use the enclave Terraform example to create the infrastructure with attestation-gated KMS key policies:

cd terraform/examples/enclave

terraform init
terraform apply \
  -var 'primary_profile=account-a' \
  -var 'secondary_b_profile=account-b' \
  -var 'secondary_c_profile=account-c' \
  -var 'enclave_signing_cert_hash=<PCR8_HASH>' \
  -var 'enclave_pcr0_hashes=["<PCR0_HASH>"]'

KMS Key Policy Structure

The Terraform example creates KMS key policies with:

• kms:Decrypt — requires PCR8 (always) + PCR0 (when provided) + PCR3 (optional)
• kms:Encrypt — no attestation condition (safe: first-boot only, over TLS)

# PCR8 — signing certificate hash (required)
# PCR0 — image hash (required for production)
# PCR3 — parent IAM role hash (optional, extra lockdown)

PCR8-only is for dev/test only

PCR8 alone is insufficient for production. If the signing key is compromised, an attacker can sign a malicious enclave. Always set enclave_pcr0_hashes in production.

IAM Configuration

The signer IAM role needs:

• DynamoDB access (keystore + antislashing tables)
• KMS access for table encryption keys (via IAM policy)
• KMS access for Shamir keys (via KMS key policy — no IAM policy needed)

For EKS deployments, configure IRSA or EKS Pod Identity:

# IRSA
kubectl annotate serviceaccount containment-chamber \
  eks.amazonaws.com/role-arn=arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME

# EKS Pod Identity
aws eks create-pod-identity-association \
  --cluster-name my-cluster \
  --namespace default \
  --service-account containment-chamber \
  --role-arn arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME