<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Intel PCS &amp;amp; Azure DCs_v3 in Intel® Software Guard Extensions (Intel® SGX)</title>
    <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1402806#M5404</link>
    <description>&lt;P&gt;Hi Sahira,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Apologies if my first post was not clear. &amp;nbsp;I was using the official SGX PCCS. &amp;nbsp;When I said "my own PCCS", I was referring to the fact that I was using the SGX PCCS instead of the Azure DCAP infrastructure.&lt;/P&gt;
&lt;P&gt;Please note that I see the above exception when using Azure&amp;nbsp;&lt;SPAN&gt;DCs_v3. &amp;nbsp;Someone told me that the official SGX PCCS worked when they tried Azure DCs_v2.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;Lastly, the following is a log I got from the official SGX PCCS. &amp;nbsp;My understanding is that the official SGX PCCS is attempting to get information from the Intel PCS and is getting a "404 Not Found":&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;[info]: 127.0.0.1 - - [13/Jul/2022:11:41:11 +0000] "GET /sgx/certification/v3/pckcert?qeid=....removed long string......&amp;amp;cpusvn=08080E0DFFFF01000000000000000000&amp;amp;pcesvn=0D00&amp;amp;pceid=0000 HTTP/1.1" 404 32 "-" "-"&lt;/SPAN&gt;&lt;/P&gt;</description>
    <pubDate>Sat, 23 Jul 2022 23:09:42 GMT</pubDate>
    <dc:creator>Dr_Al_Villarica</dc:creator>
    <dc:date>2022-07-23T23:09:42Z</dc:date>
    <item>
      <title>Intel PCS &amp; Azure DCs_v3</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1401049#M5398</link>
      <description>&lt;P&gt;I am trying to install my own PCCS into Azure using the DCs_v3 servers which support Intel SGX (confidential computing). &amp;nbsp;When I attempt to do remote attestation, I get an exception: &amp;nbsp;&lt;SPAN&gt;SGX_ERROR_PLATFORM_CERT_UNAVAILABLE&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;I turned on traces, and it appears that the PCCS contacts the Intel PCS which returns an error. &amp;nbsp;Here's a snippet of the error:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;[info]: 127.0.0.1 - - [13/Jul/2022:11:41:11 +0000] "GET /sgx/certification/v3/pckcert?qeid=....removed long string......&amp;amp;cpusvn=08080E0DFFFF01000000000000000000&amp;amp;pcesvn=0D00&amp;amp;pceid=0000 HTTP/1.1" 404 32 "-" "-"&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Is there a reason why the Intel PCS does not support the Intel SGX processors that are used in Azure?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 18 Jul 2022 03:19:53 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1401049#M5398</guid>
      <dc:creator>Dr_Al_Villarica</dc:creator>
      <dc:date>2022-07-18T03:19:53Z</dc:date>
    </item>
    <item>
      <title>Re:Intel PCS &amp; Azure DCs_v3</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1402698#M5402</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;It looks like the error is due to the PCK cert for the platform being unavailable.&amp;nbsp;&lt;/P&gt;&lt;P&gt;You mentioned you are using a custom PCCS, can you try installing the&amp;nbsp;official SGX PCCS:&amp;nbsp;&lt;A href="https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md" rel="noopener noreferrer" target="_blank"&gt;https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md&lt;/A&gt;&amp;nbsp;This will make sure that the PCK is being retrieved successfully.&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Sincerely,&lt;/P&gt;&lt;P&gt;Sahira&amp;nbsp;&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Fri, 22 Jul 2022 22:55:59 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1402698#M5402</guid>
      <dc:creator>Sahira_Intel</dc:creator>
      <dc:date>2022-07-22T22:55:59Z</dc:date>
    </item>
    <item>
      <title>Re: Intel PCS &amp; Azure DCs_v3</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1402806#M5404</link>
      <description>&lt;P&gt;Hi Sahira,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Apologies if my first post was not clear. &amp;nbsp;I was using the official SGX PCCS. &amp;nbsp;When I said "my own PCCS", I was referring to the fact that I was using the SGX PCCS instead of the Azure DCAP infrastructure.&lt;/P&gt;
&lt;P&gt;Please note that I see the above exception when using Azure&amp;nbsp;&lt;SPAN&gt;DCs_v3. &amp;nbsp;Someone told me that the official SGX PCCS worked when they tried Azure DCs_v2.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;Lastly, the following is a log I got from the official SGX PCCS. &amp;nbsp;My understanding is that the official SGX PCCS is attempting to get information from the Intel PCS and is getting a "404 Not Found":&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;[info]: 127.0.0.1 - - [13/Jul/2022:11:41:11 +0000] "GET /sgx/certification/v3/pckcert?qeid=....removed long string......&amp;amp;cpusvn=08080E0DFFFF01000000000000000000&amp;amp;pcesvn=0D00&amp;amp;pceid=0000 HTTP/1.1" 404 32 "-" "-"&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Sat, 23 Jul 2022 23:09:42 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1402806#M5404</guid>
      <dc:creator>Dr_Al_Villarica</dc:creator>
      <dc:date>2022-07-23T23:09:42Z</dc:date>
    </item>
    <item>
      <title>Re: Intel PCS &amp; Azure DCs_v3</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1404405#M5410</link>
      <description>&lt;P&gt;Just following up on this please. &amp;nbsp;I have installed the latest official SGX PCCS (git tag dcap_1.14_reproducible) and I am still getting an error. &amp;nbsp;Please see the PCCS trace below and note the "&lt;SPAN&gt;Intel PCS server returns error. Error code : 404".&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Thanks in advance.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;&lt;STRONG&gt;azureuser@crdz-1&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt;:&lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;~/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt;$ node -r esm pccs_server.js&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;&lt;STRONG&gt;morgan&lt;/STRONG&gt;&lt;/SPAN&gt; &lt;SPAN&gt;&lt;STRONG&gt;deprecated&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt; default format: use combined format &lt;/SPAN&gt;&lt;SPAN&gt;node_modules/esm/esm.js:1:278827&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:42:51.181 [info]: DB Migration (Ver.0 -&amp;gt; 1) -- Start&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:42:51.186 [info]: DB Migration -- Done.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:42:51.217 [info]: DB Migration (Ver.1 -&amp;gt; 2) -- Start&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:42:51.224 [info]: DB Migration -- Done.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:42:51.258 [info]: DB Migration (Ver.2 -&amp;gt; 3) -- Start&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:42:51.265 [info]: DB Migration -- Done.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:42:51.336 [info]: HTTPS Server is running on: &lt;A href="https://localhost:8081" target="_blank"&gt;https://localhost:8081&lt;/A&gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:43:18.809 [info]: Client Request-ID : 757134b57bb64e2e83401000b4d9c5eb&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:43:19.781 [info]: Request-ID is : 1e39cb7c1c5c4d478ac627dccce71ed4&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:43:21.065 [info]: 127.0.0.1 - - [29/Jul/2022:01:43:21 +0000] "GET /sgx/certification/v3/rootcacrl HTTP/1.1" 200 586 "-" "curl/7.68.0"&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:46:06.183 [info]: Client Request-ID : e030d2cd3ce54224996530835062f614&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:46:06.771 [info]: Request-ID is : ecb554e17ad24b7ebc7e828234f38101&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:46:06.771 [error]: Intel PCS server returns error(404).&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:46:06.771 [error]: Intel PCS server returns error. Error code : 404&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:46:06.772 [error]: Error: No cache data for this platform.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;at Proxy.getPckCertFromPCS (/home/azureuser/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/services/logic/commonCacheLogic.js:92:11)&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;at processTicksAndRejections (node:internal/process/task_queues:96:5)&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;at async LazyCachingMode.getPckCertFromPCS (/home/azureuser/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/services/caching_modes/cachingMode.js:126:12)&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;at async Proxy.getPckCert (/home/azureuser/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/services/pckcertService.js:115:16)&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;at async getPckCert (/home/azureuser/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/controllers/pckcertController.js:77:25)&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;2022-07-29 01:46:06.776 [info]: 127.0.0.1 - - [29/Jul/2022:01:46:06 +0000] "GET /sgx/certification/v3/pckcert?qeid=2B8D369BD584F9B6FCBB3DE75D6F86DD&amp;amp;encrypted_ppid=C4C5B3FB5D96F53C80136589DAA6C5A5DE1F2D40F4E474C57F721574B593EA0048A86899A97F5E831A790330A423FFAD79DB9A876FAC70F9079F260AE130F411D16EB9AC2230962CCDC6217BC6B1AAB3DA70DD15CEC975F30638BCA3325459E6A0D29420369C03DAE9D123E7F9E331A8347F208936D70B7226F8DE6B0EECFF21B74D9E19FAE92FBAC519EBDFCCCAAF1ECDA6E89A96ED73593A65402B76186F2759D29621476A9612D22F32758AA9A6181BBA4C729D3FA984BF404DE7660BA1EC504B1D14CEAAE7EA77AD033FF93C7E552C154FB98A376DDAF9B613A4C51C01496EB28037DC7DA195318EF7C94C61FAEF9C792BD42849F9A2110955CC4FD4E083DA21AD701B31E074F16A23CCFCA185E098F67F7CDC8FD7FEC09D8281C12C277232CEBC2C72DBBDCE67B060860CE534574441C64DAAD71AE6B021D7611BD1603A92C52E49B1DA7519E7449A3F7B97D7CD98AB79B6005C177126C297CEB215FCBA7F3ECABCC2DCEC578B03280B7B53D3B79D205F1FADC65FD29330992BCE230D12&amp;amp;cpusvn=08080E0DFFFF01000000000000000000&amp;amp;pcesvn=0D00&amp;amp;pceid=0000 HTTP/1.1" 404 32 "-" "-"&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 29 Jul 2022 01:52:12 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1404405#M5410</guid>
      <dc:creator>Dr_Al_Villarica</dc:creator>
      <dc:date>2022-07-29T01:52:12Z</dc:date>
    </item>
    <item>
      <title>Re:Intel PCS &amp; Azure DCs_v3</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1407729#M5430</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;I also see: &lt;SPAN style="font-size: 16px; font-family: intel-clear;"&gt;[error]: Error: No cache data for this platform. &lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;This error is due to the BIOS not being up to date. Can you update to the most recent BIOS available from the OEM? That should fix the error, but let me know if you are still getting the 404 error as that might be a separate problem.&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Sincerely,&lt;/P&gt;&lt;P&gt;Sahira &lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Thu, 11 Aug 2022 22:38:09 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1407729#M5430</guid>
      <dc:creator>Sahira_Intel</dc:creator>
      <dc:date>2022-08-11T22:38:09Z</dc:date>
    </item>
    <item>
      <title>Re: Re:Intel PCS &amp; Azure DCs_v3</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1407753#M5431</link>
      <description>Ok thank you, I have to check with Microsoft Azure since I do not have access to their BIOS. &lt;BR /&gt;&lt;BR /&gt;Question...If the BIOS is old, how would  Microsoft Azure's built-in PCS work, assuming the Azure PCS also needs to obtain a certificate from Intel?</description>
      <pubDate>Fri, 12 Aug 2022 00:14:17 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1407753#M5431</guid>
      <dc:creator>Dr_Al_Villarica</dc:creator>
      <dc:date>2022-08-12T00:14:17Z</dc:date>
    </item>
    <item>
      <title>Re: Re:Intel PCS &amp; Azure DCs_v3</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1408574#M5439</link>
      <description>&lt;P&gt;Hi Dr. Al.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Per the doc from Microsoft ACC entitled "&lt;A href="https://docs.microsoft.com/en-us/azure/confidential-computing/quick-create-portal" target="_self"&gt;Quickstart: Create Intel SGX VM in the Azure portal&lt;/A&gt;":&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;"For DCsv3 and DCdsv3-series Azure VMs, the Intel certificates can only be fetched from THIM, as it is not possible to make direct calls to Intel service from the VMs."&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;This means you will need to contact their THiM service to get the cert for your platform to populate your PCCS.&amp;nbsp; The &lt;A href="https://github.com/Microsoft/Azure-DCAP-Client" target="_self"&gt;Azure DCAP Client source&lt;/A&gt; should show you how to do that.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Regards.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Scott&lt;/P&gt;</description>
      <pubDate>Tue, 16 Aug 2022 15:20:56 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1408574#M5439</guid>
      <dc:creator>Scott_R_Intel</dc:creator>
      <dc:date>2022-08-16T15:20:56Z</dc:date>
    </item>
    <item>
      <title>Re: Re:Intel PCS &amp; Azure DCs_v3</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1408713#M5443</link>
      <description>&lt;P&gt;Thanks Scott for your answer. &amp;nbsp;The statement "it is not possible to make direct calls to Intel service from the VMs" -- does this mean that Azure is (for reasons unknown?) blocking the VM from making an outgoing HTTPS connection to the Intel PCS?&lt;/P&gt;
&lt;P&gt;I'm sorry to have to keep pushing on this, but one of the tests that I remember doing was this scenario: &amp;nbsp;From an SGX-capable machine in my office, I opened the firewall on Azure that allowed my SGX-capable machine to talk to an Intel PCCS (the demo) that I installed on an Azure VM (DCsv3). &amp;nbsp;I modified the "pccs_url" in /etc/sgx_default_qcnl.conf" to point to the Azure VM. &amp;nbsp;I was able to do remote attestation for an enclave application in my SGX-capable machine.&lt;/P&gt;
&lt;P&gt;Both of these scenarios work for remote attestation:&lt;/P&gt;
&lt;P&gt;1. &amp;nbsp;[my SGX-capable machine] &amp;lt;-------&amp;gt; [Intel PCCS on Azure VM DCsv3] &amp;lt;------&amp;gt; [Intel PCS]&lt;/P&gt;
&lt;P&gt;2. &amp;nbsp;[my SGX-capable machine] &amp;lt;--------&amp;gt; [Intel PCCS on my SGX-capable machine] &amp;lt;------&amp;gt; [Intel PCS]&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I can redo the test again if you wish, but doesn't scenario #1 show that an Intel PCCS running on an Azure VM DCsv3 *can* make an HTTPS call to Intel PCS? &amp;nbsp;What am I missing?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks in advance, I'd like to clear things up a bit. &amp;nbsp;I was hoping to be able to use Azure confidential computing where I have full control of the Intel PCCS and not have to rely on Azure's PCS (THIM).&lt;/P&gt;</description>
      <pubDate>Wed, 17 Aug 2022 02:06:20 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1408713#M5443</guid>
      <dc:creator>Dr_Al_Villarica</dc:creator>
      <dc:date>2022-08-17T02:06:20Z</dc:date>
    </item>
    <item>
      <title>Re: Intel PCS &amp; Azure DCs_v3</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1410502#M5449</link>
      <description>&lt;P&gt;Hello again.&lt;/P&gt;
&lt;P&gt;No, Microsoft isn't blocking PCS accesses.&amp;nbsp; The reason you won't be able to retrieve certs for ACC platforms is due to the fact that ACC uses "indirect registration" for their platforms.&amp;nbsp; Because of this, you can't request PCK certs for these platforms using only PPID, which is all you have access to as an ACC tenant/guest VM.&amp;nbsp; You would need to have the "platform manifest" for the platform you're running on to get the cert for it, and that's only available from bare metal (not a guest VM).&amp;nbsp; There is a good security reason for using indirect registration - the platform registration keys (PRKs) are not stored in Intel's Registration Service.&amp;nbsp; The PRKs are only kept and used long enough to generate the PCK Certs and then are deleted.&amp;nbsp; Without those PRKs, Intel PCS cannot use the PPID to identify the platform and provide you the PCK cert.&lt;/P&gt;
&lt;P&gt;Note, platform registration is only applicable to Intel Xeon Scalable platforms.&amp;nbsp; Intel Xeon E and consumer Core products do not need/have this registration step as PCS can actually use those CPUs' EncPPIDs to identify the CPU and provide the PCK Cert.&lt;/P&gt;
&lt;P&gt;There is a lot more info on this topic in our "&lt;A href="https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_DCAP_Multipackage_SW.pdf" target="_self"&gt;Remote Attestation for Multi-Package Platforms&lt;/A&gt;" doc.&lt;/P&gt;
&lt;P&gt;Hope this helps.&lt;/P&gt;
&lt;P&gt;Scott&lt;/P&gt;</description>
      <pubDate>Wed, 24 Aug 2022 20:13:13 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1410502#M5449</guid>
      <dc:creator>Scott_R_Intel</dc:creator>
      <dc:date>2022-08-24T20:13:13Z</dc:date>
    </item>
    <item>
      <title>Re: Intel PCS &amp; Azure DCs_v3</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1410868#M5453</link>
      <description>&lt;P&gt;Thank you so much for this explanation. &amp;nbsp;It helps a lot!&lt;/P&gt;</description>
      <pubDate>Fri, 26 Aug 2022 02:54:12 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-PCS-amp-Azure-DCs-v3/m-p/1410868#M5453</guid>
      <dc:creator>Dr_Al_Villarica</dc:creator>
      <dc:date>2022-08-26T02:54:12Z</dc:date>
    </item>
  </channel>
</rss>

