https://community.intel.com/t5/Intel-Software-Guard-Extensions/Key-persistence-and-sharing-in-IntelSGX/m-p/1504743#M5811 <DIV class="">We are developing a product build on top of Intel SGX hosted on Azure, we are facing some challenges when it comes to data persistence. We have two requirements:</DIV><OL class=""><LI>The ability to store a persistent secret key, between restarts</LI><LI>The ability to share this key with other enclaves (provided these are signed by the same entity, aka Applied Blockchain), we'll refer to this as forward key sharing.</LI></OL><DIV class="">Our infrastructure is deployed and managed on kubernetes on Azure and as such the concern over network destruction poses a great concern. We've implemented in-house solution to the persistence problem, wherein all enclaves can provision each other assuming they have the same MRENCLAVE, removing the single point of failure. Forward key sharing is harder to achieve due to microcode updates that prevent the enclave from "recognizing" a newer enclave. Before we dive deeper. We would like to know if Azure has any solutions for Persisting data between microcode updates to Intel TEEs.</DIV> Fri, 14 Jul 2023 09:30:48 GMT nolasco_napoleao 2023-07-14T09:30:48Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Key-persistence-and-sharing-in-IntelSGX/m-p/1504743#M5811 <DIV class="">We are developing a product build on top of Intel SGX hosted on Azure, we are facing some challenges when it comes to data persistence. We have two requirements:</DIV><OL class=""><LI>The ability to store a persistent secret key, between restarts</LI><LI>The ability to share this key with other enclaves (provided these are signed by the same entity, aka Applied Blockchain), we'll refer to this as forward key sharing.</LI></OL><DIV class="">Our infrastructure is deployed and managed on kubernetes on Azure and as such the concern over network destruction poses a great concern. We've implemented in-house solution to the persistence problem, wherein all enclaves can provision each other assuming they have the same MRENCLAVE, removing the single point of failure. Forward key sharing is harder to achieve due to microcode updates that prevent the enclave from "recognizing" a newer enclave. Before we dive deeper. We would like to know if Azure has any solutions for Persisting data between microcode updates to Intel TEEs.</DIV> Fri, 14 Jul 2023 09:30:48 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Key-persistence-and-sharing-in-IntelSGX/m-p/1504743#M5811 nolasco_napoleao 2023-07-14T09:30:48Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Key-persistence-and-sharing-in-IntelSGX/m-p/1504969#M5812 <P>Hi Nolasco_napoleao,</P><P>Thank you for reaching out to Intel Customer Support.</P><P>&nbsp;</P><P>I'm checking this out and will get back to you soon.</P><P>&nbsp;</P><P>&nbsp;</P><P>Regards,</P><P>Zulkifli</P><BR /> Fri, 14 Jul 2023 21:19:17 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Key-persistence-and-sharing-in-IntelSGX/m-p/1504969#M5812 Zulkifli_Intel 2023-07-14T21:19:17Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Key-persistence-and-sharing-in-IntelSGX/m-p/1508386#M5824 <P>Hi Nolasco_napoleao,</P><P>&nbsp;</P><P>Sorry for the delay in reply. You don't need to worry about sealing and microcode updates in Azure, Microsoft ensures that key blobs from past TCB levels are saved before and restored after a microcode update (aka TCB-Recovery), so anything sealed before the upgrade will be able to be unsealed after.</P><P>&nbsp;</P><P>Please contact&nbsp;<A href="https://azure.microsoft.com/en-us/support/options/" rel="noopener noreferrer" target="_blank">Azure support</A>&nbsp;for further help on using Intel® SGX on Azure.</P><P><BR /></P><P>Sincerely,</P><P>Zulkifli</P><BR /> Wed, 26 Jul 2023 13:30:37 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Key-persistence-and-sharing-in-IntelSGX/m-p/1508386#M5824 Zulkifli_Intel 2023-07-26T13:30:37Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Key-persistence-and-sharing-in-IntelSGX/m-p/1511248#M5834 <P>This thread will no longer be monitored since we have provided a solution. If you need any additional information from Intel, please submit a new question.</P><BR /> Fri, 04 Aug 2023 16:40:00 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Key-persistence-and-sharing-in-IntelSGX/m-p/1511248#M5834 Zulkifli_Intel 2023-08-04T16:40:00Z