https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1546671#M6028 <P>Hi,</P><P><BR /></P><P>generally, attestation is the process of demonstrating that a software executable has been properly instantiated on a platform that allows a remote party to gain confidence that the intended software is securely running within an enclave on a fully patched, Intel SGX enabled platform.</P><P>&nbsp;</P><P>This&nbsp;<A href="https://github.com/intel/ehsm/tree/main" rel="noopener noreferrer" target="_blank">GitHub page</A>&nbsp;has explanation of an End-to-End Distributed and Scalable Cloud KMS (Key Management System) built on top of Intel SGX enclave-based HSM (Hardware Security Module), aka eHSM. This might help to answer your question.</P><P>&nbsp;</P><P><BR /></P><P>Cordially,</P><P>Iffa</P><BR /> Thu, 23 Nov 2023 01:11:46 GMT Iffa_Intel 2023-11-23T01:11:46Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1545983#M6023 <P>Hello everyone,</P><P>&nbsp;</P><P>&nbsp; I am developing a system using eHSM-KMS.</P><P>&nbsp; In the process, I am currently having trouble understanding how the remote attestation works.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp; I have added logs to the eHSM-KMS source code to investigate remote attestation,<BR />&nbsp; The only thing I could figure out is that it is using SSL communication between DkeyServer and DkeyCache using OpenSSH.</P><P>&nbsp; We also could only find that the self-certification function (tee_get_certificate_with_evidence) generated an error (SGX_OL_NETWORK_ERROR:0xe019) when the PCCS server did not exist.</P><P>&nbsp; What kind of communication is going on between PCCServer, DkeyServer and DkeyCache?</P><P>&nbsp;</P><P>&nbsp; What I would like to know is as follows.<BR />&nbsp; &nbsp; &nbsp;When does eHSM-KMS communicate with the PCCS server?<BR />&nbsp; &nbsp; &nbsp;What is passed when communicating with the PCCServer and what is obtained as a result?<BR />　　<BR />　Regards,.<BR />　T_Tsuga</P><P>&nbsp;</P> Tue, 21 Nov 2023 11:54:44 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1545983#M6023 T_Tsuga 2023-11-21T11:54:44Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1546671#M6028 <P>Hi,</P><P><BR /></P><P>generally, attestation is the process of demonstrating that a software executable has been properly instantiated on a platform that allows a remote party to gain confidence that the intended software is securely running within an enclave on a fully patched, Intel SGX enabled platform.</P><P>&nbsp;</P><P>This&nbsp;<A href="https://github.com/intel/ehsm/tree/main" rel="noopener noreferrer" target="_blank">GitHub page</A>&nbsp;has explanation of an End-to-End Distributed and Scalable Cloud KMS (Key Management System) built on top of Intel SGX enclave-based HSM (Hardware Security Module), aka eHSM. This might help to answer your question.</P><P>&nbsp;</P><P><BR /></P><P>Cordially,</P><P>Iffa</P><BR /> Thu, 23 Nov 2023 01:11:46 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1546671#M6028 Iffa_Intel 2023-11-23T01:11:46Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1547045#M6031 <P>Hello Iffa_Intel,<BR />　<BR />　Thank you for your answer.<BR />　I checked the site you mentioned.<BR />　I understood that this is also a product of Intel Corporation.<BR />　I would like to ask some questions about this eHSM-KMS.<BR />　If you know, please let me know if there is an appropriate contact for this.<BR />　　<BR />Regards, T_Tsuga</P> Fri, 24 Nov 2023 05:32:13 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1547045#M6031 T_Tsuga 2023-11-24T05:32:13Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1548096#M6038 <P>Hi,</P><P><BR /></P><P>While EHSM is an Intel product, the support team on the EHSM Github is the appropriate contact to answer your questions. You can open a Github Issues thread here:&nbsp;<A href="https://github.com/intel/ehsm/issues" rel="noopener noreferrer" target="_blank">https://github.com/intel/ehsm/issues</A></P><P><BR /></P><P><BR /></P><P>Cordially,</P><P>Iffa</P><BR /> Tue, 28 Nov 2023 01:02:18 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1548096#M6038 Iffa_Intel 2023-11-28T01:02:18Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1549424#M6052 <P>Hi,</P><P><BR /></P><P><SPAN style="font-family: Calibri, sans-serif; font-size: 11pt;">Intel will no longer monitor this thread since we have provided a solution.&nbsp;If you need any additional information from Intel, please submit a new question.&nbsp;</SPAN></P><P><BR /></P><P><SPAN style="font-family: Calibri, sans-serif; font-size: 11pt;">Cordially,</SPAN></P><P><SPAN style="font-family: Calibri, sans-serif; font-size: 11pt;">Iffa</SPAN></P><BR /> Fri, 01 Dec 2023 00:20:47 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/eHSM-KMS-How-is-the-remote-attestation-realized/m-p/1549424#M6052 Iffa_Intel 2023-12-01T00:20:47Z