Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Another SGX licensing question

glenn_t_
Beginner
628 Views
Is part of being granted a commercial license the issuing of an EPID for remote attestation or is that another process? My understanding is that the development license is just the use of the SDK to build enclave that are not fully protected. To build fully encrypted enclaves we need a commercial license and I am guessing that we need the EPID for the attestation that would go with a "real" enclave. Can we get get an EPID with a lessor (developer) license? If we get a commercial licence is the EPID automatic?
0 Kudos
3 Replies
Anusha_K_Intel
Employee
628 Views

HI,

It is a part of the process.The PvE is responsible for conducting the provisioning process on the platform against Intel’s online provisioning servers. In this process the PvE demonstrates it has a key that Intel put in a real SGX processor and in return, is provisioned with a unique platform attestation key for future remote attestations. Both sides implement the EPID scheme Join protocol; the PvE functions as a new joining member and Intel serves as the group membership Issuer issuing new group membership credentials.

Please refer this article for more information on EPID provisioning:

https://software.intel.com/sites/default/files/managed/ac/40/2016%20WW10%20sgx%20provisioning%20and%20attesatation%20final.pdf

0 Kudos
glenn_t_
Beginner
628 Views

I am a graduate student working with research professors at a university and have two questions.

(1) Can we get a developer licence to build SGX enclaves in release mode?

(2) If we are granted a licence do we need some sort of certification from Intel every time we build a new enclave in release mode, or, will Intel grant us a mechanism to certify without interacting with Intel every time we build a new test product?

Thanks in advance,

Glenn Turner

0 Kudos
glenn_t_
Beginner
627 Views
I am a graduate student working with research professors and have two questions. (1) Can we get a developer license that allows us to build an enclave in Release Mode? (2) If we are granted a licence does Intel need to certify every enclave we build in release mode, or is there a mechanism to have a certificate granting authority, that is do we need to interact with Intel with every new enclave? Thanks in advance, Glenn Turner
0 Kudos
Reply