- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, all.
I sent below question at https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/734606 .
But it is a little different theme of my question.
So I make another subject.
I understand that the design concept of SGX and TrustZone is a little different.
However, I think these function is almost same.
So my question is that ``can SGX equipped devices attest TrustZone equipped devices?"
#Can Remote Attestation work correctly?
I think this is very typical case of IoT systems.
(Intel CPU is installed in IoT Gateways, and ARM CPU is installed in IoT devices)
I read many journal articles and whitepapers, but I can't find information of it...
Do you have any ideas?
Best regards,
Ryo
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
No,SGX cannot attest ARM TrustZone.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Anusha,
Thank you for your reply.
The reason of it is that ARM TrustZone does not implement the attestation, right?
In other words, if the function of remote attestation is implemented in the TrustZone, can SGX attest the TrustZone equipped device?
Best regards,
Ryo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ryo hamamoto
I think what you said is right. If you write your own code to implementing the functions. You can do what you want. This link
https://software.intel.com/en-us/articles/intel-software-guard-extensions-product-licensing-faq
Said :
I want to run my own attestation service (or infrastructure) rather than use Intel’s. Can I do that?
Yes. If you can securely inject a key into an enclave, you can build an attestation infrastructure atop that. Intel does not prevent this type of development. A downside is that if you need to complete a Trusted Computing Base (TCB) recovery another secure key injection may be required.
But I'm not sure.
Regards
you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi you,
Thank you for your information.
I check your kind reply.
In order to solve my issue, I understand that an implementation of attestation function for TrustZone is required.
Thank you.
Best regards,
Ryo
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page