Community
cancel
Showing results for 
Search instead for 
Did you mean: 
ryo_hamamoto
Beginner
183 Views

Can SGX attest ARM TrustZone?

Hi, all.

I sent below question at https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/734606 .
But it is a little different theme of my question.
So I make another subject.

I understand that the design concept of SGX and TrustZone is a little different.
However, I think these function is almost same.
So my question is that ``can SGX equipped devices attest TrustZone equipped devices?"
#Can Remote Attestation work correctly?

I think this is very typical case of IoT systems.
(Intel CPU is installed in IoT Gateways, and ARM CPU is installed in IoT devices)

I read many journal articles and whitepapers, but I can't find information of it...
Do you have any ideas?

Best regards,
Ryo

0 Kudos
4 Replies
Anusha_K_Intel
Employee
183 Views

Hi,

No,SGX cannot attest ARM TrustZone.

ryo_hamamoto
Beginner
183 Views

Hi Anusha,

Thank you for your reply.
The reason of it is that ARM TrustZone does not implement the attestation, right?
In other words, if the function of remote attestation is implemented in the TrustZone, can SGX attest the TrustZone equipped device?

Best regards,
Ryo

you_w_
New Contributor III
183 Views

Hi ryo hamamoto

I think what you said is right. If you write your own code to implementing the functions. You can do what you want. This link

https://software.intel.com/en-us/articles/intel-software-guard-extensions-product-licensing-faq

Said :

I want to run my own attestation service (or infrastructure) rather than use Intel’s. Can I do that?

Yes. If you can securely inject a key into an enclave, you can build an attestation infrastructure atop that. Intel does not prevent this type of development. A downside is that if you need to complete a Trusted Computing Base (TCB) recovery another secure key injection may be required.

 But I'm not sure. 

Regards

you

ryo_hamamoto
Beginner
183 Views

Hi you,

Thank you for your information.
I check your kind reply. 

In order to solve my issue, I understand that an implementation of attestation function for TrustZone is required.

Thank you.

Best regards,
Ryo


 

 

Reply