Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Does Intel know the Root Seal Key?

essencejay
Beginner
906 Views

According to the paper “ww10-2016-sgx-provisioning-and-attestation-final” ,  the SGX Key Hierarchy is shown below.  I want to confirm whether Intel knows the Root Seal Key. The Root Seal Key is created during processor manufacturing and is not retained by Intel.  But Intel is also a chip maker. So, who is the processor manufacturer?  how to ensure the privacy of the Root Seal Key?

By the way, I would like to clarify how much memory space SGX currently supports. 64G?

捕获.PNG

0 Kudos
1 Solution
JesusG_Intel
Moderator
878 Views

Hello essencejay,

 

Intel is the processor manufacturer and does not keep the root seal key. The keys are randomly generated and burned into e-fuses in processors during the manufacturing process. After burning the root seal key, Intel completely removes any traces of the key from its systems. This ensures that only the SGX platform knows its own root seal key, which is burned in the processor and nowhere else.

 

Most platforms have either 128 MB or 256 MB of EPC. The exception is 3rd Generation Intel® Xeon® Scalable processors, which each support 512GB of EPC size, adding up to 1TB on a two-socket platform.

 

Sincerely,

Jesus G.

Intel Customer Support

 

View solution in original post

2 Replies
JesusG_Intel
Moderator
879 Views

Hello essencejay,

 

Intel is the processor manufacturer and does not keep the root seal key. The keys are randomly generated and burned into e-fuses in processors during the manufacturing process. After burning the root seal key, Intel completely removes any traces of the key from its systems. This ensures that only the SGX platform knows its own root seal key, which is burned in the processor and nowhere else.

 

Most platforms have either 128 MB or 256 MB of EPC. The exception is 3rd Generation Intel® Xeon® Scalable processors, which each support 512GB of EPC size, adding up to 1TB on a two-socket platform.

 

Sincerely,

Jesus G.

Intel Customer Support

 

JesusG_Intel
Moderator
848 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Reply