Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Dual Remote Attestation

Elephant
Beginner
‎11-05-2017 12:52 AM
446 Views

Hi,

In the SGX Developer's Manual, the example code for remote attestation is that the Service Provider need to attest a client enclave before it provisions a secret to that enclave.  If the Service Provider also runs an enclave and that the client would want to attest that enclave, is there a more efficient way to do dual attestation other than going through the remote attestation protocol (msg1-msg4) twice?

Thanks!

Kind Regards,
Elephant

0 Kudos

Link Copied

1 Reply
you_w_
New Contributor III
‎11-05-2017 05:14 PM
446 Views

Hi Elephant:

One way is that service provider get it's quote and sent it to IAS, once get the attestation report SP can save it. If a client need to attest SP, in client side, client can check the  validation of report with intel's public key, and then do the rest processes of remote attestation.

Regards

You

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.