Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1485 Discussions

FIPS or CC validation

Lauritzsen__Roar
Beginner
‎02-11-2020 06:18 AM
1,849 Views

Is Intel aware of or currently involved in any effort to validate or certify SGX according to formal specifications such as FIPS 140 or Common Criteria? We are faced with customers who would value such validation, and we are wondering if anything can be said along those lines.

0 Kudos

Link Copied

1 Reply
JesusG_Intel
Moderator
‎02-12-2020 08:45 AM
1,849 Views

Hello Roar,

FIPS and the like don’t certify instructions or Trusted Execution Environments like SGX provides. They certify crypto algorithms and functions at the lower levels and even hardware components (chassis intrusion detection, environmental conditions or fluctuations, even protections against radiation/EMP) at the upper levels.  Some orgs have used SGX and gotten FIPS 140-2 certifications, e.g. WolfSSL and Fortanix, using SGX, but you can’t actually get a FIPS certification for SGX itself.  This Wiki has a good description.

Regards,

Jesus

Intel Customer Support

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.