Community
cancel
Showing results for 
Search instead for 
Did you mean: 
265 Views

Generation of root certificate and PCK Certificate in DCAP remote authentication

Jump to solution

How is the root secret key and PCK secret key generated in DCAP remote authentication,and How are root certificates and PCK certificates generated in DCAP remote authentication?

0 Kudos
1 Solution
JesusG_Intel
Moderator
156 Views

Hello enclave_research,


The Introduction and Terminology sections of this paper, Remote Attestation for Multipackage Platforms using Intel SGX DCAP, will shed more light on your questions. This is all the information we have at this moment.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

5 Replies
JesusG_Intel
Moderator
237 Views

Hello enclave_Research,

 

The DCAP Orientation Guide  and the Intel SGX PCK Certificate CRL Spec contain all of the information you need.

 

The basic steps to receive the PCK certs from the Intel Attestation Service are:

  1. Subscribe at the ECDSA Attestation Service to be able to receive and cache the PCK certs.
  2. Setup Intel SGX DCAP environment.
  3. Build and install the Provisioning Certificate Caching Service (PCCS)
  4. Generate pckid_retrieval.csv
  5. Run PCKIDRetrievalTool to download and cache the certs into your PCCS.

The QuoteGeneration Sample shows how to get the cert data from the quote.

 

Sincerely,

Jesus G.

Intel Customer Support

 

218 Views

@JesusG_Intel 

Hello!I know how to retrieve the PCK certificate. I want to know where, when and how the Intel root certificate and PCK certificate are generated? Thanks for your answer.

JesusG_Intel
Moderator
175 Views

Hello enclave_research,


This DCAP paper has more technical details on the certs. I am checking with my resources if we can provide more specific information, but that information may not be publicly disclosable.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
157 Views

Hello enclave_research,


The Introduction and Terminology sections of this paper, Remote Attestation for Multipackage Platforms using Intel SGX DCAP, will shed more light on your questions. This is all the information we have at this moment.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

JesusG_Intel
Moderator
108 Views

Hello enclave_research,


Do you still need help with this issue?


Sincerely,

Jesus G.

Intel Customer Support


Reply