Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

How to derive the PCK from the platform key?

ffffffff
Beginner
‎05-31-2022 02:43 AM
935 Views
Solved Jump to solution

Simulation has a derive process from BASE_PROVISIONING_KEY to (simulated) PCK. Now there are three methods to derive the PCK in difference scenario:

  1. On Single-Package Platform, PCK is derived from SGX provisioning root key;
  2. On Multi-socket platform, PCK is derived from Platform root key which was encrypted by RSEK in Platform manifest;
  3. On Simulation Platform, PCK is derived from BASE_PROVISION_KEY.
    Is that right? If it's right, do they have same derive algorithm, and the SGX provisioning root key, Platform root key,BASE_PROVISION_KEY play the same role in the derive process ?
0 Kudos
1 Solution
Sahira_Intel
Moderator
‎06-01-2022 09:59 AM
907 Views
Solved Jump to solution

Hi,


I believe you have opened a Github thread for this topic already: https://github.com/intel/SGXDataCenterAttestationPrimitives/issues/233


The short answer however is that Simulation mode derivations are not the same as the real ones, and the real ones are not public.


Thanks,

Sahira


View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
Sahira_Intel
Moderator
‎06-01-2022 09:59 AM
908 Views
Solved Jump to solution

Hi,


I believe you have opened a Github thread for this topic already: https://github.com/intel/SGXDataCenterAttestationPrimitives/issues/233


The short answer however is that Simulation mode derivations are not the same as the real ones, and the real ones are not public.


Thanks,

Sahira


0 Kudos
Copy link
ffffffff
Beginner
‎06-01-2022 06:00 PM
888 Views
Solved Jump to solution
In response to Sahira_Intel

OK. Thanks for your reply.

In response to Sahira_Intel
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.