the enclave ISV needs to have his signing key whitelisted with Intel by going through a business licence agreement process. Can the ISV singing key be self signed (and well protected in an HSM ) or should it be signed by a trusted CA?
- what is a whitelist? is it a certificate for the public key of the ISV signing key?
- Does the signing business agreement also include acccess to the IAS production server? and hence can we consider that the whitelisted signing key is always the same as the key used to interact with IAS production server?
Please take a look at this whitepaper. It provides more details on how the whitelist process works.