Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

ISV enclave signing key and ISV remote attestation keys with the IAS

jamason
Beginner
‎01-20-2018 03:30 AM
760 Views

the enclave ISV needs to have his signing key whitelisted with Intel by going through a business licence agreement process. Can the ISV singing key be self signed (and well protected in an HSM ) or should it be signed by a trusted CA?

  • what is a whitelist? is it a certificate for the public key of the ISV signing key?
  • Does the signing business agreement also include acccess to the IAS production server? and hence can we consider that the whitelisted signing key is always the same as the key used to interact with IAS production server?

thanks

0 Kudos

Link Copied

1 Reply
Hoang_N_Intel
Employee
‎02-01-2018 11:27 AM
760 Views

Please take a look at this whitepaper. It provides more details on how the whitelist process works.

https://software.intel.com/sites/default/files/managed/78/4a/overview-signing-whitelisting-intel-sgx-enclaves.pdf

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.