Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Initial SGX provisioning

Alon_J_
Beginner
‎04-18-2016 01:42 AM
1,185 Views
Solved Jump to solution

 

1. Do all SGX-platforms come pre-provisioned with an attestation key?

2. Is provisioning an OEM's responsibility?

3. In case the platform has not been provisioned, the attestation key is lost or in case the attestation key is out of date, How can I conduct the provisioning process to obtain a fresh EPID private key? 

0 Kudos
1 Solution
Derek_B_Intel
Employee
‎04-18-2016 06:05 AM
1,185 Views
Solved Jump to solution

SGX platforms are not pre-provisioned.

Provisioning is triggered as part of the attestation process.  When a SGX client application connects to the application server for the first time, the application server will trigger a challenge to the client to attest (running on a valid SGX client machine as well as verifying the validity of enclave running on the client).

The SGX Platform Software (PSW) running on the client machine will receive a request to generate a quote for the application enclave.  At this point, the PSW detects whether EPID provisioning has occurred and if not, triggers the EPID provisioning process.

In summary, the SGX PSW is responsible for EPID provisioning which is triggered as a result of the 1st attestation on that platform.

View solution in original post

0 Kudos
Copy link

Link Copied

1 Reply
Derek_B_Intel
Employee
‎04-18-2016 06:05 AM
1,186 Views
Solved Jump to solution

SGX platforms are not pre-provisioned.

Provisioning is triggered as part of the attestation process.  When a SGX client application connects to the application server for the first time, the application server will trigger a challenge to the client to attest (running on a valid SGX client machine as well as verifying the validity of enclave running on the client).

The SGX Platform Software (PSW) running on the client machine will receive a request to generate a quote for the application enclave.  At this point, the PSW detects whether EPID provisioning has occurred and if not, triggers the EPID provisioning process.

In summary, the SGX PSW is responsible for EPID provisioning which is triggered as a result of the 1st attestation on that platform.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.