Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Intel Attestation Service

marcos_a_
Beginner
‎05-09-2017 02:22 PM
684 Views

Hi,

If I understand well, the "SGX Software Attestation" process relies on a "Key Generation Facility" and "Provisioning Service", both from Intel.

This is part of Intel SGX Infrastructure Services. So, if I design an Intel based product, I must have connection to Intel "Provisioning Service" via internet in order to validate and get the "Attestation Key" and then be able to setup my Enclave. Is that right?

This will also be necessary every time I have to change BIOS, any SGX based software updates, etc, correct?

It is possible that if someone get those provisioned keys from Intel "Provisioning Service" being able to access my Enclave (assuming that he also has physical access to my hardware product?

Thanks for the information,

Rgds

Marcos

 

 

 

 

 

 

 

 

0 Kudos

Link Copied

1 Reply
Anusha_K_Intel
Employee
‎05-10-2017 05:58 AM
684 Views

Hi,

This is part of Intel SGX Infrastructure Services. So, if I design an Intel based product, I must have connection to Intel "Provisioning Service" via internet in order to validate and get the "Attestation Key" and then be able to setup my Enclave. Is that right?

Yes its correct.

This will also be necessary every time I have to change BIOS, any SGX based software updates, etc, correct?

Yes its correct.

Please go through this document for further reference regarding attestation service:

https://software.intel.com/sites/default/files/managed/ac/40/2016%20WW10%20sgx%20provisioning%20and%20attesatation%20final.pdf

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.