Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Intel Attestation Service

marcos_a_
Beginner
340 Views

Hi,

If I understand well, the "SGX Software Attestation" process relies on a "Key Generation Facility" and "Provisioning Service", both from Intel.

This is part of Intel SGX Infrastructure Services. So, if I design an Intel based product, I must have connection to Intel "Provisioning Service" via internet in order to validate and get the "Attestation Key" and then be able to setup my Enclave. Is that right?

This will also be necessary every time I have to change BIOS, any SGX based software updates, etc, correct?

It is possible that if someone get those provisioned keys from Intel "Provisioning Service" being able to access my Enclave (assuming that he also has physical access to my hardware product?

Thanks for the information,

Rgds

Marcos

 

 

 

 

 

 

 

 

0 Kudos
1 Reply
Anusha_K_Intel
Employee
340 Views

Hi,

This is part of Intel SGX Infrastructure Services. So, if I design an Intel based product, I must have connection to Intel "Provisioning Service" via internet in order to validate and get the "Attestation Key" and then be able to setup my Enclave. Is that right?

Yes its correct.

This will also be necessary every time I have to change BIOS, any SGX based software updates, etc, correct?

Yes its correct.

Please go through this document for further reference regarding attestation service:

https://software.intel.com/sites/default/files/managed/ac/40/2016%20WW10%20sgx%20provisioning%20and%...

Reply