- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If I understand well, the "SGX Software Attestation" process relies on a "Key Generation Facility" and "Provisioning Service", both from Intel.
This is part of Intel SGX Infrastructure Services. So, if I design an Intel based product, I must have connection to Intel "Provisioning Service" via internet in order to validate and get the "Attestation Key" and then be able to setup my Enclave. Is that right?
This will also be necessary every time I have to change BIOS, any SGX based software updates, etc, correct?
It is possible that if someone get those provisioned keys from Intel "Provisioning Service" being able to access my Enclave (assuming that he also has physical access to my hardware product?
Thanks for the information,
Rgds
Marcos
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This is part of Intel SGX Infrastructure Services. So, if I design an Intel based product, I must have connection to Intel "Provisioning Service" via internet in order to validate and get the "Attestation Key" and then be able to setup my Enclave. Is that right?
Yes its correct.
This will also be necessary every time I have to change BIOS, any SGX based software updates, etc, correct?
Yes its correct.
Please go through this document for further reference regarding attestation service:
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page