Community
cancel
Showing results for 
Search instead for 
Did you mean: 
marcos_a_
Beginner
126 Views

Intel Attestation Service

Hi,

If I understand well, the "SGX Software Attestation" process relies on a "Key Generation Facility" and "Provisioning Service", both from Intel.

This is part of Intel SGX Infrastructure Services. So, if I design an Intel based product, I must have connection to Intel "Provisioning Service" via internet in order to validate and get the "Attestation Key" and then be able to setup my Enclave. Is that right?

This will also be necessary every time I have to change BIOS, any SGX based software updates, etc, correct?

It is possible that if someone get those provisioned keys from Intel "Provisioning Service" being able to access my Enclave (assuming that he also has physical access to my hardware product?

Thanks for the information,

Rgds

Marcos

 

 

 

 

 

 

 

 

0 Kudos
1 Reply
Anusha_K_Intel
Employee
126 Views

Hi,

This is part of Intel SGX Infrastructure Services. So, if I design an Intel based product, I must have connection to Intel "Provisioning Service" via internet in order to validate and get the "Attestation Key" and then be able to setup my Enclave. Is that right?

Yes its correct.

This will also be necessary every time I have to change BIOS, any SGX based software updates, etc, correct?

Yes its correct.

Please go through this document for further reference regarding attestation service:

https://software.intel.com/sites/default/files/managed/ac/40/2016%20WW10%20sgx%20provisioning%20and%...

Reply