Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1448 Discussions

Intel® SGX API (IAS API) version 1 is scheduled to End of Life (EOL) on January 10, 2018

Eleonora_A_Intel
Employee
955 Views

Attestation Service for Intel® Software Guard Extensions (Intel® SGX) API (IAS API) version 1 is scheduled to End of Life (EOL) on January 10, 2018. Version 2 of the IAS API was announced on March 6, 2017, and is fully-documented in the latest version of the IAS API Specification document located HERE. All developers must use version 2 of the IAS API prior to the final EOL date. The deployment schedule is as follows:

  • Non-production development environments will be updated on November 15, 2017
  • Production environments will be updated on January 10, 2018

After the dates indicated above, all calls to the IAS API version 1 will fail. All developers are encouraged to begin using the new version as quickly as possible.

IAS API version 2 includes the following changes:

  1. In API Version 2, the Attestation Verification Report is digitally signed and should be verified against Report Signing Certificate Chain using an Attestation Report Signing CA Certificate, located HERE (please see Section 4.2.3 in API specification for further details).
  2. Version 2 introduced changes in the Verify Attestation Evidence API, particularly a new structure of Attestation Verification Report which includes additional fields (isvEnclaveQuoteBody, pseManifestHash) and simplified pseManifestStatus (please see Section 3.2.3.1 in API specification for further details).
  3. Version 1 of IAS API offered a caching mechanism for the Attestation Verification Reports that were generated by clients of IAS. With version 1, reports were available for 90 days after they were generated. The caching functionality will no longer be available in IAS API version 2. Developer or end users would need to cache attestation reports locally if they are needed (please see Section 3.3 in API specification for further details).  

For more information about Attestation Service for Intel® SGX API, please refer to the API specification, located HERE.

The Attestation Report Signing CA Certificate can be found at:
https://software.intel.com/sites/default/files/managed/7b/de/RK_PUB.zip 

Remote Attestation Example: Intel® Software Guard Extensions Remote Attestation End-to-End Example

For more information on using this material in applications, visit the SGX Resource Library
 

0 Kudos
0 Replies
Reply