- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Is it possible to obtaining a licensed developer certificate for signing security-reviewed, community-developed open source SGX software binary in production mode, and publish it on open source repository like apt or rpm?
Note: I just asked Intel SGX team, they said only verified vendors are able to obtain a certificate and run in production mode. It just like Apple’s App Store, no open source code allowed, right?
Link Copied
1 Reply
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please take a look at this SGX Licensing and Whitelisting FAQ at https://software.intel.com/en-us/articles/intel-software-guard-extensions-product-licensing-faq that may help answer this question.
Here are a few reasons that it documented to ensure a secure trusted computing environment:
"Intel enters into a commercial use license agreement with companies that meet defined development and security standards."
and
"Criteria include a developer’s ability to follow industry secure development practices and confirmation of the type of application being developed (avoiding malware, spyware, or other nuisance software)"
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page