Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
1265 Discussions

Intel SGX developer licensing and open-source software signing

Wang__Heting
Beginner
202 Views

Hello,

Is it possible to obtaining a licensed developer certificate for signing security-reviewed, community-developed open source SGX software binary in production mode, and publish it on open source repository like apt or rpm?

Note: I just asked Intel SGX team, they said only verified vendors are able to obtain a certificate and run in production mode. It just like Apple’s App Store, no open source code allowed, right?

0 Kudos
1 Reply
Hoang_N_Intel
Employee
202 Views

Please take a look at this SGX Licensing and Whitelisting FAQ at https://software.intel.com/en-us/articles/intel-software-guard-extensions-product-licensing-faq that may help answer this question.

Here are a few reasons that it documented to ensure a secure trusted computing environment:

"Intel enters into a commercial use license agreement with companies that meet defined development and security standards."
and
"Criteria include a developer’s ability to follow industry secure development practices and confirmation of the type of application being developed (avoiding malware, spyware, or other nuisance software)"
Reply