Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Wang__Heting
Beginner
87 Views

Intel SGX developer licensing and open-source software signing

Hello,

Is it possible to obtaining a licensed developer certificate for signing security-reviewed, community-developed open source SGX software binary in production mode, and publish it on open source repository like apt or rpm?

Note: I just asked Intel SGX team, they said only verified vendors are able to obtain a certificate and run in production mode. It just like Apple’s App Store, no open source code allowed, right?

0 Kudos
1 Reply
Hoang_N_Intel
Employee
87 Views

Please take a look at this SGX Licensing and Whitelisting FAQ at https://software.intel.com/en-us/articles/intel-software-guard-extensions-product-licensing-faq that may help answer this question.

Here are a few reasons that it documented to ensure a secure trusted computing environment:

"Intel enters into a commercial use license agreement with companies that meet defined development and security standards."
and
"Criteria include a developer’s ability to follow industry secure development practices and confirmation of the type of application being developed (avoiding malware, spyware, or other nuisance software)"
Reply