- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are developing a product build on top of Intel SGX hosted on Azure, we are facing some challenges when it comes to data persistence. We have two requirements:
- The ability to store a persistent secret key, between restarts
- The ability to share this key with other enclaves (provided these are signed by the same entity, aka Applied Blockchain), we'll refer to this as forward key sharing.
Our infrastructure is deployed and managed on kubernetes on Azure and as such the concern over network destruction poses a great concern. We've implemented in-house solution to the persistence problem, wherein all enclaves can provision each other assuming they have the same MRENCLAVE, removing the single point of failure. Forward key sharing is harder to achieve due to microcode updates that prevent the enclave from "recognizing" a newer enclave. Before we dive deeper. We would like to know if Azure has any solutions for Persisting data between microcode updates to Intel TEEs.
Link Copied
3 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Nolasco_napoleao,
Thank you for reaching out to Intel Customer Support.
I'm checking this out and will get back to you soon.
Regards,
Zulkifli
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Nolasco_napoleao,
Sorry for the delay in reply. You don't need to worry about sealing and microcode updates in Azure, Microsoft ensures that key blobs from past TCB levels are saved before and restored after a microcode update (aka TCB-Recovery), so anything sealed before the upgrade will be able to be unsealed after.
Please contact Azure support for further help on using Intel® SGX on Azure.
Sincerely,
Zulkifli
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This thread will no longer be monitored since we have provided a solution. If you need any additional information from Intel, please submit a new question.
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page