Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
1216 Discussions

PCK certificate publishing and PCS subscription limitations

Frieder1
Novice
380 Views

Hello,

for my clients use case it is necessary to attest via DCAP to arbitrary 3rd parties that a certain application is running within an SGX enclave. To enable these 3rd parties to do the attestation, we would need to make public the PCK certificate for our owned platforms. Hence the question; Is it allowed to publicaly publish the PCK certificate for owned platforms, or is this in violation with Intels terms?

Another question concerns the PCS subscription. With EPID attestation there are development and production subscriptions and it is required to apply for a Commercial License (https://www.intel.com/content/www/us/en/forms/developer/sgx/commercial-license-request.html) with Intel to retrieve a production subscription. It is not clear to me how this is with the "Intel® Software Guard Extensions Provisioning Certification Service subscription" - do development and production versions exist for this certificate? If so, will we have to apply for a Commercial License to get a production subscription as well? Will different PCK Certificates be returned for development and production subscription keys?

Kind Regards
Frieder

0 Kudos
1 Solution
Scott_R_Intel
Employee
305 Views

Hello Frieder.

 

You don't actually need to publish your platform PCK certs for SGX remote attestation purposes...  the SGX quote actually includes it.  It is part of the Certification Data included as part of the quote.  So, all you need to do is send the quote to a remote relying party/attestor, and then the quote verification libraries can use it...  ie. pull the rest of the required quote verification evidence/collateral directly from Intel PCS.  The latest version of the QCNL allows you to do this.  The attached picture shows one example of this type of use case.  Also, more info on the quote libraries can be can be found in our Quote Library doc.

 

For PCS, we do not require a commercial license signature as we did with IAS.  Be aware, there are the Intel® SGX Services Terms of Use that you must agree to when you "Subscribe" to PCK Cert Services.  This includes the requirement of locally caching the PCK Certs and associated quote generation/verification evidence/collateral of the platforms you own (section 3.1.6.1).  Also, this page describes when a commercial license is required.

 

Hope this helps.

 

Scott

View solution in original post

5 Replies
Scott_R_Intel
Employee
306 Views

Hello Frieder.

 

You don't actually need to publish your platform PCK certs for SGX remote attestation purposes...  the SGX quote actually includes it.  It is part of the Certification Data included as part of the quote.  So, all you need to do is send the quote to a remote relying party/attestor, and then the quote verification libraries can use it...  ie. pull the rest of the required quote verification evidence/collateral directly from Intel PCS.  The latest version of the QCNL allows you to do this.  The attached picture shows one example of this type of use case.  Also, more info on the quote libraries can be can be found in our Quote Library doc.

 

For PCS, we do not require a commercial license signature as we did with IAS.  Be aware, there are the Intel® SGX Services Terms of Use that you must agree to when you "Subscribe" to PCK Cert Services.  This includes the requirement of locally caching the PCK Certs and associated quote generation/verification evidence/collateral of the platforms you own (section 3.1.6.1).  Also, this page describes when a commercial license is required.

 

Hope this helps.

 

Scott

View solution in original post

Frieder1
Novice
282 Views

Hi Scott,

thanks for your informative answer - it certainly helped to clear some pending questions!

However I am still searching for a clear answer to the question whether one can share the enclaves quote (and the PCK cert which - as you state - is part of the quote) with arbitrary 3rd parties, that is, releasing the quote to the public. Imagine here for example the quote being downloadable via HTTP, without prior authentication or requirement to agree to any terms, or similarly, publishing the quote in a public blockchain (such as Ethereum), which is thereby accessible to anyone without restriction.

Having read the Terms of Use that you have shared, I have my doubts whether this is possible. However this is a key requirement for my clients use case, which is why I would like to have a clear statement from Intel about it. Would this be possible?

Kind Regards

Frieder

Scott_R_Intel
Employee
254 Views

Hi again Frieder.

 

There is nothing secret in an SGX quote, and therefore it is perfectly fine to share it in any way your use case may require, publicly or otherwise, even though you used your PCS API key to actually download the cert used when creating the quote.

You are not allowed, however, to share your PCS API subscription key, of course.  Nor can you set up a public facing PCCS that directly serves PCK certs, as this is basically the same as sharing your PCS API key (PCK Certs downloads are the only downloadable evidence that requires the API key).

 

Scott

Frieder1
Novice
229 Views

That is a very clear answer and it helps us a lot. Thanks, Scott!

JesusG_Intel
Moderator
197 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply