Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Problems in understanding DCAP


Hello, I have already read the documentation and looked at the sample code, but I still have basic understanding problems with DCAP. I do not quite understand the interaction or the extension by PCE.

Every platform has a PCK private key. With various information you can get a suitable certificate with chain and CRLs from the Provisioning Certification Service. I know that the PCE signs the QE with the PCK private key and that the signature can be verified later with the chain and the certificate. 

So far so good. To what extent do QE and PCE work together to create a Quote? How which information is written to the Quote, which is later necessary for verification? What about original Attestation Key?

I quote from the API documentation [0]:

For Intel® SGX DCAP, the QE will generate the ECDSA Attestation Key (AK) and include a hash of the AK in the QE.REPORT.ReportData


This PCE certification data will ultimately be embedded in the ECDSA Quote generated by the QE.

Which "PCE certification data"?

The AK is then used to signed application enclave Reports to prove that the enclave is running with Intel® SGX protections at a given TCB. This is called the ECDSA Quote. The Attestation infrastructure owner can verify the ECDSA attestation key using the PCK Certificate

What is the connection between AK and PCK-Cert?


0 Kudos
1 Reply

Hello Lennard, the SGX Explained document has a thorough explanation of this process in section 5.8 and its subsections. I highly recommend you read it.


0 Kudos