Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Novice
34 Views

Query about CPUSVN (and remote attestation)

Hey,
 

I am inquiring about the CPUSVN number that is provided as part of the remote attestation digest of an enclave. In particular, I wanted to know if this number is unique for every processor or two different processors (with similar microcode update versions) can have the same CPUSVN?

For example, if I have two processors of the same model, with the same microcode update and running the exact same enclave, can I differentiate between their remote attestation digests, just by looking at the CPUSVN? I am assuming that they will be signed by two different attestation keys but only Intel can verify the attestation keys, and presumably differentiate between them. Is such a feat  possible for the enclave developer.

Thanks!

Adil

Tags (1)
0 Kudos
1 Reply
Highlighted
Moderator
34 Views

Hello Adil,

The CPUSVN cannot be used to differentiate between processors since processors of the same Family-Model-Stepping-PlatformID can have the same CPUSVN. 

You have a few options to differentiate, depending on the use case. You could generate a random/unique identifier (ie. GUID) and put it in the report_data field of the report_body before sending up to the relying party which would store it to differentiate, or the relying party could provision something similar down to the enclave after successful attestation and a secure channel is set up.

I hope this helps.

Regards,

Jesus

Intel Customer Support

Jesus Garcia, Intel Customer Support
0 Kudos