Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Question about IAS

hyunsoo
New Contributor I
‎11-22-2020 05:02 AM
949 Views
Solved Jump to solution

Hi all,

I have two questions about IAS.

1. In remote attestation process, client gives quote to service provider and service provider should pass it to IAS for verification of it.  I was wondering how IAS issue ISV's certificate. What materials are examined by IAS?

2. Is there a official document which describes how to get Intel root public key? I could download Intel root key using a command below.

wget https://certificates.trustedservices.intel.com/Intel_SGX_Attestation_RootCA.pem

However, the problem is that this is found in someone's comment in website. I'd like to check the official document associated about this.

 

Thank you

0 Kudos
1 Solution
JesusG_Intel
Moderator
‎11-24-2020 10:10 AM
903 Views
Solved Jump to solution

Hello Hyunsoo,


From the Intel SGX Licensing FAQ:

 

Why do I have to apply for a commercial use license?

A commercial use license agreement is required to use the Production Services environment endpoints. Intel enters into a commercial use license agreement with companies that meet defined development and security standards. This entitles users of Licensee products utilizing Intel SGX to make certain assumptions about the software they are relying upon.


Regards,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
Copy link

Link Copied

5 Replies
JesusG_Intel
Moderator
‎11-23-2020 09:23 AM
930 Views
Solved Jump to solution

Hello hyunsoo,


The answers to your questions are on this page: https://api.portal.trustedservices.intel.com/EPID-attestation.


Fill out the commercial use license request to receive your SGX commercial license and certificate.


You will also find this in the EPID-attestation page: "Attestation Report Root CA Certificate: DER PEM"


Regards,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎11-23-2020 11:47 AM
923 Views
Solved Jump to solution

Hello Hyunsoo,


I did not answer your first question correctly because I misunderstood the question.


The only thing IAS examines is the quote sent to it by the service provider. The SGX Attestation API Spec contains the information you are looking for - Chapter 4 Data Structures details the Attestation Evidence Payload, which is what the service provider sends to IAS to be verified.


Is this the information you are looking for?


Regards,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
hyunsoo
New Contributor I
‎11-23-2020 05:41 PM
914 Views
Solved Jump to solution
In response to JesusG_Intel

Hi Jesus, Thanks for your kind response.

 

Your answer is helped me and is right what I want to find in this question. However an additional question is made from your first answer.

 

Shortly, I know that ISV should receive the commercial license to luanch their enclave for public. This is because the enclave launched without debug mode is not applicable to memory protection. Due to this reason, we should receive the commercial license to launch our enclave with release mode.

So my question is that why ISV(3rd party developers) should be issued the commercial license by Intel? 

Thank you

In response to JesusG_Intel
0 Kudos
Copy link
JesusG_Intel
Moderator
‎11-24-2020 10:10 AM
904 Views
Solved Jump to solution

Hello Hyunsoo,


From the Intel SGX Licensing FAQ:

 

Why do I have to apply for a commercial use license?

A commercial use license agreement is required to use the Production Services environment endpoints. Intel enters into a commercial use license agreement with companies that meet defined development and security standards. This entitles users of Licensee products utilizing Intel SGX to make certain assumptions about the software they are relying upon.


Regards,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎11-25-2020 10:05 AM
894 Views
Solved Jump to solution

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.