- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
What is the difference between Quoting Enclave and Application Enclave in Attestation Process
-Thanks
1 Solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sam,
Application Enclave:
- Application enclave is developed/owned by the application developer.Application enclave contains application context specific "secret code/data" that needs to be secured.The functionality of the enclave is decided by the application developer.
- Application developers who are seeking to protect select code and data from disclosure or modification. Intel SGX makes such protections possible through the use of enclaves, which are protected areas of execution. Application code can be put into an enclave by special instructions and software made available to developers via the Intel® SGX SDK. This enclave called as application Enclave developed by application developer.
Quoting Enclave (QE):
- Quoting enclave is part of Intel SGX platform and it's provided by Intel.It verifies the reports that have been created to its "MRENCLAVE" measurement value and then converts and signs them using a device specific asymmetric key, the Intel EPID key.It's functionality is well defined by the Intel SGX platform developers.
- SGX uses a quoting enclave to convert LOCAL attestations to REMOTELY verifiable assertion (QUOTE). Quoting Enclave (QE) locally verifies REPORT produced by Application Enclave and signs as a QUOTE. QE uses an asymmetric attestation key that reflects the platforms trustworthiness. App sends Quote to the Relying Party to verify.
Thanks and Reagrds,
Surenthar Selvaraj
Link Copied
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sam,
Application Enclave:
- Application enclave is developed/owned by the application developer.Application enclave contains application context specific "secret code/data" that needs to be secured.The functionality of the enclave is decided by the application developer.
- Application developers who are seeking to protect select code and data from disclosure or modification. Intel SGX makes such protections possible through the use of enclaves, which are protected areas of execution. Application code can be put into an enclave by special instructions and software made available to developers via the Intel® SGX SDK. This enclave called as application Enclave developed by application developer.
Quoting Enclave (QE):
- Quoting enclave is part of Intel SGX platform and it's provided by Intel.It verifies the reports that have been created to its "MRENCLAVE" measurement value and then converts and signs them using a device specific asymmetric key, the Intel EPID key.It's functionality is well defined by the Intel SGX platform developers.
- SGX uses a quoting enclave to convert LOCAL attestations to REMOTELY verifiable assertion (QUOTE). Quoting Enclave (QE) locally verifies REPORT produced by Application Enclave and signs as a QUOTE. QE uses an asymmetric attestation key that reflects the platforms trustworthiness. App sends Quote to the Relying Party to verify.
Thanks and Reagrds,
Surenthar Selvaraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your information about Enclaves
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page