Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Sam5
New Contributor I
248 Views

Question about Quoting Enclave and Application Enclave

Jump to solution

Hi,

What is the difference between Quoting Enclave and Application Enclave in Attestation Process

-Thanks

0 Kudos
1 Solution
248 Views

Hi Sam,

Application Enclave:

  • Application enclave is developed/owned by the application developer.Application enclave contains application context specific "secret code/data" that needs to be secured.The functionality of the enclave is decided by the application developer.
  • Application developers who are seeking to protect select code and data from disclosure or modification. Intel SGX makes such protections possible through the use of enclaves, which are protected areas of execution. Application code can be put into an enclave by special instructions and software made available to developers via the Intel® SGX SDK. This enclave called as application Enclave developed by application developer.

Quoting Enclave (QE):

  • Quoting enclave is part of Intel SGX platform and it's provided by Intel.It verifies the reports that have been created to its "MRENCLAVE" measurement value and then converts and signs them using a device specific asymmetric key, the Intel EPID key.It's functionality is well defined by the Intel SGX platform developers.
  • SGX uses a quoting enclave to convert LOCAL attestations to REMOTELY verifiable assertion (QUOTE). Quoting Enclave (QE) locally verifies REPORT produced by Application Enclave and signs as a QUOTE. QE uses an asymmetric attestation key that reflects the platforms trustworthiness. App sends Quote to the Relying Party to verify.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

2 Replies
249 Views

Hi Sam,

Application Enclave:

  • Application enclave is developed/owned by the application developer.Application enclave contains application context specific "secret code/data" that needs to be secured.The functionality of the enclave is decided by the application developer.
  • Application developers who are seeking to protect select code and data from disclosure or modification. Intel SGX makes such protections possible through the use of enclaves, which are protected areas of execution. Application code can be put into an enclave by special instructions and software made available to developers via the Intel® SGX SDK. This enclave called as application Enclave developed by application developer.

Quoting Enclave (QE):

  • Quoting enclave is part of Intel SGX platform and it's provided by Intel.It verifies the reports that have been created to its "MRENCLAVE" measurement value and then converts and signs them using a device specific asymmetric key, the Intel EPID key.It's functionality is well defined by the Intel SGX platform developers.
  • SGX uses a quoting enclave to convert LOCAL attestations to REMOTELY verifiable assertion (QUOTE). Quoting Enclave (QE) locally verifies REPORT produced by Application Enclave and signs as a QUOTE. QE uses an asymmetric attestation key that reflects the platforms trustworthiness. App sends Quote to the Relying Party to verify.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

Sam5
New Contributor I
248 Views

Thanks for your information about Enclaves

Reply