Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1370 Discussions

Question about Quoting Enclave and Application Enclave

Sam5
New Contributor I
‎07-21-2016 10:14 PM
821 Views
Solved Jump to solution

Hi,

What is the difference between Quoting Enclave and Application Enclave in Attestation Process

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
Employee
‎07-21-2016 11:10 PM
821 Views
Solved Jump to solution

Hi Sam,

Application Enclave:

  • Application enclave is developed/owned by the application developer.Application enclave contains application context specific "secret code/data" that needs to be secured.The functionality of the enclave is decided by the application developer.
  • Application developers who are seeking to protect select code and data from disclosure or modification. Intel SGX makes such protections possible through the use of enclaves, which are protected areas of execution. Application code can be put into an enclave by special instructions and software made available to developers via the Intel® SGX SDK. This enclave called as application Enclave developed by application developer.

Quoting Enclave (QE):

  • Quoting enclave is part of Intel SGX platform and it's provided by Intel.It verifies the reports that have been created to its "MRENCLAVE" measurement value and then converts and signs them using a device specific asymmetric key, the Intel EPID key.It's functionality is well defined by the Intel SGX platform developers.
  • SGX uses a quoting enclave to convert LOCAL attestations to REMOTELY verifiable assertion (QUOTE). Quoting Enclave (QE) locally verifies REPORT produced by Application Enclave and signs as a QUOTE. QE uses an asymmetric attestation key that reflects the platforms trustworthiness. App sends Quote to the Relying Party to verify.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
Surenthar_S_Intel
Employee
‎07-21-2016 11:10 PM
822 Views
Solved Jump to solution

Hi Sam,

Application Enclave:

  • Application enclave is developed/owned by the application developer.Application enclave contains application context specific "secret code/data" that needs to be secured.The functionality of the enclave is decided by the application developer.
  • Application developers who are seeking to protect select code and data from disclosure or modification. Intel SGX makes such protections possible through the use of enclaves, which are protected areas of execution. Application code can be put into an enclave by special instructions and software made available to developers via the Intel® SGX SDK. This enclave called as application Enclave developed by application developer.

Quoting Enclave (QE):

  • Quoting enclave is part of Intel SGX platform and it's provided by Intel.It verifies the reports that have been created to its "MRENCLAVE" measurement value and then converts and signs them using a device specific asymmetric key, the Intel EPID key.It's functionality is well defined by the Intel SGX platform developers.
  • SGX uses a quoting enclave to convert LOCAL attestations to REMOTELY verifiable assertion (QUOTE). Quoting Enclave (QE) locally verifies REPORT produced by Application Enclave and signs as a QUOTE. QE uses an asymmetric attestation key that reflects the platforms trustworthiness. App sends Quote to the Relying Party to verify.

Thanks and Reagrds,
Surenthar Selvaraj

0 Kudos
Copy link
Sam5
New Contributor I
‎07-21-2016 11:22 PM
821 Views
Solved Jump to solution

Thanks for your information about Enclaves

0 Kudos
Copy link
Reply

For more complete information about compiler optimizations, see our Optimization Notice.