Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Question on Remote attestation Sample Code

Sam5
New Contributor I
1,411 Views

Hi,

In the Remote Attestation flow, what is the difference between the Extended GID (returned by sgx_get_extended_epid_group_id) and GID (returned by sgx_ra_get_msg1)?

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
1,411 Views

Hi Sam,

The extended group ID is used to enable flexible provisioning in SGX SDK 1.6 

  • If the extended group ID = 0, then Intel is the attestation service for the device.  Continue msg1 -> msg4 as normal.
  • If the extended group ID != 0, then a third party is providing the attestation service and the system was provisioned by the third party, so the messages need to follow that implementation. 

The group ID (GID) in message 1 is the EPID group the device was assigned to in the provisioning process.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

0 Kudos
2 Replies
Surenthar_S_Intel
1,412 Views

Hi Sam,

The extended group ID is used to enable flexible provisioning in SGX SDK 1.6 

  • If the extended group ID = 0, then Intel is the attestation service for the device.  Continue msg1 -> msg4 as normal.
  • If the extended group ID != 0, then a third party is providing the attestation service and the system was provisioned by the third party, so the messages need to follow that implementation. 

The group ID (GID) in message 1 is the EPID group the device was assigned to in the provisioning process.

Thanks and Reagrds,
Surenthar Selvaraj

0 Kudos
Sam5
New Contributor I
1,411 Views

Thanks Surenthar ....

0 Kudos
Reply