- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
In the Remote Attestation flow, what is the difference between the Extended GID (returned by sgx_get_extended_epid_group_id) and GID (returned by sgx_ra_get_msg1)?
-Thanks
1 Solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sam,
The extended group ID is used to enable flexible provisioning in SGX SDK 1.6
- If the extended group ID = 0, then Intel is the attestation service for the device. Continue msg1 -> msg4 as normal.
- If the extended group ID != 0, then a third party is providing the attestation service and the system was provisioned by the third party, so the messages need to follow that implementation.
The group ID (GID) in message 1 is the EPID group the device was assigned to in the provisioning process.
Thanks and Reagrds,
Surenthar Selvaraj
Link Copied
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sam,
The extended group ID is used to enable flexible provisioning in SGX SDK 1.6
- If the extended group ID = 0, then Intel is the attestation service for the device. Continue msg1 -> msg4 as normal.
- If the extended group ID != 0, then a third party is providing the attestation service and the system was provisioned by the third party, so the messages need to follow that implementation.
The group ID (GID) in message 1 is the EPID group the device was assigned to in the provisioning process.
Thanks and Reagrds,
Surenthar Selvaraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Surenthar ....
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page