Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Sam5
New Contributor I
202 Views

Question on Remote attestation Sample Code

Jump to solution

Hi,

In the Remote Attestation flow, what is the difference between the Extended GID (returned by sgx_get_extended_epid_group_id) and GID (returned by sgx_ra_get_msg1)?

-Thanks

0 Kudos
1 Solution
202 Views

Hi Sam,

The extended group ID is used to enable flexible provisioning in SGX SDK 1.6 

  • If the extended group ID = 0, then Intel is the attestation service for the device.  Continue msg1 -> msg4 as normal.
  • If the extended group ID != 0, then a third party is providing the attestation service and the system was provisioned by the third party, so the messages need to follow that implementation. 

The group ID (GID) in message 1 is the EPID group the device was assigned to in the provisioning process.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

2 Replies
203 Views

Hi Sam,

The extended group ID is used to enable flexible provisioning in SGX SDK 1.6 

  • If the extended group ID = 0, then Intel is the attestation service for the device.  Continue msg1 -> msg4 as normal.
  • If the extended group ID != 0, then a third party is providing the attestation service and the system was provisioned by the third party, so the messages need to follow that implementation. 

The group ID (GID) in message 1 is the EPID group the device was assigned to in the provisioning process.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

Sam5
New Contributor I
202 Views

Thanks Surenthar ....

Reply