Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Question on Remote attestation Sample Code

Sam5
New Contributor I
788 Views

Hi,

In the Remote Attestation flow, what is the difference between the Extended GID (returned by sgx_get_extended_epid_group_id) and GID (returned by sgx_ra_get_msg1)?

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
788 Views

Hi Sam,

The extended group ID is used to enable flexible provisioning in SGX SDK 1.6 

  • If the extended group ID = 0, then Intel is the attestation service for the device.  Continue msg1 -> msg4 as normal.
  • If the extended group ID != 0, then a third party is providing the attestation service and the system was provisioned by the third party, so the messages need to follow that implementation. 

The group ID (GID) in message 1 is the EPID group the device was assigned to in the provisioning process.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

2 Replies
Surenthar_S_Intel
789 Views

Hi Sam,

The extended group ID is used to enable flexible provisioning in SGX SDK 1.6 

  • If the extended group ID = 0, then Intel is the attestation service for the device.  Continue msg1 -> msg4 as normal.
  • If the extended group ID != 0, then a third party is providing the attestation service and the system was provisioned by the third party, so the messages need to follow that implementation. 

The group ID (GID) in message 1 is the EPID group the device was assigned to in the provisioning process.

Thanks and Reagrds,
Surenthar Selvaraj

Sam5
New Contributor I
788 Views

Thanks Surenthar ....

Reply