Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Remote Attestation Hybrid

Criston__Anna
New Contributor I
1,272 Views
Hi! I was wondering if there is any way of passing data from a not SGX-capable machine to an SGX-capable machine enclave without having the data go through the untrusted memory of the SGX machine.
I've searched around but could not find any projects on that. I know that remote attestation works for 2 SGX-capable machines to pass data from trusted memory to trusted memory. Is there any way to pass data from the untrusted memory of a not SGX-capable machine directly to the trusted memory of an SGX-capable machine (and vice versa)?

Thank you.
0 Kudos
1 Solution
ChrisB_Intel
Moderator
1,252 Views

A relying party/remote server (not required at all to be SGX enabled) that attests a remote SGX enabled platform/enclave.  It can then set up a secure channel to pass secrets directly in to the enclave memory. The secret is never in the clear between the relying party and the remote SGX enclave. 


Please take a look at the links below:


https://software.intel.com/content/www/us/en/develop/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example.html

https://github.com/intel/sgx-ra-sample



View solution in original post

0 Kudos
2 Replies
ChrisB_Intel
Moderator
1,253 Views

A relying party/remote server (not required at all to be SGX enabled) that attests a remote SGX enabled platform/enclave.  It can then set up a secure channel to pass secrets directly in to the enclave memory. The secret is never in the clear between the relying party and the remote SGX enclave. 


Please take a look at the links below:


https://software.intel.com/content/www/us/en/develop/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example.html

https://github.com/intel/sgx-ra-sample



0 Kudos
JesusG_Intel
Moderator
1,236 Views

This thread will no longer be monitored since we have provided a solution. If you need any additional information from Intel, please submit a new question.


0 Kudos
Reply