Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

SGX Seal key for attestation

dankoetfman
Novice
690 Views

Hello everyone,

I have a question regarding attestation key generation. The question is based for In this paper:

[PDF] Supporting Third Party Attestation for Intel® SGX with Intel® Data Center Attestation Primitives | Semantic Scholar

It is said that the Attestation key is derived from the Seal key of the Enclave. Is this key (Seal Key) derived from Root Sealing Key or is the Seal Key the same as the Root Sealing Key?

Best regards,
Danko

Labels (2)
0 Kudos
1 Solution
Sahira_Intel
Moderator
669 Views

Hi Danko,


Sealing keys are derived from Root Sealing Keys (RSK). Root Sealing Keys are randomly generated and burned into e-fuses in processors during the manufacturing process. All residues of this key are erased so that each platform can assume that its RSK is unique.


Sincerely,

Sahira




View solution in original post

0 Kudos
2 Replies
Sahira_Intel
Moderator
670 Views

Hi Danko,


Sealing keys are derived from Root Sealing Keys (RSK). Root Sealing Keys are randomly generated and burned into e-fuses in processors during the manufacturing process. All residues of this key are erased so that each platform can assume that its RSK is unique.


Sincerely,

Sahira




0 Kudos
dankoetfman
Novice
655 Views

Hi Sahira,

 

Thanks, that is what I was searching for.

 

All the best,

Danko

0 Kudos
Reply