Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

SGX Seal key for attestation

dankoetfman
Novice
‎11-21-2022 09:57 AM
702 Views
Solved Jump to solution

Hello everyone,

I have a question regarding attestation key generation. The question is based for In this paper:

[PDF] Supporting Third Party Attestation for Intel® SGX with Intel® Data Center Attestation Primitives | Semantic Scholar

It is said that the Attestation key is derived from the Seal key of the Enclave. Is this key (Seal Key) derived from Root Sealing Key or is the Seal Key the same as the Root Sealing Key?

Best regards,
Danko

Labels (2)
0 Kudos
1 Solution
Sahira_Intel
Moderator
‎11-21-2022 02:14 PM
681 Views
Solved Jump to solution

Hi Danko,


Sealing keys are derived from Root Sealing Keys (RSK). Root Sealing Keys are randomly generated and burned into e-fuses in processors during the manufacturing process. All residues of this key are erased so that each platform can assume that its RSK is unique.


Sincerely,

Sahira




View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
Sahira_Intel
Moderator
‎11-21-2022 02:14 PM
682 Views
Solved Jump to solution

Hi Danko,


Sealing keys are derived from Root Sealing Keys (RSK). Root Sealing Keys are randomly generated and burned into e-fuses in processors during the manufacturing process. All residues of this key are erased so that each platform can assume that its RSK is unique.


Sincerely,

Sahira




0 Kudos
Copy link
dankoetfman
Novice
‎11-22-2022 03:37 AM
667 Views
Solved Jump to solution
In response to Sahira_Intel

Hi Sahira,

 

Thanks, that is what I was searching for.

 

All the best,

Danko

In response to Sahira_Intel
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.