SGx Client to IAS

Mashiro_M_1 · ‎11-13-2016

Hi,

I am trying to learn SGx and am now at understanding Remote Attestation.

Been reading this article and the other references in it: https://software.intel.com/en-us/articles/intel-software-guard-extensions-remote-attestation-end-to-end-example

As I understand, remote attestation is mandatory for an enclave to be usable in a customer's/target client machine. This client machine is connected towards the ISV's Provisioning Server which is then connected towards Intel's IAS... like so:

Client (with attesting SGx enclave) <--------------------> ISV Provisioning Server <-------------------------> Intel IAS

Is this two-tier setup mandatory?

Will it be possible to just have the Client attest directly towards Intel IAS like so? Client (with SGx) <---------------------------> Intel IAS

Please correct me if there is something wrong in my understanding.

Thanks.

Rodolfo_S_ · ‎11-14-2016

Hi, Mashiro.

Remote Attestation is *not* mandatory for an enclave to be usable in a customer's/target client machine.

The purpose of Remote Attestation is to prove to someone else (e.g.: service provider (SP)) that the application it is communicating with is running inside an SGX enclave, and further more, that it is running inside the *correct* SGX enclave. Due to this purpose, it only makes sense that the ISV Provisioning Server (SP) itself communicates with IAS, and not the client enclave being attested, so that the SP can verify that the Attestation Evidence was really sent by IAS, and not faked by a possible attacker.

Cheers,

Rodolfo