Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1427 Discussions

Trusted Computing Base (TCB), Provisioning Certification Service (PCS), and DCAP

Hemdal__Emil
Beginner
‎04-22-2020 06:10 AM
781 Views
Solved Jump to solution
In the product brief for DCAP, the Intel SGX PCS part talks about the API and that TCB information can be fetched. What is this TCB information in this context and what is it used for? TCB for me is the limited codebase running inside the enclave.
0 Kudos
1 Solution
JesusG_Intel
Moderator
‎04-23-2020 10:35 AM
781 Views
Solved Jump to solution

Hello Emil,

There are two types of TCB.

  1. Trusted Cose Base, which is, like you said, essentially the limited codebase running inside the enclave.
  2. Trusted Computing Base, which includes platform-specific information related to the CPU microcode. This TCB is used by DCAP to ensure that the platform that the enclave is running on is indeed a trusted platform. The TCB is an important part of the attestation process. I recommend you read the Intel SGX ECDSA QuoteLibReference_DCAP_API.pdf which contains more info on how the TCB is used.

Regards,

Jesus

View solution in original post

0 Kudos
Copy link

Link Copied

3 Replies
JesusG_Intel
Moderator
‎04-23-2020 10:35 AM
782 Views
Solved Jump to solution

Hello Emil,

There are two types of TCB.

  1. Trusted Cose Base, which is, like you said, essentially the limited codebase running inside the enclave.
  2. Trusted Computing Base, which includes platform-specific information related to the CPU microcode. This TCB is used by DCAP to ensure that the platform that the enclave is running on is indeed a trusted platform. The TCB is an important part of the attestation process. I recommend you read the Intel SGX ECDSA QuoteLibReference_DCAP_API.pdf which contains more info on how the TCB is used.

Regards,

Jesus

0 Kudos
Copy link
Hemdal__Emil
Beginner
‎04-24-2020 04:31 AM
781 Views
Solved Jump to solution
Thank you for your answer Jesus! The naming is a little unfortunate. While reading in the QuoteLibReference document I noticed on page 6 that TCB (Trusted Computing Base) can potentially be called HW TCB or Provisioning TCB. I'm currently writing a paper about Intel SGX and I feel that using either Provisioning TCB or HW TCB in the paper not to confuse it with TCB (Trusted Code Base) is a good idea. Which would be more correct? Best regards, Emil Hemdal
0 Kudos
Copy link
JesusG_Intel
Moderator
‎04-24-2020 09:29 AM
781 Views
Solved Jump to solution

Hello Emil,

It all depends on the context in which you use the term TCB. You should be fine using either term as long as you clearly define the term the first time you use it then use the term consistently. Also, see how each term is used in other papers and try to be consistent with them. Good luck on your paper!

Regards,

Jesus

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.