- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello everyone,
I am developing a system using eHSM-KMS.
In the process, I am currently having trouble understanding how the remote attestation works.
I have added logs to the eHSM-KMS source code to investigate remote attestation,
The only thing I could figure out is that it is using SSL communication between DkeyServer and DkeyCache using OpenSSH.
We also could only find that the self-certification function (tee_get_certificate_with_evidence) generated an error (SGX_OL_NETWORK_ERROR:0xe019) when the PCCS server did not exist.
What kind of communication is going on between PCCServer, DkeyServer and DkeyCache?
What I would like to know is as follows.
When does eHSM-KMS communicate with the PCCS server?
What is passed when communicating with the PCCServer and what is obtained as a result?
Regards,.
T_Tsuga
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
generally, attestation is the process of demonstrating that a software executable has been properly instantiated on a platform that allows a remote party to gain confidence that the intended software is securely running within an enclave on a fully patched, Intel SGX enabled platform.
This GitHub page has explanation of an End-to-End Distributed and Scalable Cloud KMS (Key Management System) built on top of Intel SGX enclave-based HSM (Hardware Security Module), aka eHSM. This might help to answer your question.
Cordially,
Iffa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Iffa_Intel,
Thank you for your answer.
I checked the site you mentioned.
I understood that this is also a product of Intel Corporation.
I would like to ask some questions about this eHSM-KMS.
If you know, please let me know if there is an appropriate contact for this.
Regards, T_Tsuga
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
While EHSM is an Intel product, the support team on the EHSM Github is the appropriate contact to answer your questions. You can open a Github Issues thread here: https://github.com/intel/ehsm/issues
Cordially,
Iffa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Intel will no longer monitor this thread since we have provided a solution. If you need any additional information from Intel, please submit a new question.
Cordially,
Iffa
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page