已解決：whether attestation services are available on my processor

maxdd · ‎01-17-2022

It mentions in the following url that ECDSA and EPID attestation are only available on selected processors. I am using 'Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz' and I am wondering if those attestation services are available on my processor? Thanks for your help!

https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html

JesusG_Intel · ‎01-19-2022

Hello maxdd,

I apologize for misinterpreting your question. Junli, thanks for jumping in. To add more context...

To support ECDSA attestation, the processor needs to support SGX Flexible Launch Control (FLC). Unfortunately, there is no easy way to determine if an SGX processor also supports FLC but this article provides guidance: Which Platforms Support Intel® Software Guard Extensions (Intel® SGX) Datacenter Attestation Primitives (DCAP) and Flexible Launch Control (FLC)?

For EPID, all processors to date including client Intel Core and Xeon E WS/Server that have SGX all support EPID. Only the 3rd Generation Xeon Scalable (ICX) and all future Scalables will not support EPID. 3rd Generation Intel Xeon Scalable (ICX) and all future Intel Xeon Scalable processors will support only ECDSA/DCAP.

Regards,

Jesus G.

Intel Customer Support

在原始文章中檢視解決方案

JesusG_Intel · ‎01-18-2022

Hello max max,

Your processor, Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GH (navigate to the Security and Reliability section of the page), supports SGX and can be attested remotely by a service provider using Intel Attestation Service.

This article, Where is a List of Processors that Support Intel® Software Guard Extensions (Intel® SGX)?, describes how to find out if your processor supports SGX, which is necessary for remote attestation.

Regards,

Jesus G.

Intel Customer Support

maxdd · ‎01-18-2022

Thanks for the reply.

I know my processor supports SGX. But where can I find if it supports Intel Attestation Service?

Or do all processors supporting SGX also support Intel Attestation Service (both ECDSA and EPID attestation)?

Junli_S_Intel · ‎01-18-2022

Your E3 processor should support both ECDSA and EPID attestation. Not all processors supporting SGX support both ECDSA and EPID attestation.

Current ICX-SP doesn't support EPID attestation

JesusG_Intel · ‎01-19-2022

Hello maxdd,

I apologize for misinterpreting your question. Junli, thanks for jumping in. To add more context...

To support ECDSA attestation, the processor needs to support SGX Flexible Launch Control (FLC). Unfortunately, there is no easy way to determine if an SGX processor also supports FLC but this article provides guidance: Which Platforms Support Intel® Software Guard Extensions (Intel® SGX) Datacenter Attestation Primitives (DCAP) and Flexible Launch Control (FLC)?

For EPID, all processors to date including client Intel Core and Xeon E WS/Server that have SGX all support EPID. Only the 3rd Generation Xeon Scalable (ICX) and all future Scalables will not support EPID. 3rd Generation Intel Xeon Scalable (ICX) and all future Intel Xeon Scalable processors will support only ECDSA/DCAP.

Regards,

Jesus G.

Intel Customer Support

JesusG_Intel · ‎01-20-2022

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.

Strackx · ‎01-24-2022

The `sgx-detect` tool from Fortnanix EDP returns a nice overview of the SGX features your processor supports.