Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

whether attestation services are available on my processor

maxdd
Beginner
1,290 Views

It mentions in the following url that ECDSA and EPID attestation are only available on selected processors. I am using 'Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz' and I am wondering if those attestation services are available on my processor? Thanks for your help!

https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html

0 Kudos
1 Solution
JesusG_Intel
Moderator
1,256 Views

Hello maxdd,


I apologize for misinterpreting your question. Junli, thanks for jumping in. To add more context...


To support ECDSA attestation, the processor needs to support SGX Flexible Launch Control (FLC). Unfortunately, there is no easy way to determine if an SGX processor also supports FLC but this article provides guidance: Which Platforms Support Intel® Software Guard Extensions (Intel® SGX) Datacenter Attestation Primitives (DCAP) and Flexible Launch Control (FLC)?


For EPID, all processors to date including client Intel Core and Xeon E WS/Server that have SGX all support EPID. Only the 3rd Generation Xeon Scalable (ICX) and all future Scalables will not support EPID. 3rd Generation Intel Xeon Scalable (ICX) and all future Intel Xeon Scalable processors will support only ECDSA/DCAP.


Regards,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
6 Replies
JesusG_Intel
Moderator
1,277 Views

Hello max max,


Your processor, Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GH (navigate to the Security and Reliability section of the page), supports SGX and can be attested remotely by a service provider using Intel Attestation Service.


This article, Where is a List of Processors that Support Intel® Software Guard Extensions (Intel® SGX)?, describes how to find out if your processor supports SGX, which is necessary for remote attestation.


Regards,

Jesus G.

Intel Customer Support


0 Kudos
maxdd
Beginner
1,271 Views

Thanks for the reply.

I know my processor supports SGX. But where can I find if it supports Intel Attestation Service?

Or do all processors supporting SGX also support Intel Attestation Service (both ECDSA and EPID attestation)?

0 Kudos
Junli_S_Intel
Employee
1,264 Views

Your E3 processor should support both ECDSA and EPID attestation.  Not all processors supporting SGX support both ECDSA and EPID attestation. 

 

Current ICX-SP doesn't support EPID attestation

0 Kudos
JesusG_Intel
Moderator
1,257 Views

Hello maxdd,


I apologize for misinterpreting your question. Junli, thanks for jumping in. To add more context...


To support ECDSA attestation, the processor needs to support SGX Flexible Launch Control (FLC). Unfortunately, there is no easy way to determine if an SGX processor also supports FLC but this article provides guidance: Which Platforms Support Intel® Software Guard Extensions (Intel® SGX) Datacenter Attestation Primitives (DCAP) and Flexible Launch Control (FLC)?


For EPID, all processors to date including client Intel Core and Xeon E WS/Server that have SGX all support EPID. Only the 3rd Generation Xeon Scalable (ICX) and all future Scalables will not support EPID. 3rd Generation Intel Xeon Scalable (ICX) and all future Intel Xeon Scalable processors will support only ECDSA/DCAP.


Regards,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
1,247 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Strackx
Beginner
1,217 Views

The `sgx-detect` tool from Fortnanix EDP returns a nice overview of the SGX features your processor supports.

0 Kudos
Reply