Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

whether attestation services are available on my processor

maxdd
Beginner
636 Views

It mentions in the following url that ECDSA and EPID attestation are only available on selected processors. I am using 'Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz' and I am wondering if those attestation services are available on my processor? Thanks for your help!

https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-servic...

0 Kudos
1 Solution
JesusG_Intel
Moderator
602 Views

Hello maxdd,


I apologize for misinterpreting your question. Junli, thanks for jumping in. To add more context...


To support ECDSA attestation, the processor needs to support SGX Flexible Launch Control (FLC). Unfortunately, there is no easy way to determine if an SGX processor also supports FLC but this article provides guidance: Which Platforms Support Intel® Software Guard Extensions (Intel® SGX) Datacenter Attestation Primiti...


For EPID, all processors to date including client Intel Core and Xeon E WS/Server that have SGX all support EPID. Only the 3rd Generation Xeon Scalable (ICX) and all future Scalables will not support EPID. 3rd Generation Intel Xeon Scalable (ICX) and all future Intel Xeon Scalable processors will support only ECDSA/DCAP.


Regards,

Jesus G.

Intel Customer Support


View solution in original post

6 Replies
JesusG_Intel
Moderator
623 Views

Hello max max,


Your processor, Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GH (navigate to the Security and Reliability section of the page), supports SGX and can be attested remotely by a service provider using Intel Attestation Service.


This article, Where is a List of Processors that Support Intel® Software Guard Extensions (Intel® SGX)?, describes how to find out if your processor supports SGX, which is necessary for remote attestation.


Regards,

Jesus G.

Intel Customer Support


maxdd
Beginner
617 Views

Thanks for the reply.

I know my processor supports SGX. But where can I find if it supports Intel Attestation Service?

Or do all processors supporting SGX also support Intel Attestation Service (both ECDSA and EPID attestation)?

Junli_S_Intel
Employee
610 Views

Your E3 processor should support both ECDSA and EPID attestation.  Not all processors supporting SGX support both ECDSA and EPID attestation. 

 

Current ICX-SP doesn't support EPID attestation

JesusG_Intel
Moderator
603 Views

Hello maxdd,


I apologize for misinterpreting your question. Junli, thanks for jumping in. To add more context...


To support ECDSA attestation, the processor needs to support SGX Flexible Launch Control (FLC). Unfortunately, there is no easy way to determine if an SGX processor also supports FLC but this article provides guidance: Which Platforms Support Intel® Software Guard Extensions (Intel® SGX) Datacenter Attestation Primiti...


For EPID, all processors to date including client Intel Core and Xeon E WS/Server that have SGX all support EPID. Only the 3rd Generation Xeon Scalable (ICX) and all future Scalables will not support EPID. 3rd Generation Intel Xeon Scalable (ICX) and all future Intel Xeon Scalable processors will support only ECDSA/DCAP.


Regards,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
593 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Strackx
Beginner
563 Views

The `sgx-detect` tool from Fortnanix EDP returns a nice overview of the SGX features your processor supports.

Reply