Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1448 Discussions

Generation of root certificate and PCK Certificate in DCAP remote authentication

enclave_Research
1,444 Views

How is the root secret key and PCK secret key generated in DCAP remote authentication,and How are root certificates and PCK certificates generated in DCAP remote authentication?

0 Kudos
1 Solution
JesusG_Intel
Moderator
1,335 Views

Hello enclave_research,


The Introduction and Terminology sections of this paper, Remote Attestation for Multipackage Platforms using Intel SGX DCAP, will shed more light on your questions. This is all the information we have at this moment.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
5 Replies
JesusG_Intel
Moderator
1,416 Views

Hello enclave_Research,

 

The DCAP Orientation Guide  and the Intel SGX PCK Certificate CRL Spec contain all of the information you need.

 

The basic steps to receive the PCK certs from the Intel Attestation Service are:

  1. Subscribe at the ECDSA Attestation Service to be able to receive and cache the PCK certs.
  2. Setup Intel SGX DCAP environment.
  3. Build and install the Provisioning Certificate Caching Service (PCCS)
  4. Generate pckid_retrieval.csv
  5. Run PCKIDRetrievalTool to download and cache the certs into your PCCS.

The QuoteGeneration Sample shows how to get the cert data from the quote.

 

Sincerely,

Jesus G.

Intel Customer Support

 

0 Kudos
enclave_Research
1,397 Views

@JesusG_Intel 

Hello!I know how to retrieve the PCK certificate. I want to know where, when and how the Intel root certificate and PCK certificate are generated? Thanks for your answer.

0 Kudos
JesusG_Intel
Moderator
1,354 Views

Hello enclave_research,


This DCAP paper has more technical details on the certs. I am checking with my resources if we can provide more specific information, but that information may not be publicly disclosable.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
1,336 Views

Hello enclave_research,


The Introduction and Terminology sections of this paper, Remote Attestation for Multipackage Platforms using Intel SGX DCAP, will shed more light on your questions. This is all the information we have at this moment.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
1,287 Views

Hello enclave_research,


Do you still need help with this issue?


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Reply