Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

How to get certificates from Intel PCS without PCCS

Kishore_B_Intel
Employee
1,061 Views

Hi,

Currently the way attestation works for me is that you install PCCS and run the attestation to get the certificates from Intel PCS via config file.

Something like below:

/opt/intel/sgx-dcap-pccs/config/default.json

    "uri": "https://sbx.api.trustedservices.intel.com/sgx/certification/v4/",

    "ApiKey" : "< Primary Key from https://sbx.api.portal.trustedservices.intel.com/manage-subscriptions>",

Is there a way to get the certificates directly from Intel PCS services without having the PCCS installed in our VM?

All the instructions I have seen are using PCCS mechanism only.

Are there any instructions documented to get the Certificates without PCCS?

Thanks

 

0 Kudos
2 Replies
Sirasapalli
Beginner
246 Views

Were you able to download Certificate without using PCCS service ?

0 Kudos
Benny_Intel
Moderator
131 Views

Multiple ways for platform registration, also without PCCS, are described in the Intel TDX Enabling Guide. The trick is to create local caching files using the PCCS Admin tool. Additionally, activate local caching by setting local_cache_only to true in /etc/sgx_default_qcnl.conf.

0 Kudos
Reply