Developer Guide

  • 04/03/2019
  • Public Content
Contents

Applet Attestation Using Intel® Enhanced Privacy ID (Intel® EPID)

SIGMA is a proprietary Intel algorithm for establishing a secure session between a trusted platform component (e.g., Intel® Management Engine (Intel® MEI)) and a remote server without any previous root of trust. The protocol is exposed to trusted applications to allow initial provisioning of the trusted application in a secure manner. It assures the verifier that the communication originated from an Intel DAL applet running on Intel® Converged Security Engine (Intel® CSE), but does not provide any information identifying the specific platform, thus maintaining the platform owner’s privacy.
  • SIGMA 1.0 supported since Intel ME 7.1, SIGMA 1.1 since Intel ME 8.0
  • Allows the establishment of a session with zero-additional information for the trusted application (when one-time provisioning of the Intel® Enhanced Privacy ID (Intel® EPID) key has taken place)
  • Allows mutual authentication of the trusted application and the remote server
  • Supports client revocation
  • Supports server revocation using OCSP (from SIGMA 1.1)
  • Use SIGMA 1.1 when possible (not SIGMA 1.0).
  • Use the Signature Revocation List (SIGRL) (recommended but not mandatory)
 
See the Sigma Sample for more details.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804