Attestation & Sealing with Software Guard Extensions

Once you have instantiated a secured software environment (known as an enclave) with the new instructions from the Intel(r) Software Guard Extensions (SGX) you are now ready to load secrets into it for processing and storing on the platform. This is the purpose of the attestation and sealing features in SGX.

The SGX attestation architecture provides an enclave on the platform a mechanism to 'strongly authenticate' that it exists.  This authentication can then form the basis of a secret delivery protocol between the enclave and a local entity (i.e another enclave running on the same platform) or a remote entity (a service in the cloud). For now think of it as being able to terminate an SSL like session protocol inside the enclave, where the enclave is using client authentication mode.

Once the enclave has been authenticated as existing and a secret has been delivered, the enclave would now like to persist this secret locally on the platform. This is purpose of the sealing architecture.This architecture relies on the programmer to perform the work of protecting your secrets and storing them on the platform, the hardware provides you with a 128-bit enclave specific key to protect your data.

More details can be found in the white paper we have written to explain these important features of the SGX architecture.

I hope you find this info useful and any feedback or questions you may have regarding the white paper or the attestation and sealing features in general can be posted as a comment to this blog entry.

For more complete information about compiler optimizations, see our Optimization Notice.

2 comments

Top
Simon Johnson (Intel)'s picture

EPID supports a blind join protocol, where the private member key is not revealed to Group owner (certifier), but proof of possession is demonstrated.

Raghu K.'s picture

Simon,

How is the EPID private key generated/provisioned to the quoting enclave ? The white paper says that the EPID key is generated and certified by a back end. Are there more details on how this certification takes place ? 

Im trying to understand what information Intel has, to certify the private key generated. Im wondering if its possible for intel to generate this private key, in which case the system breaks down if somebody can use intel's knowledge to generate private keys. 

Add a Comment

Have a technical question? Visit our forums. Have site or software product issues? Contact support.