An update on 3rd Party Attestation

Introduction - What is Intel® SGX Data Center Attestation Primitives (Intel® SGX DCAP) all about?

When Intel introduced Intel® Software Guard Extensions (Intel® SGX) we also provided a no-fee based Intel Attestation Service (IAS) allowing service providers to authenticate that Enclaves were successfully instantiated on a platform. When we were first designing Intel SGX we had noticed the lack of services available allowing the TPM to be used for general purpose attestation. The attestation service (IAS) we developed was built around the use of a Direct Anonymous Attestation scheme known as Intel® Enhanced Privacy Identifier (Intel® EPID), in order to provide privacy protection to the user.

As the development, adoption, and ecosystem of Intel SGX has grown, we have been listening to feedback from customers and end-users on how to provide enhanced capabilities. One consistent feedback has been that large enterprises and service providers wish to build out their own attestation capabilities.

We recently published a whitepaper (here), outlining how we intend to support customers and end-users with building their own attestation service. To support this whitepaper we also released a set of Intel SGX Data Center Attestation Primitives for Linux, found here, and a Certificate Retrieval Service that enables platform owners and users to retrieve certificates for an Intel SGX enabled platform. You can find the corresponding API documentation here.

What is Flexible Launch Control?

The Intel SGX DCAP primitives require a new feature called Flexible Launch Control, which allows the platform owner, versus Intel, to control which enclaves are launched. This includes which enclaves are granted access to the Platform Provisioning Identifier (PPID) used with the Certificate Retrieval Service.  The enclave requesting access to the PPID can be signed by the attestation service provider. One of the purposes of the Launch Enclave is to prevent abuse of the PPID in privacy sensitive environments. 

Building an attestation service requires integration with the operating system, and we are working with the Linux Kernel community to get this up-streamed as soon as possible.  Note that you are not required to build your own Quoting Enclave.

What about Hardware?

Our new primitives have been designed with our Intel SGX enabled Intel® Xeon® E Processors server hardware in mind. You can find which server processors we just released with Intel SGX here.

Additionally we have enabled a couple of developer's platforms using our Intel® NUC hardware (NUC7CJYH & NUC7PJYH).

If they do not ship with Flexible Launch Controlled already enabled in their BIOS, a BIOS update to turn on this FLC capability on can be found here.

These platforms can be used for testing purposes with the Intel SGX DCAP SW and the Platform Certificate Retrieval Service.

What about the Platform Certificate Retrieval Service?

A full description of the Platform Certificate Retrieval Service can be found here.  No additional licensing is required, but a free Intel® Developer Zone account is required in order to obtain an API key for use with the service.

How do I pull it together?

Since it is our intention that these primitives are used by others to run an attestation service, the primitives are the building blocks required to build them. We have published a 'how to' guide on how to assemble a service with the primitives.  Intel is not intending to build a service at this time.

 

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

standard
For more complete information about compiler optimizations, see our Optimization Notice.