Intel® SGX: Intel® EPID Provisioning and Attestation Services

Download
  • File: ww10-2016-sgx-provisioning-and-attestation-final.pdf
  • Size:625.34 KB

Details

One of the critical features of Intel® Software Guard Extensions (Intel® SGX) is the ability to attest that an enclave was successfully established on an Intel® SGX enabled platform. Our Attestation and Sealing Whitepaper from 2013 on the subject gives a high level overview of the attestation process, however it did not cover how the attestation key was delivered to the platform. In order to explain this process and the services that Intel has developed to support Intel® Enhanced Privacy ID (Intel® EPID) provisioning, and the subsequent verification of Intel EPID attestations, for Intel SGX we have written a companion whitepaper.

Intel® EPID provisioning takes place through enclaves that are provided as part of the Intel SGX and distributed along with Intel SGX applications. The attestation service is available to all Intel SGX developers. For developers that have built their enclaves and are ready to access the Intel Attestation Verification Service referenced in the paper, please contact sgx_program@intel.com for additional information.

For more complete information about compiler optimizations, see our Optimization Notice.