Commercial license questions

Commercial license questions

We are in the process of initiating the commercial license request for SGX and I have a few questions related to this:

  1. Our application is split into three different enclaves and I would like to know if we need to submit three different SIGSTRUCT structures to Intel or is it sufficient to just submit one. (In other words, does the launch enclave whitelist work on the basis of mrenclave or mrsigner). Is there any document which describes how whitelisting is enforced (i.e., what is the policy used by the launch enclave).
  2. We are 3 person startup and none of us is a lawyer. Will you at Intel recommend that we hire a lawyer for the licensing process or are bizdev+eng skills sufficient? (Asking for a recommendation because we don't know how tangled your licensing process is.)
  3. In the Debug build, when we get a Remote Attestation response from the IAS server, the YES/NO response is signed by a 2-level cert-chain (listed below). Neither of these certificates are signed by any well known Certification Authority, which means anyone who can masquerade DNS, can setup an IAS debug server and launch a man-in-the-middle. 
    My question is, for the production version of IAS, is the response  signed by a valid CA, or is the model still the same as Debug version. If the cert is not signed by a CA, could you please post the root level certificate somewhere on a well known Intel Website so that our client application can hardcode it.

-Ryan

Here's the cert-chain:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15062137621417537686 (0xd107765d32a3b096)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel SGX Attestation Report Signing CA
        Validity
            Not Before: Nov 22 09:36:58 2016 GMT
            Not After : Nov 20 09:36:58 2026 GMT
        Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel SGX Attestation Report Signing
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a9:7a:2d:e0:e6:6e:a6:14:7c:9e:e7:45:ac:01:
                    62:68:6c:71:92:09:9a:fc:4b:3f:04:0f:ad:6d:e0:
                    93:51:1d:74:e8:02:f5:10:d7:16:03:81:57:dc:af:
                    84:f4:10:4b:d3:fe:d7:e6:b8:f9:9c:88:17:fd:1f:
                    f5:b9:b8:64:29:6c:3d:81:fa:8f:1b:72:9e:02:d2:
                    1d:72:ff:ee:4c:ed:72:5e:fe:74:be:a6:8f:bc:4d:
                    42:44:28:6f:cd:d4:bf:64:40:6a:43:9a:15:bc:b4:
                    cf:67:75:44:89:c4:23:97:2b:4a:80:df:5c:2e:7c:
                    5b:c2:db:af:2d:42:bb:7b:24:4f:7c:95:bf:92:c7:
                    5d:3b:33:fc:54:10:67:8a:89:58:9d:10:83:da:3a:
                    cc:45:9f:27:04:cd:99:59:8c:27:5e:7c:18:78:e0:
                    07:57:e5:bd:b4:e8:40:22:6c:11:c0:a1:7f:f7:9c:
                    80:b1:5c:1d:db:5a:f2:1c:c2:41:70:61:fb:d2:a2:
                    da:81:9e:d3:b7:2b:7e:fa:a3:bf:eb:e2:80:5c:9b:
                    8a:c1:9a:a3:46:51:2d:48:4c:fc:81:94:1e:15:f5:
                    58:81:cc:12:7e:8f:7a:a1:23:00:cd:5a:fb:57:42:
                    fa:1d:20:cb:46:7a:5b:eb:1c:66:6c:f7:6a:36:89:
                    78:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:78:43:7B:76:A6:7E:BC:D0:AF:7E:42:37:EB:35:7C:3B:87:01:51:3C

            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://trustedservices.intel.com/content/CRL/SGX/AttestationReportSigningCA.crl

    Signature Algorithm: sha256WithRSAEncryption
         67:08:b6:1b:5c:2b:d2:15:47:3e:2b:46:af:99:28:4f:bb:93:
         9d:3f:3b:15:2c:99:6f:1a:6a:f3:b3:29:bd:22:0b:1d:3b:61:
         0f:6b:ce:2e:67:53:bd:ed:30:4d:b2:19:12:f3:85:25:62:16:
         cf:cb:a4:56:bd:96:94:0b:e8:92:f5:69:0c:26:0d:1e:f8:4f:
         16:06:04:02:22:e5:fe:08:e5:32:68:08:21:2a:44:7c:fd:d6:
         4a:46:e9:4b:f2:9f:6b:4b:9a:72:1d:25:b3:c4:e2:f6:2f:58:
         ba:ed:5d:77:c5:05:24:8f:0f:80:1f:9f:bf:b7:fd:75:20:80:
         09:5c:ee:80:93:8b:33:9f:6d:bb:4e:16:56:00:e2:0e:4a:71:
         88:12:d4:9d:99:01:e3:10:a9:b5:1d:66:c7:99:09:c6:99:65:
         99:fa:e6:d7:6a:79:ef:14:5d:99:43:bf:1d:3e:35:d3:b4:2d:
         1f:b9:a4:5c:be:8e:e3:34:c1:66:ee:e7:d3:2f:cd:c9:93:5d:
         b8:ec:8b:b1:d8:eb:37:79:dd:8a:b9:2b:6e:38:7f:01:47:45:
         0f:1e:38:1d:08:58:1f:b8:3d:f3:3b:15:e0:00:a5:9b:e5:7e:
         a9:4a:3a:52:dc:64:bd:ae:c9:59:b3:46:4c:91:e7:25:bb:da:
         ea:3d:99:e8:57:e3:80:a2:3c:9d:9f:b1:ef:58:e9:e4:2d:71:
         f1:21:30:f9:26:1d:72:34:d6:c3:7e:2b:03:db:a4:0d:fd:fb:
         13:ac:4a:d8:e1:3f:d3:75:63:56:b6:b5:00:15:a3:ec:95:80:
         b8:15:d8:7c:2c:ef:71:5c:d2:8d:f0:0b:bf:2a:3c:40:3e:bf:
         66:91:b3:f0:5e:dd:91:43:80:3c:a0:85:cf:f5:7e:05:3e:ec:
         2f:8f:ea:46:ea:77:8a:68:c9:be:88:5b:c2:82:25:bc:5f:30:
         9b:e4:a2:b7:4d:3a:03:94:53:19:dd:3c:71:22:fe:d6:ff:53:
         bb:8b:8c:b3:a0:3c

Certificate: <== This Root CA is not well-known 
    Data:
        Version: 3 (0x2)
        Serial Number: 15062137621417537684 (0xd107765d32a3b094)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel SGX Attestation Report Signing CA
        Validity
            Not Before: Nov 14 15:37:31 2016 GMT
            Not After : Dec 31 23:59:59 2049 GMT
        Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel SGX Attestation Report Signing CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (3072 bit)
                Modulus:
                    00:9f:3c:64:7e:b5:77:3c:bb:51:2d:27:32:c0:d7:
                    41:5e:bb:55:a0:fa:9e:de:2e:64:91:99:e6:82:1d:
                    b9:10:d5:31:77:37:09:77:46:6a:6a:5e:47:86:cc:
                    d2:dd:eb:d4:14:9d:6a:2f:63:25:52:9d:d1:0c:c9:
                    87:37:b0:77:9c:1a:07:e2:9c:47:a1:ae:00:49:48:
                    47:6c:48:9f:45:a5:a1:5d:7a:c8:ec:c6:ac:c6:45:
                    ad:b4:3d:87:67:9d:f5:9c:09:3b:c5:a2:e9:69:6c:
                    54:78:54:1b:97:9e:75:4b:57:39:14:be:55:d3:2f:
                    f4:c0:9d:df:27:21:99:34:cd:99:05:27:b3:f9:2e:
                    d7:8f:bf:29:24:6a:be:cb:71:24:0e:f3:9c:2d:71:
                    07:b4:47:54:5a:7f:fb:10:eb:06:0a:68:a9:85:80:
                    21:9e:36:91:09:52:68:38:92:d6:a5:e2:a8:08:03:
                    19:3e:40:75:31:40:4e:36:b3:15:62:37:99:aa:82:
                    50:74:40:97:54:a2:df:e8:f5:af:d5:fe:63:1e:1f:
                    c2:af:38:08:90:6f:28:a7:90:d9:dd:9f:e0:60:93:
                    9b:12:57:90:c5:80:5d:03:7d:f5:6a:99:53:1b:96:
                    de:69:de:33:ed:22:6c:c1:20:7d:10:42:b5:c9:ab:
                    7f:40:4f:c7:11:c0:fe:47:69:fb:95:78:b1:dc:0e:
                    c4:69:ea:1a:25:e0:ff:99:14:88:6e:f2:69:9b:23:
                    5b:b4:84:7d:d6:ff:40:b6:06:e6:17:07:93:c2:fb:
                    98:b3:14:58:7f:9c:fd:25:73:62:df:ea:b1:0b:3b:
                    d2:d9:76:73:a1:a4:bd:44:c4:53:aa:f4:7f:c1:f2:
                    d3:d0:f3:84:f7:4a:06:f8:9c:08:9f:0d:a6:cd:b7:
                    fc:ee:e8:c9:82:1a:8e:54:f2:5c:04:16:d1:8c:46:
                    83:9a:5f:80:12:fb:dd:3d:c7:4d:25:62:79:ad:c2:
                    c0:d5:5a:ff:6f:06:22:42:5d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://trustedservices.intel.com/content/CRL/SGX/AttestationReportSigningCA.crl

            X509v3 Subject Key Identifier: 
                78:43:7B:76:A6:7E:BC:D0:AF:7E:42:37:EB:35:7C:3B:87:01:51:3C
            X509v3 Authority Key Identifier: 
                keyid:78:43:7B:76:A6:7E:BC:D0:AF:7E:42:37:EB:35:7C:3B:87:01:51:3C

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
    Signature Algorithm: sha256WithRSAEncryption
         78:5f:2d:60:c5:c8:0a:f4:2a:79:76:10:21:39:15:da:82:c9:
         b2:9e:89:e0:90:2a:25:a6:c7:5b:16:09:1c:68:ab:20:4a:ae:
         71:18:89:49:2c:7e:1e:32:09:11:45:5a:8f:c1:34:42:31:2e:
         77:a6:39:94:d9:97:95:c8:ea:45:76:82:3c:ea:8a:d1:e1:91:
         cf:a8:62:fa:b8:a9:32:d3:d9:b0:53:5a:07:02:d0:55:5f:74:
         e5:20:e3:03:30:f3:34:80:e7:ad:c9:d7:c8:1e:20:70:31:42:
         bf:00:c5:28:a8:0b:46:33:81:fd:60:2a:82:c7:03:52:81:aa:
         e5:95:62:cc:b5:33:4e:a8:90:3e:65:0b:01:06:81:f5:ce:8e:
         b6:2e:ac:9c:41:49:88:24:3a:ec:92:f2:5b:f1:3c:df:f7:eb:
         cc:29:8e:e5:1b:ba:5a:35:38:b6:6b:26:cb:c4:5a:51:de:00:
         3c:ad:30:65:31:ad:7c:f5:d4:ef:0f:88:05:d1:b9:13:3d:24:
         13:5a:b3:c4:64:1a:2f:88:08:34:9d:73:33:29:5e:0e:76:ee:
         4b:c5:22:72:32:62:8e:fa:80:d7:9d:92:ab:4e:3d:11:20:f3:
         fb:5a:d1:19:cd:8d:54:4a:a1:d4:a6:86:5e:6b:57:be:ac:57:
         71:30:7e:2e:3c:b9:07:0d:a4:7b:4b:fc:88:69:e0:14:13:ea:
         09:35:41:de:8a:79:28:11:b7:46:36:c5:e9:14:52:cf:0c:ee:
         59:f2:fb:40:4a:cd:0b:c5:84:cb:9c:83:54:04:73:4c:0e:7e:
         c6:60:5c:df:cf:2f:f4:39:b6:d4:71:9f:70:2f:0e:0c:3f:a0:
         4f:db:12:a6:cb:2a:d1:ab:1c:9a:f1:f8:f4:c3:a0:8e:dd:72:
         a3:2b:0b:b5:d0:ad:25:6f:fd:15:9a:68:3b:2a:5a:1f:1d:11:
         fa:62:53:2f:03:d7:54:ca:ef:0d:a5:73:5a:1e:5a:88:4c:7e:
         89:d9:12:18:c9:d7

 

7 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

1, Please check "Tools and Support" section at https://software.intel.com/en-us/sgx/resource-library, you will need supply sigstructs for RA

3. Please check https://software.intel.com/en-us/articles/intel-software-guard-extension.... You'll need download and use the certificate as described in prerequisites section above link

 

 

I'm not asking how to do RA (We already know how to do remote attestation). My question is about SGX commercial licensing requirements listed on this page: https://software.intel.com/en-us/sgx/commercial-use-license-request . It says, 

The Company or developer technical contact provides Intel with:
Production quality x.509 certificate
Decision on linkable/unlinkable quote for EPID Signature Policy
SIGSTRUCT file

SIGSTRUCT File generation information is contained within the Intel® SGX Developer Guide.Consult information on the Intel® SGX Sign Tool.

Since SIGSTRUCT contains mrenclave, do we need to provide three different SIGSTRUCT or is one enough. The problem is we don't know what the final mrenclave will be since we are still changing code, so it will help if you could tell us how you do whitelisting in the launch enclave. (I have checked all the publically available document in the past, and I cannot find any information on how launch enclave does whitelisting. Launch enclave source code in Linux SDK is only for debug enclave and I don't know if you use the same code for production launch enclave also (unlikely!).

Regarding 3, once again I'm not asking about what the client need to do. We already have done that and that's how we are able to get valid Remote Attestation Response. My question is, why is Intel Attestation Service responding with a cert-chain in the HTTP headers (x-iasreport-signing-certificate) that's not rooted in any well known CA? You expect small startups to spend time, money, and resources on getting X509 certificates from valid CAs, but you yourself cannot bother to get a valid CA signed certificate!

@Ryan sorry for the confusion. 

I believe you only need submit your sigstructs right before deploying when you are sure the code is frozen for production. It might be quicker to get the answers of other questions you have when you follow the process on that page and submit the request.

Sending SIGSTRUCT right before release might not be an option with continuous deployment. We  plan to update our software every 8-12 weeks, which will result in changes to mrenclave (even if the enclave code doesn't change, the version number of enclave in the code will change resulting in different mrenclave). Does this mean, we need to contact Intel every 3 months with the SIGSTRUCT? (And what about the old version of the enclave? Will Intel blacklist that?)

I apologize if this is not the right place for this discussion, but I cannot find any contact-information/mailing-list where I can discuss this issue.

-Ryan

Whitelist is based on MRSIGNER. So it should be OK to submit one sigstruct. Please follow process at https://software.intel.com/en-us/sgx/commercial-use-license-request to enroll.  

Note there is a step "The Company's designated technical contact and Intel work together to complete the technical onboarding process." You will be in good hands and can get your additional concerns addressed at that point :-)

 

Please see my answers to your questions:

  1. Our application is split into three different enclaves and I would like to know if we need to submit three different SIGSTRUCT structures to Intel or is it sufficient to just submit one. (In other words, does the launch enclave whitelist work on the basis of mrenclave or mrsigner). Is there any document which describes how whitelisting is enforced (i.e., what is the policy used by the launch enclave).

Whitelist is using only MRSIGNER which is depending only on the signing key. You only need to submit once for your application regardless of how many Enclaves that you have.

  1. We are 3 person startup and none of us is a lawyer. Will you at Intel recommend that we hire a lawyer for the licensing process or are bizdev+eng skills sufficient? (Asking for a recommendation because we don't know how tangled your licensing process is.)

I can help you with technical questions only.

  1. In the Debug build, when we get a Remote Attestation response from the IAS server, the YES/NO response is signed by a 2-level cert-chain (listed below). Neither of these certificates are signed by any well known Certification Authority, which means anyone who can masquerade DNS, can setup an IAS debug server and launch a man-in-the-middle. 
    My question is, for the production version of IAS, is the response  signed by a valid CA, or is the model still the same as Debug version. If the cert is not signed by a CA, could you please post three root level certificate somewhere on a well known Intel Website so that our client application can hardcode it.

In the Debug build, you can do remote attestation to our TEST server. That is why it was successful.

In the release build, you will do remote attestation to our PROD server. This is where it will require a valid CA certificate as part of the registration process for remote attestation.

Leave a Comment

Please sign in to add a comment. Not a member? Join today