A preview is not available for this record, please engage by choosing from the available options ‘download’ or ‘view’ to engage with the material
Description
Intel® Software Guard Extensions (SGX) has an attestation and sealing capability that can be used to remotely provision secrets and secure secrets to an enclave. Intel describes how Intel® Enhanced Privacy Identifier (EPID) based attestation keys are provisioned and describes the Intel provided online services to support this architecture. This paper describes additional services and primitives available to allow 3rd parties to build their own attestation infrastructure, using classical public key algorithms such as ECDSA or RSA. This paper also describes an example deployment pipeline with important trade-offs to be considered when deploying Intel® SGX at scale using these new elements.