Sorry, you need to enable JavaScript to visit this website.

Details

Release Date: 
Jul 06, 2020
Version: 
DCAP 1.7 Open Source

Intel® SGX Data Center Attestation Primitives

INTRODUCTION

Attestation is the process of demonstrating that a software executable has been properly instantiated on a platform. Intel® SGX attestation allows a remote party to gain confidence that the intended software is securely running within an enclave on an Intel® SGX enabled platform.

WHAT’S NEW

  • Updated Quote Verification Enclave(QvE) and wrapper library to support platform certificate’s new fields.
  • Added a trusted library to verify QvE’s identity.
  • Supported user to specify platform id in PCK Cert ID Retrieval Tool’s command line option.
  • Added ability to execute Platform Cert ID Retrieval Tool on multi-package platforms without loading enclaves. PCCS now supports this functionality. The platform still needs to support SGX.
  • Updated Platform Cert ID Retrieval Tool and Multi-package registration tool to align with BIOS platform manifest changes.
  • Added .deb and .rpm installers for Platform Cert ID Retrieval Tool and Multi-package Registration Agent.
  • Fixed bugs.

SYSTEM REQUIREMENTS

HARDWARE REQUIREMENTS

  • Intel® Xeon® E Processor based Server
  • Intel® SGX option enabled in BIOS with the Flexible Launch Control support

SOFTWARE REQUIREMENTS

Supported Linux* OS distributions:

  • Ubuntu* 16.04 LTS 64-bit Server version
  • Ubuntu* 18.04 LTS 64-bit Server version
  • Red Hat* Enterprise Linux* Server 8.1 (for x86_64)

Note: It is highly recommended to use the listed Linux* OS distributions. Other distributions have not been tested.

KNOWN ISSUES AND LIMITATIONS

  • During the current release we have learned that the DKMS infrastructure uses the driver version as an arbitrary string and not as a numeric value. As a result, installing an old version on top of a new version will work, moreover, when more than one version is installed and a kernel update occurs there is no guarantee that the new version will be used in the new kernel – apparently either of the existing versions may be used To address these issues, the 1.10 driver installer will uninstall a previously installed driver if exists.

Note: The uninstall may fail if the driver is in use by an enclave or the AESM, in this case the user will be notified and will be required to manually uninstall the driver.