Skip To Main Content
Intel logo - Return to the home page
My Tools

Select Your Language

  • Bahasa Indonesia
  • Deutsch
  • English
  • Español
  • Français
  • Português
  • Tiếng Việt
  • ไทย
  • 한국어
  • 日本語
  • 简体中文
  • 繁體中文
Sign In to access restricted content

Using Intel.com Search

You can easily search the entire Intel.com site in several ways.

  • Brand Name: Core i9
  • Document Number: 123456
  • Code Name: Emerald Rapids
  • Special Operators: “Ice Lake”, Ice AND Lake, Ice OR Lake, Ice*

Quick Links

You can also try the quick links below to see results for most popular searches.

  • Product Information
  • Support
  • Drivers & Software

Recent Searches

Sign In to access restricted content

Advanced Search

Only search in

Sign in to access restricted content.

The browser version you are using is not recommended for this site.
Please consider upgrading to the latest version of your browser by clicking one of the following links.

  • Safari
  • Chrome
  • Edge
  • Firefox

Intel® Software Guard Extensions

 

 

  • Overview
  • Get Started
  • Attestation
  • Training
  • Documentation
  • Forum

 



Strengthen Enclave Trust with Attestation

  

Remote Attestation

This advanced feature allows a hardware entity or a combination of hardware and software to gain a remote provider's (also known as the relying party) or producer's trust.

Remote attestation gives the relying party increased confidence that the software is running:

  • Inside an Intel® Software Guard Extension (Intel® SGX) enclave
  • On a fully updated system at the latest security level (also referred to as the trusted computing base [TCB] version)

Attestation results provide:

  • The identity of the software being attested
  • Details of an unmeasured state (such as the execution mode)
  • An assessment of possible software tampering

After an enclave successfully attests itself to a relying party, an encrypted communication channel can be established between the two. Secrets, such as credentials or other sensitive data, can be provisioned directly to the enclave.


Intel SGX currently supports a single type of remote attestation:

Elliptic Curve Digital Signature Algorithm (ECDSA) Attestation

This method enables third-party attestation via the Intel® Software Guard Extensions Data Center Attestation Primitives (Intel® SGX DCAP).

Features of ECDSA-based attestations:

  • Provides flexible provisioning based on ECDSA certificates
  • Allows for construction of on-premise attestation services
  • Available under an open source licensing model

 

 

Intel previously supported the Intel® Software Guard Extensions Attestation Service Utilizing Intel® Enhanced Privacy ID, but this product is now discontinued.

Intel® Tiber™ Trust Authority

This is a zero-trust attestation service that provides customers with assurance that their apps and data are protected on the platform of their choice, including multiple cloud, sovereign clouds, edge, and on-premise environments.

More Information

ECDSA-based Attestation

ECDSA-based attestation with Intel SGX DCAP allows providers to build and deliver their own attestation service. This is useful for enterprise, data center, and cloud service providers who need to:

  • Use the large enclave sizes that are available in the Intel® Xeon® Scalable processor family and Intel® Xeon® 6 processors.
  • Run large parts of their networks in environments where internet-based services cannot be reached.
  • Keep attestation decisions in-house.
  • Deliver applications that work in a distributed fashion (for example, peer-to-peer networks) that benefit from not relying on a single point of verification.
  • Prevent platform anonymity where it is not permitted.

 

Learn More about ECDSA Attestation

An Update on Third-Party Attestation

Attestation for Data Center Orientation Guide

Support Third-Party Attestation for Intel SGX DCAP

Remote Attestation for Multipackage Platforms Using Intel SGX DCAP

Get Started with Intel® SGX DCAP

Source Code (GitHub*)

Prebuilt Components for Various Operating System Distributions

Quick Install Guide

Quote Generation, Verification, and Attestation

Quote Verification Grace Periods with Intel SGX DCAP

Registration Service for Intel® Xeon® Scalable Processors

To support the initial setup of Intel SGX on server platforms based on Intel Xeon Scalable processors and Intel Xeon 6 processors, Intel is providing a registration service. 

This service creates a package that registers platform root keys (PRKs) that are shared between all of the processors on the platform.

Provisioning Certification Service (PCS) for ECDSA Attestation

The PCS includes a set of publicly accessible APIs that allow attestation service providers to retrieve the following:

  • Provisioning certificates
  • Revocation lists
  • Trusted computing base information

These components are then used in the providers’ remote attestation infrastructure to attest their enclaves. For more information (including subscription links), see Attestation Services.

  • Company Overview
  • Contact Intel
  • Newsroom
  • Investors
  • Careers
  • Corporate Responsibility
  • Inclusion
  • Public Policy
  • © Intel Corporation
  • Terms of Use
  • *Trademarks
  • Cookies
  • Privacy
  • Supply Chain Transparency
  • Site Map
  • Recycling
  • Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon
  • Notice at Collection

Intel technologies may require enabled hardware, software or service activation. // No product or component can be absolutely secure. // Your costs and results may vary. // Performance varies by use, configuration, and other factors. Learn more at intel.com/performanceindex. // See our complete legal Notices and Disclaimers. // Intel is committed to respecting human rights and avoiding causing or contributing to adverse impacts on human rights. See Intel’s Global Human Rights Principles. Intel’s products and software are intended only to be used in applications that do not cause or contribute to adverse impacts on human rights.

Intel Footer Logo