Usage details of the PSE
Unable to determine which Intel® Software Guard Extensions (Intel® SGX) component invokes the PSE and what it is used for
The Intel® Software Guard Extensions (Intel® SGX) Remote Attestation End-to-End Example explains the purpose of the Platform Services Enclave (PSE):
"The PSE is an architectural enclave included in the Intel SGX software package that supplies services for trusted time and a monotonic counter. These can be used for replay protection during nonce generation and for securely calculating the length of time for which a secret should be valid."
The PSE is used mainly in two scenarios:
-
Remote Attestation: Refer to the Remote Attestation and Protected Session Establishment section in the Intel SGX Developer Reference Guide for Windows* and to the Intel® Software Guard Extensions Remote Attestation End-to-End Example for details on the remote attestation flow. The PSE can be invoked only by enclaves. The ISV application, also known as the untrusted app, tells the enclave to use PSE through the b_pse variable. The enclave then passes b_pse to sgx_ra_init, which is used to generate the remote attestation context. When this variable is set, Msg3, from the client to the service provider, includes platform services information. Upon receiving Msg3, the payload that the service provider sends to the Intel Attestation Service (IAS) will include a PSE Manifest and nonce. Refer to the Attestation Evidence Payload section of the Intel SGX Attestation API Spec for definitions of the PSE Manifest and nonce. The Attestation Verification Report that IAS sends to the Service Provider includes a field called pseManifestStatus, which tells the service provider if the security properties of the Intel SGX Platform Service was verified and up to date.
A PSE session must be established in order to request platform service. The enclave implementation in the sgx-ra-sample shows how to use sgx_create_pse_session based on the value of b_pse.
- Sealing Data: Refer to the Sealed Data section in the Intel SGX Developer Reference Guide for Windows for information on how the Monotonic Counter and Trusted Time Services, which are provided by the PSE, are used to protect enclave secrets that are stored outside of the enclave, such as on disk. See the SealedData sample in the Intel SGX SDK for Windows for implementation details.
Enclaves running on server hardware do not have a Platform Services Enclave, and cannot utilize client-specific features.
Support for Intel® Software Guard Extensions (Intel® SGX) Platform Services was removed from all Linux*-based platforms, including client platforms, beginning with Intel SGX SDK for Linux 2.9.
The Intel SGX API for monotonic counters is still part of the Intel® Software Guard Extensions (Intel® SGX) SDK for Windows* and is supported on Windows® 10 platforms through the Intel SGX Platform Software for Windows*. The Intel SGX Platform Software for Windows is usually installed through Windows Update from the platform manufacturer.