Date

Goals
To look in to how to use the datacenter attestation primitives

Discussion items
A presentation on DCAP attestation primitives for Intel SGX TEEs with Avalon (Proxy Model) by Mr. Dan Middleton from Intel, covering the following topics

  • Basics of attestation
  • Use the lab to demonstrate creating an attestation at one CSP
  • and then verifying it in a (virtual) on-prem datacenter

The attestation flow enables more distributed communication patterns than what we have today.

The added flexibility also means there are a lot of possible paths to choose which can seem confusing.

In order to get started, here's a lab that chooses one concrete path.

https://github.com/hyperledger-labs/dancap

The video of the session is here:

DCAP_Attestation.mp4

  • No labels

1 Comment

  1. Dan Anderson

    Here's my notes on this presentation:

    DCAP: Data Center Attestation Protocol for Intel SGX

    Summary:

    • Introductory material on Confidential Computing, Trusted Execution Environments (TEEs), and Avalon
    •  Motivation for using DCAP (replaces centralized Intel Attestation Service (IAS))
    • Local DCAP attestation verification lab demo
    • Integration of DCAP with Avalon

    Links:

    Terms

    • ACC - Azure Confidential Computing - uses Intel SGX in the Azure cloud
    • Attestation - proof that something (such as code or data) was checked for validity (such as with signature validation)
    • Confidential computing - protection of data in use by performing computation within hardware-based trusted execution environments
    • Intel SGX - Intel Software Guard Extensions (a TEE implementation)
    • PCCS - Provisioning Certificate Caching Service -- used by DCAP service for self-signed certs