Intel? Software Guard Extensions (Intel? SGX) Services （DCAP/EPID）

基于英特爾? SGX DCAP 的鑒證

An update on 3rd Party Attestation

大型企業(yè)和服務(wù)提供商希望建立自己的認(rèn)證能力。

DCAP需要一項(xiàng)Flexible Launch Control的功能，該功能允許平臺(tái)所有者（而不是英特爾）控制啟動(dòng)哪些enclave, 需要在BIOS中啟動(dòng)。

這包括授予哪些區(qū)域訪問(wèn)與證書(shū)檢索服務(wù)一起使用的平臺(tái)配置標(biāo)識(shí)符（PPID）的權(quán)限。 請(qǐng)求訪問(wèn)PPID的區(qū)域可以由attestation服務(wù)提供商簽名。 Launch Enclave的目的之一是防止在隱私敏感的環(huán)境中濫用PPID。

構(gòu)建證明服務(wù)需要與操作系統(tǒng)集成，并且我們正在與Linux Kernel社區(qū)合作，以盡快將其更新。 請(qǐng)注意，您不需要構(gòu)建自己的Quoting Enclave。

Product briefIntel?SGX Data Center Attestation Primitives (Intel?SGX DCAP)

intel-sgx-support-for-third-party-attestation

SGX 擁有遠(yuǎn)程和封印的能力，這可以用來(lái)provision 和 secure secrets. SGX 是指令集的擴(kuò)展，用來(lái)再程序中建立一個(gè)可信的執(zhí)行環(huán)境enclave。

enclave 創(chuàng)建不需要secrets. enclave實(shí)例化之后，可以再deliver secrets.

該流程，跟CA的流程類似， Intel相當(dāng)于根CA，會(huì)給PCK證書(shū)簽名，PCK相當(dāng)于二級(jí)代理， 給其他證明證書(shū)簽名。

5. example attestation infrastructures for Data Center or Cloud Deployments

5. 數(shù)據(jù)中心或云部署的示例證明基礎(chǔ)架構(gòu)

　　This chapter describes an example deployment flow for a Cloud Service Provider（CSP） to host an Attestation Service capable of verifying Quotes created by their platforms without an "runtime"connectivity to Intel SGX DCAP or other services. This flow, shown in Figure 4, combines collection of PPIDs, creation of Attestation keys, retrieving certificates/TCB information, and attestation verification.

　　本章介紹了云服務(wù)提供商（CSP）托管證明服務(wù)的示例部署流程，該服務(wù)能夠驗(yàn)證其平臺(tái)創(chuàng)建的Quotes，而無(wú)需與英特爾SGX DCAP或其他服務(wù)進(jìn)行“運(yùn)行時(shí)”連接。如圖4所示，該流程結(jié)合了PPID(Platform provision ID)的收集，證明密鑰的創(chuàng)建，檢索證書(shū)/ TCB信息以及證明驗(yàn)證。

5.1 Identifying Platforms

5.1 識(shí)別平臺(tái)

　　During the deployment phase when the new platform is prepped, tested, and initial software loaded, the platform registers itself with the CSP's infrastructure.

　　The Quoting Enclave retrieves the encrypted PPID from the PCE, A software agent delivers the PPID, CPUSVNs and PCEID to a CSP-owned Inventory Management Service (IMS). The IMS can be a self-sufficient service or just a logical set of functions and databases that are part of larger, possibly pre-existing infrastructure. The IMS's role is track Intel SGX attestation identities and retrieve PCK certificates for the Attestation Service.

　　The Encrypted PPID is provided to the IMS to enable the service to identify the platform when requesting PCK certificates from intel. This only has to be collected once during deployment since the PPID remains constant for the lifetime of the platform.

　　Once registered, the platform then continues through deployment process.

　　在部署階段，準(zhǔn)備，測(cè)試新平臺(tái)并加載初始軟件時(shí)，該平臺(tái)會(huì)在CSP的基礎(chǔ)架構(gòu)中注冊(cè)自己。

　　Quoting Enclave從PCE檢索加密的PPID，軟件代理將PPID，CPUSVN和PCEID傳遞給CSP擁有的庫(kù)存管理服務(wù)（IMS）。 IMS可以是自給自足的服務(wù)，也可以只是功能和數(shù)據(jù)庫(kù)的邏輯集，而功能和數(shù)據(jù)庫(kù)則是較大的，可能預(yù)先存在的基礎(chǔ)結(jié)構(gòu)的一部分。 IMS的角色是跟蹤英特爾SGX證明身份并為證明服務(wù)檢索PCK證書(shū)。

　　加密的PPID提供給IMS，以使服務(wù)能夠在從英特爾請(qǐng)求PCK證書(shū)時(shí)識(shí)別平臺(tái)。由于PPID在平臺(tái)的生命周期內(nèi)保持不變，因此在部署過(guò)程中只需收集一次。

　　注冊(cè)后，平臺(tái)將繼續(xù)進(jìn)行部署過(guò)程。

5.2 Acquiring PCK Certificates

5.2取得PCK證書(shū)

　　While the platform continues through deployment process, the Inventory Management Service uses an Internet gateway to the Intel DCAP services and requests the PCK certificates for each CSP-owned platform using the interface that retrieves both current and historic certificates for each platform. This provides the Attestation Service with multiple certificates for different TCBs, providing the greatest chance that the service will have an appropriate PCK certificate for whatever attestation software their customer installs in their environment.
　　在平臺(tái)繼續(xù)進(jìn)行部署過(guò)程的同時(shí)，庫(kù)存管理服務(wù)使用Internet網(wǎng)關(guān)訪問(wèn)Intel DCAP服務(wù)，并使用接口檢索每個(gè)平臺(tái)的當(dāng)前和歷史證書(shū)，為每個(gè)CSP擁有的平臺(tái)請(qǐng)求PCK證書(shū)。這為證明服務(wù)提供了針對(duì)不同TCB（Trusted Computing Base）的多個(gè)證書(shū)，從而為客戶在其環(huán)境中安裝的任何證明軟件提供了最大的機(jī)會(huì)，使該服務(wù)具有適當(dāng)?shù)腜CK證書(shū)。

5.3 Certifying Attestation Keys

5.3認(rèn)證密鑰

　　To ensure that PCE certifies the new Attestation Key with a PCK for which a certificate exists, it's recommended that before generating the attestation key, a software agent download the PCK certificate from the Inventory Management Service. The PCK certificate contains the CPUSVN value that corresponds to that PCK. After generating the Attestation key, the Quoting Enclave can specify this value when requesting the PCE to certify the Attestation public key.

　　為確保PCE用已存在證書(shū)的PCK認(rèn)證新的證明密鑰，建議在生成證明密鑰之前，軟件代理從庫(kù)存管理服務(wù)下載PCK證書(shū)。 PCK證書(shū)包含與該P(yáng)CK對(duì)應(yīng)的CPUSVN值。生成證明密鑰后，Quoting Enclave可以在請(qǐng)求PCE認(rèn)證證明公鑰時(shí)指定此值。

5.4 TCB Recovery

5.4 TCB恢復(fù)

　　After an Intel SGX TCB element is updated, the process for establishing a new attestation key depends on what type of element was updated.
　　if a Quoting Enclave was updated, the QE can simply be upgraded and a new attestation key can be generated and certified as described in Section 3.1.2.2. This may not require interaction with the attestation infrastructure.

　　if a CPU-related component, such as microcode updates or the PCE was updated, a new PCK is required for the PCE. When this occurs, in addition to the QE generating a new attestation key, the infrastructure must also acquire new PCK certificates, CRLs and TCB Info structures.

　　The CSP Inventory Service requests updated certificates for all CSP-owned platforms affected. If the inventory service maintains a database of encrypted PPIDs and model information for the CSP's platforms, it will have all the information necessary to request new certificates without any interaction with the platforms.
　　CSPs may choose to continue to use the previous Attestation Keys until all platforms are upgraded and all certificates are downloaded and provided to the CSP Attestation Service. This ensures that the Attestation Services will always have the material needed to verify a Quote and will never need to contact external services in real-time.

　　更新Intel SGX TCB元素后，建立新證明密鑰的過(guò)程取決于更新的元素類型。

　　如果更新了Quoting Enclave，則可以輕松升級(jí)QE，并可以生成新的證明密鑰，并按照第3.1.2.2節(jié)中的說(shuō)明進(jìn)行認(rèn)證。這可能不需要與證明基礎(chǔ)結(jié)構(gòu)進(jìn)行交互。

　　如果與CPU相關(guān)的組件（例如微代碼更新或PCE已更新），則PCE需要新的PCK。發(fā)生這種情況時(shí)，除了QE會(huì)生成新的證明密鑰外，基礎(chǔ)架構(gòu)還必須獲取新的PCK證書(shū)，CRL和TCB Info結(jié)構(gòu)。

　　CSP清單服務(wù)為受影響的所有CSP擁有的平臺(tái)請(qǐng)求更新的證書(shū)。如果清單服務(wù)維護(hù)了用于CSP平臺(tái)的加密PPID和模型信息的數(shù)據(jù)庫(kù)，則它將具有請(qǐng)求新證書(shū)所需的所有信息，而無(wú)需與平臺(tái)進(jìn)行任何交互。
　　CSP可以選擇繼續(xù)使用以前的證明密鑰，直到升級(jí)所有平臺(tái)并下載所有證書(shū)并將其提供給CSP證明服務(wù)為止。這樣可以確保證明服務(wù)始終具有核實(shí)報(bào)價(jià)所需的材料，并且永遠(yuǎn)不需要實(shí)時(shí)聯(lián)系外部服務(wù)。

K8s support

目前demo提供的是DCAP

terminology

Attenstation 展示一個(gè)可執(zhí)行的軟件在一個(gè)平臺(tái)上被正確實(shí)例化的過(guò)程。

總結(jié)

以上是生活随笔為你收集整理的intel DCAP的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。