Introduction¶
This document describes software architecture for the Intel® SGX and Intel® TDX Provisioning Certificate Caching Service (PCCS) delivered as part of Intel® SGX and Intel® TDX Data Center Attestation Primitives (DCAP) in order to support third party attestation model in a data center environment.
Terminology¶
| Term | Description |
| PCCS | Intel® SGX and Intel® TDX Provisioning Certificate Caching Service. |
| PCS | Intel® SGX and Intel® TDX Provisioning Certification Service. |
| Intel® SGX Quote | Data structure used to provide proof to an off-platform entity that the application's enclave is running with SGX protections on a trusted SGX-enabled platform. |
| Quoting Enclave (QE) | An enclave generally signed by Intel, which is used sign and issue Quotes/attestations about other enclaves. |
| Elliptic Curve Digital Signature Algorithm (ECDSA) | Signing cryptographic algorithm as described in FIPS 186-4. |
| Provisioning Certification Enclave (PCE) | An architectural enclave that has to be signed by Intel, because only Intel-signed enclaves can access the Provisioning Certification Key (PCK). This enclave uses the PCK to sign QE Report structures for Provisioning or Quoting Enclaves. These signed REPORTS contain ReportData that indicates that attestation keys or provisioning protocol messages were created on genuine hardware. |
| Provisioning Certification Key (PCK) | Signing key available to the Provisioning Certification Enclave for signing certificate-like QE Report structures. The key is unique to the processor package or the platform instance, the HW TCB, and the PCE version (PSVN). |
| Provisioning Certification Key Certificate (PCK Certificate) | The x.509 Certificate chain signed and distributed by Intel for every SGX-enabled platform. Quote verifiers use this cert to verify that the QE-generated quotes are valid and running on a trusted SGX platform at a particular PSVN. It matches the private key generated by the PCE. |
| Platform Provisioning ID (PPID) | Provisioning ID for the processor package or the platform instance. PPID is not TCB-dependent. |
| Security Version Number (SVN) | Version number that indicates when the relevant security updates have occurred. New versions can have increased functional versions without incrementing the SVN. |
| Intel® SGX Provisioning TCB | Trusted Computing Base of Intel® SGX provisioning that includes the platform HW TCB and the PCE SVN. |
| PCEID | Identifies the version of the PCE used to generate the PPID and the PCK signing key. The length of PCEID is 2 bytes. |
| QEID | The unique ID of an SGX platform which is generated by ID Enlave. The size of QEID is 16 bytes. |
| CPUSVN | CPU security version number. The size of CPUSVN is 16 bytes. |
| PCESVN | The security version number of PCE enclave. The size of PCESVN is 2 bytes. |
| Encrypted_PPID | PPID encrypted with PPIDEK. The size of Encrypted_PPID is 384 bytes. |
| FMSPC | Description of the processor package or platform instance including its. Family, Model, Stepping, Platform Type, and Customized SKU. The size of FMSPC is 6 bytes. |
Table 1. Terminology