top | item 44919339

(no title)

MagicalTux | 6 months ago

Similar to TLS, the attestation includes a signature and a x509 certificate with a chain of trust to Intel's CA. The whole attestation is certified by Intel to be valid and details such as the enclave fingerprint (MRENCLAVE) are generated by the CPU to be part of the attestation.

This whole process is already widely used in financial and automotive sectors to ensure servers are indeed running what they claim to be running, and well documented.

discuss

kachapopopow|6 months ago

Remember that this only works if the cpu can be trusted! The hardware still has to be secure.

stavros|6 months ago

That's very informative, thanks!