Intel SGX Attestation Service Utilizing EPID

The Attestation API exposed by the Intel® SGX attestation service is a programming interface for service providers to verify attestation evidence of SGX enabled enclaves. View the Intel SGX EPID API Specification.

Download the Attestation Report Root CA Certificate here:
DER PEM

Intel SGX Provisioning Certification Service for ECDSA Attestation

Get PCK Certificate

Retrieve X.509 SGX Provisioning Certification Key (PCK) certificate for SGX-enabled platform on specified TCB level. Subscription Required

GET https://api.trustedservices.intel.com/sgx/certification/v1/pckcert

Request

Name Type Request Type Required Pattern Description
Ocp-Apim-Subscription-Key String Header True Subscription key which provides access to this API. Found in your Profile.
encrypted_ppid String Query True ^[0-9a-fA-F]{768}$ Base16-encoded PPID ecrypted with PPIDEK (384 bytes, byte array)
cpusvn String Query True ^[0-9a-fA-F]{32}$ Base16-encoded CPUSVN value (16 bytes, byte array)
pcesvn String Query True ^[0-9a-fA-F]{4}$ Base16-encoded PCESVN value (2 bytes, little endian)
pceid String Query True ^[0-9a-fA-F]{4}$ Base16-encoded PCE-ID value (2 bytes, little endian)
Example Request
curl -v -X GET "https://api.trustedservices.intel.com/sgx/certification/v1/pckcert?encrypted_ppid={}&cpusvn={}&pcesvn={}&pceid={}" -H "Ocp-Apim-Subscription-Key: {subscription key}"

Response

Model

PckCert (x-pem-file) - PEM-encoded representation of SGX PCK Certificate in case of success (200 HTTP status code)

Example Response
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
					
Status Codes
Code Model Headers Description
200 PckCert

Content-Type - application/x-pem-file

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

SGX-PCK-Certificate-Issuer-Chain - Issuer Certificate chain for SGX PCK Certificate. It consists of SGX Root CA Certificate and SGX Intermediate CA Certificate (Processor CA).

SGX-TCBm - Hex-encoded string representation of concatenation of CPUSVN (16 bytes) and PCESVN (2 bytes) as returned in corresponding SGX PCK Certificate

Operation successful
400

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Invalid request parameters.
401

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Failed to authenticate or authorize the request
404

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

PCK Certificate for provided {ppid}, {cpusvn}, {pcesvn} and {pceid} cannot be found.
500

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Internal server error occurred
503

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Server is currently unable to process the request

Get PCK Certificates

Retrieve X.509 SGX Provisioning Certification Key (PCK) certificates for SGX-enabled platform for all configured TCB levels. Subscription Required

GET https://api.trustedservices.intel.com/sgx/certification/v1/pckcerts

Request

Name Type Request Type Required Pattern Description
Ocp-Apim-Subscription-Key String Header True Subscription key which provides access to this API. Found in your Profile.
encrypted_ppid String Query True ^[0-9a-fA-F]{768}$ Base16-encoded PPID ecrypted with PPIDEK (384 bytes, byte array)
pceid String Query True ^[0-9a-fA-F]{4}$ Base16-encoded PCE-ID value (2 bytes, little endian)
Example Request
curl -v -X GET "https://api.trustedservices.intel.com/sgx/certification/v1/pckcerts?encrypted_ppid={}&pceid={}" -H "Ocp-Apim-Subscription-Key: {subscription key}"

Response

Model

PckCerts (JSON) - Array of data structures consisting of tcb, tcbm and certificate encoded as JSON string in case of success (200 HTTP status code)

PckCerts:
        type: array
        description: >-
            Array of data structures consisting of tcb, tcbm and certificate
            encoded as JSON string in case of success (200 HTTP status code)
        items:
            type: object
            properties:
                tcb:
                    type: object
                    properties:
                        sgxtcbcomp01svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp02svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp03svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp04svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp05svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp06svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp07svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp08svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp09svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp10svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp11svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp12svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp13svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp14svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp15svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        sgxtcbcomp16svn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 255
                        pcesvn:
                            type: integer
                            example: 0
                            minimum: 0
                            maximum: 65535
                tcbm:
                    type: string
                    description: >-
                        Hex-encoded string representation of concatenation of
                        CPUSVN (16 bytes) and PCESVN (2 bytes) as returned in
                        corresponding SGX PCK Certificate
                    pattern: '^[0-9a-fA-F]{36}$'
                    example: '000000000000000000000000000000000000'
                cert:
                    type: string
                        
Example Response
[
   {
      "tcb":{
         "sgxtcbcomp01svn":0,
         "sgxtcbcomp02svn":0,
         "sgxtcbcomp03svn":0,
         "sgxtcbcomp04svn":0,
         "sgxtcbcomp05svn":0,
         "sgxtcbcomp06svn":0,
         "sgxtcbcomp07svn":0,
         "sgxtcbcomp08svn":0,
         "sgxtcbcomp09svn":0,
         "sgxtcbcomp10svn":0,
         "sgxtcbcomp11svn":0,
         "sgxtcbcomp12svn":0,
         "sgxtcbcomp13svn":0,
         "sgxtcbcomp14svn":0,
         "sgxtcbcomp15svn":0,
         "sgxtcbcomp16svn":0,
         "pcesvn":0
      },
      "tcbm":"000000000000000000000000000000000000",
      "cert":"string"
   }
]
					
Status Codes
Code Model Headers Description
200 PckCerts

Content-Type - application/json

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

SGX-PCK-Certificate-Issuer-Chain - Issuer Certificate chain for SGX PCK Certificates. It consists of SGX Root CA Certificate and SGX Intermediate CA Certificate (Processor CA).

Operation successful.
400

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Invalid request parameters.
401

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Failed to authenticate or authorize the request
404

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

No PCK Certificate for provided {ppid} and {pceid} cannot be found.
500

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Internal server error occurred
503

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Server is currently unable to process the request

Get Revocation List

Retrieve X.509 Certificate Revocation List with revoked SGX PCK Certificates. CRL is issued either by Intel SGX Platform CA or by Intel SGX Processor CA

GET https://api.trustedservices.intel.com/sgx/certification/v1/pckcrl

Request

Name Type Request Type Required Pattern Description
ca String Query True Enum: processor

Identifier of the CA that issued the requested CRL Allowed value is “processor” indicates CRL issued by Intel SGX Processor CA

Example Request
curl -v -X GET "https://api.trustedservices.intel.com/sgx/certification/v1/pckcrl?ca={}"

Response

Model

PckCrl (x-pem-file) - PEM-encoded representation SGX Processor CA CRL in case of success (200 HTTP status code)

-----BEGIN X509 CRL-----
...
-----END X509 CRL-----

                        
Status Codes
Code Model Headers Description
200 PckCrl

Content-Type - application/x-pem-file

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

SGX-PCK-CRL-Issuer-Chain - Issuer Certificate chain for SGX PCK CRL. It consists of SGX Root CA Certificate and SGX Intermediate CA Certificate (Processor CA).

Operation successful.
400

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Invalid request parameters.
500

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Internal server error occurred
503

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Server is currently unable to process the request

Get TCB Info

Retrieve SGX TCB information for given FMSPC

Determining the status of a TCB level for a given platform needs to be done using TCB information according to the following algorithm:

  1. Retrieve FMSPC value from SGX PCK Certificate assigned to a given platform.
  2. Retrieve TCB Info matching the FMSPC value.
  3. Go over the sorted collection of TCB Levels retrieved from TCB Info starting from the first item on the list:
    1. Compare all of the SGX TCB Comp SVNs retrieved from the SGX PCK Certificate (from 01 to 16) with the corresponding values in the TCB Level. If all SGX TCB Comp SVNs in the certificate are greater or equal to the corresponding values in TCB Level, go to 3.b, otherwise move to the next item on TCB Levels list.
    2. Compare PCESVN value retrieved from the SGX PCK certificate with the corresponding value in the TCB Level. If it is greater or equal to the value in TCB Level, read status assigned to this TCB level. Otherwise, move to the next item on TCB Levels list.
  4. If no TCB level matches your SGX PCK Certificate, your TCB Level is not supported.

GET https://api.trustedservices.intel.com/sgx/certification/v1/tcb

Request

Name Type Request Type Required Pattern Description
fmspc String Query True ^[0-9a-fA-F]{12} Base16-encoded FMSPC value (6 bytes, byte array)
Example Request
curl -v -X GET "https://api.trustedservices.intel.com/sgx/certification/v1/tcb?fmspc={}"

Response

Model

TcbInfo (JSON) - SGX TCB Info encoded as JSON string in case of success (200 HTTP status code)

TcbInfo:
        type: object
        description: >-
            SGX TCB Info encoded as JSON string in case of success (200 HTTP
            status code)
        properties:
            tcbInfo:
                type: object
                properties:
                    version:
                        type: integer
                        example: 1
                        description: Version of the structure
                    issueDate:
                        type: string
                        format: date-time
                        description: >-
                            Representation of date and time the TCB information
                            was created. The time shall be in UTC and the
                            encoding shall be compliant to ISO 8601 standard
                            (YYYY-MM-DDThh:mm:ssZ)
                    nextUpdate:
                        type: string
                        format: date-time
                        description: >-
                            Representation of date and time by which next TCB
                            information will be issued. The time shall be in UTC
                            and the encoding shall be compliant to ISO 8601
                            standard (YYYY-MM-DDThh:mm:ssZ)
                    fmspc:
                        type: string
                        pattern: '^[0-9a-fA-F]{12}$'
                        example: '000000000000'
                        description: >-
                            Base 16-encoded string representation of FMSPC
                            (Family-Model-Stepping-Platform-CustomSKU)
                    pceId:
                        type: string
                        pattern: '^[0-9a-fA-F]{4}$'
                        example: '0000'
                        description: >-
                            Base 16-encoded string representation of PCE
                            identifier
                    tcbLevels:
                        type: array
                        description: >-
                            Sorted list of supported TCB levels for given FMSPC
                            encoded as a JSON array of TCB level objects
                        items:
                            type: object
                            properties:
                                tcb:
                                    type: object
                                    properties:
                                        sgxtcbcomp01svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp02svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp03svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp04svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp05svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp06svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp07svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp08svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp09svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp10svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp11svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp12svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp13svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp14svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp15svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        sgxtcbcomp16svn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 255
                                        pcesvn:
                                            type: integer
                                            example: 0
                                            minimum: 0
                                            maximum: 65535
                                status:
                                    type: string
                                    description: TCB level status
            signature:
                type: string
                description: Base 16-encoded string representation of signature calculated over tcbInfo
                             body without whitespaces using TCB Signing Key
                             i.e:
                             {"version":1,"issueDate":"2018-08-30T11:18:04.466Z","nextUpdate":"2018-08-30T11:18:04.466Z",...}
                        
Example Response
{
    "tcbInfo": {
        "version": 1,
        "issueDate": "2018-11-16T09:43:55Z",
        "nextUpdate": "2018-12-16T09:43:55Z",
        "fmspc": "000000000000",
        "pceId": "0000",
        "tcbLevels": [
            {
                "tcb": {
                    "sgxtcbcomp01svn": 0,
                    "sgxtcbcomp02svn": 0,
                    "sgxtcbcomp03svn": 0,
                    "sgxtcbcomp04svn": 0,
                    "sgxtcbcomp05svn": 0,
                    "sgxtcbcomp06svn": 0,
                    "sgxtcbcomp07svn": 0,
                    "sgxtcbcomp08svn": 0,
                    "sgxtcbcomp09svn": 0,
                    "sgxtcbcomp10svn": 0,
                    "sgxtcbcomp11svn": 0,
                    "sgxtcbcomp12svn": 0,
                    "sgxtcbcomp13svn": 0,
                    "sgxtcbcomp14svn": 0,
                    "sgxtcbcomp15svn": 0,
                    "sgxtcbcomp16svn": 0,
                    "pcesvn": 0
                },
                "status": "UpToDate"
            }
        ]
    },
    "signature": "30e068833d1589e1d39aeeb73bbd81b45f9a900f7f90a0d3bf2f5f2569feb80059ea94baf43c333f4117cf4e064a8b45c068d4416ca5954dcd11351446fb118b"
}
				   
Status Codes
Code Model Headers Description
200 TcbInfo

Content-Type - application/json

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

SGX-TCB-Info-Issuer-Chain - Issuer Certificate chain for SGX TCB Info. It consists of SGX Root CA Certificate and SGX TCB Signing Certificate.

Operation successful.
400

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Invalid request parameters.
404

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

TCB information for provided {fmspc} cannot be found.
500

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Internal server error occurred
503

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Server is currently unable to process the request

Get Quoting Enclave Identity

Retrieve Quote Identity information for Quoting Enclave issued by Intel.

GET https://api.trustedservices.intel.com/sgx/certification/v1/qe/identity

Request

No parameters

Example Request
curl -v -X GET "https://api.trustedservices.intel.com/sgx/certification/v1/qe/identity"

Response

Model

QEIdentity (JSON) - QE Identity data structure encoded as JSON string in case of success (200 HTTP status code)

QEIdentity:
type: object
description: >-
QE Identity data structure encoded as JSON string in case of success
(200 HTTP status code)
properties:
qeIdentity:
  type: object
  properties:
      version:
          type: integer
          example: 1
          description: Version of the structure
      issueDate:
          type: string
          format: date-time
          description: >-
              Representation of date and time the QE Identity
              information was created. The time shall be in UTC
              and the encoding shall be compliant to ISO 8601
              standard (YYYY-MM-DDThh:mm:ssZ)
      nextUpdate:
          type: string
          format: date-time
          description: >-
              Representation of date and time by which next QE
              identity information will be issued. The time shall
              be in UTC and the encoding shall be compliant to ISO
              8601 standard (YYYY-MM-DDThh:mm:ssZ)
      miscselect:
          type: string
          pattern: '^[0-9a-fA-F]{8}$'
          example: '00000000'
          description: >-
              Base 16-encoded string representing miscselect
              "golden" value (upon applying mask).
      miscselectMask:
          type: string
          pattern: '^[0-9a-fA-F]{8}$'
          example: '00000000'
          description: >-
              Base 16-encoded string representing mask to be
              applied to miscselect value retrieved from the
              platform.
      attributes:
          type: string
          pattern: '^[0-9a-fA-F]{32}$'
          example: '00000000000000000000000000000000'
          description: >-
              Base 16-encoded string representing attributes
              "golden" value (upon applying mask).
      attributesMask:
          type: string
          pattern: '^[0-9a-fA-F]{32}$'
          example: '00000000000000000000000000000000'
          description: >-
              Base 16-encoded string representing mask to be
              applied to attributes value retrieved from the
              platform.
      mrsigner:
          type: string
          pattern: '^[0-9a-fA-F]{64}$'
          example: >-
              0000000000000000000000000000000000000000000000000000000000000000
          description: Base 16-encoded string representing mrsigner hash.
      isvprodid:
          type: integer
          example: 0
          minimum: 0
          maximum: 65535
          description: Enclave Product ID.
      isvsvn:
          type: integer
          example: 0
          minimum: 0
          maximum: 65535
          description: Minimum ISV SVN.
signature:
  type: string
  description: Hex-encoded string representation of a signature calculated over qeIdentity
               body without whitespaces using TCB Info Signing Key.
               i.e:
               {"version":1,"issueDate":"2018-08-30T11:18:04.466Z","nextUpdate":"2018-08-30T11:18:04.466Z",...}
          
Example Response
{
    "qeIdentity": {
        "version": 1,
        "issueDate": "2018-11-16T09:40:51Z",
        "nextUpdate": "2018-12-16T09:40:51Z",
        "miscselect": "00000000",
        "miscselectMask": "FFFFFFFF",
        "attributes": "11000000000000000000000000000000",
        "attributesMask": "FBFFFFFFFFFFFFFF0000000000000000",
        "mrsigner": "8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C57BFF",
        "isvprodid": 1,
        "isvsvn": 1
    },
    "signature": "9c683e6842b1cdd827003d38ef821a0414a8174501190592fc1c59af300073f652b921d8f70ea07d91c719f4dcc9a8549d4dcbd8f410b7c8288a0ebb98eb9fa8"
}
     
Status Codes
Code Model Headers Description
200 QEIdentity(String)

Content-Type - application/json

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

SGX-QE-Identity-Issuer-Chain - Issuer Certificate chain for SGX QE Identity. It consists of SGX Root CA Certificate and SGX TCB Signing Certificate.

Operation successful.
400

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Invalid request parameters.
404

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

QE Identity information cannot be found.
500

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Internal server error occurred
503

Request-ID(String) - Randomly generated identifier for each request (for troubleshooting purposes)

Server is currently unable to process the request

PCK Certificate and CRL Specification

This document specifies the hierarchy and format of X.509 v3 certificates and X.509 v2 Certificate Revocation Lists (CRLs) issued by Intel for Provisioning Certification Keys.