Intel® Provisioning Certification Service for ECDSA Attestation
To support the requirements of enterprises, data centers, and cloud service providers, Intel is providing Intel® SGX Data Center Attestation Primitives (Intel® SGX DCAP) as an open source project to allow customers to build their own ECDSA attestation service. To support ECDSA attestation, Intel provides the provisioning certification service with APIs for retrieving provisioning certificates, revocation lists, and trusted computing base (TCB) information for a SGX-enabled enclave.
The Intel® SGX Services and Intel® TDX Services Terms of Use govern your use of these Services except where we expressly state that separate terms (and not these) apply. By using our services, you are agreeing to these terms. Make sure you read them carefully.
ECDSA attestation is currently supported on all Intel products with Intel® TDX, as well as a subset of products with Intel® SGX (details on this site).
Intel, the Intel logo and Xeon are trademarks of Intel Corporation or its subsidiaries.
Get PCK Certificate/s
PCK Certification and CRL Specification
Two APIs that retrieve X.509 Provisioning Certification Key (PCK) certificates for a specific SGX-enabled platform. One API will retrieve the PCK certificate for a specified TCB level while the other will retrieve all certificates for all TCB levels listed in the current TCBInfo structure for the platform's family of processors. A subscription is required to utilize these API
Get PCK Revocation Lists
PCK Certification and CRL Specification
Retrieve X.509 Certificate Revocation List (CRL) of all revoked PCK Certificates. CRL is issued either by Intel SGX Platform Certificate Authority (CA) or Intel SGX Processor CA.
Get TCB Info
Retrieve SGX-specific TCB information for a given processor type.
Get Quote Verification Enclave Identity
Retrieve identity information for SGX Quote Verification Enclave issued by Intel.
Get Quoting Enclave Identity
Retrieve identity information for SGX Quoting Enclave issued by Intel.