Intel® Provisioning Certification Service for ECDSA Attestation

To support the requirements of enterprises, data centers, and cloud service providers, Intel is providing Intel® SGX Data Center Attestation Primitives (Intel® SGX DCAP) as an open source project to allow customers to build their own ECDSA attestation service. To support ECDSA attestation, Intel provides the provisioning certification service with APIs for retrieving provisioning certificates, revocation lists, and trusted computing base (TCB) information for a SGX-enabled enclave.

The Intel® SGX Services Terms of Use govern your use of these Services except where we expressly state that separate terms (and not these) apply. By using our services, you are agreeing to these terms. Make sure you read them carefully.

Please note that only Intel® Xeon® E Processor based servers with SGX Flexible Launch Control feature enabled in BIOS currently support on-premise ECDSA attestation. Contact your platform vendor if you have questions regarding support of this feature.

Get PCK Certificate/s

API Documentation

PCK Certification and CRL Specification

Two APIs that retrieve X.509 Provisioning Certification Key (PCK) certificates for a specific SGX-enabled platform. One API will retrieve the PCK certificate for a specified TCB level while the other will retrieve all certificates for all TCB levels listed in the current TCBInfo structure for the platform's family of processors. A subscription is required to utilize these APIs.

Get PCK Revocation Lists

API Documentation

PCK Certification and CRL Specification

Retrieve X.509 Certificate Revocation List (CRL) of all revoked PCK Certificates. CRL is issued either by Intel SGX Platform Certificate Authority (CA) or Intel SGX Processor CA.

Get TCB Info

API Documentation

Retrieve SGX-specific TCB information for a given processor type.

Get Quoting Enclave Identity

API Documentation

Retrieve identity information for SGX Quoting Enclave issued by Intel.