Binding Intel SGX Root-of-Trust to PKI to Establish High-Performant Trusted Channel Between Enclaves

Intel provided a reference protocol for embedding Intel SGX attestation in the X.509 certificate to establish a TLS-based trusted channel named RA-TLS. This protocol does not use the Public Key Infrastructure (PKI) architecture of the X.509 certificate; instead, it relies solely on attestation quote verification to verify the binding between X.509 certificate to the Intel SGX root-of-trust. It may not always be desirable, as quote verification is relatively more expensive compared to certificate chain verification with PKI in place. Moreover, Intel reference implementation for DCAP requires additional infrastructure, including Provisioning Certificate Caching Services (PCCS), which the Intel DCAP reference implementation is tightly coupled with.

In this talk, we present TC4SE, previously published in the Information Security Conference 2023, which proposed a mechanism to bind SGX root-of-trust primitives with PKI root-of-trust to establish trusted channel. We also present some alternative mechanisms to eliminate the dependency on the web-based PCCS server when developing an Intel SGX application that requires quote generation and verification.