Flexible Launch Control
fleeting- External reference: https://software.intel.com/content/www/us/en/develop/blogs/an-update-on-3rd-party-attestation.html
An update on 3rd Party Attestation
What is Flexible Launch Control?
The Intel SGX DCAP primitives require a new feature called Flexible Launch Control, which allows the platform owner, versus Intel, to control which enclaves are launched. This includes which enclaves are granted access to the Platform Provisioning Identifier (PPID) used with the Certificate Retrieval Service. The enclave requesting access to the PPID can be signed by the attestation service provider. One of the purposes of the Launch Enclave is to prevent abuse of the PPID in privacy sensitive environments.
Building an attestation service requires integration with the operating system, and we are working with the Linux Kernel community to get this up-streamed as soon as possible. Note that you are not required to build your own Quoting Enclave.
— https://software.intel.com/content/www/us/en/develop/blogs/an-update-on-3rd-party-attestation.html
Notes linking here
- common sgx installation issues
- find out whether your hardware can play with sgx
- Intel SGX Explained
- sgx out-of-tree driver
- sgx SDK