Design Decision: CPU certification method

Background / Context

Remote attestation is done in two main steps.

  1. Certification of the CPU. This boils down to some kind of Intel signature over a key that only a specific enclave has access to.
  2. Using the certified key to sign business logic specific enclave quotes and providing the full chain of trust to challengers.

This design question concerns the way we can manage a certification key. A more detailed description is here

Options Analysis

B. Use Intel’s protocol to bootstrap our own certificate

This involves using Intel’s current attestation protocol to have Intel sign over our own certifying enclave’s certificate that derives its certification key using the sealing fuse values.


  1. Certifying key not reproducible by Intel
  2. Allows for our own CPU enrollment process, should we need one
  3. Infrequent round trips to Intel infrastructure (only needed once per microcode update)


  1. Still uses the EPID protocol

Recommendation and justification

Proceed with Option B. This is the most readily available and flexible option.