[qznc]

Essentially, the CPU has a private key. Using the corresponding public key you can send code to the CPU to execute and the CPU prevents even the OS from looking at the decrypted code. You can also check the signature of the CPU against a public Intel key to verify it is indeed an Intel CPU you are sending code to.

[rjromero]

Ah I see. I'm seeing that you have 2 128-bit private keys on the enclave, one known to Intel and what that is not.

Can you not use the one not known to intel to do your own code signing against another client with ECDH? Why does it seem like they are pushing this "Intel Attestation" service? Wouldn't that cause Intel servers to be a single POF incase they aren't around to give a proper reply for the attestation request? (Imagine 100,000 nodes on the network all running smart contracts, or perhaps 10 years down the line they discontinue the service.)

[mike_hearn]

IAS isn't technically a requirement of SGX. But if you want the ability to revoke hardware that is found to be compromised, someone needs to have that list and check against it.

I believe the plan is for IAS to be optional in future. It might already be, but then you have to implement the signature checking logic yourself. EPID is quite a complex signature scheme and you'd also need to find out from Intel which microcode/platform versions are revoked, etc. So IAS is more of a convenience than anything else.