|
|
|
|
|
|
by mike_hearn
3111 days ago
|
|
|
IAS isn't technically a requirement of SGX. But if you want the ability to revoke hardware that is found to be compromised, someone needs to have that list and check against it. I believe the plan is for IAS to be optional in future. It might already be, but then you have to implement the signature checking logic yourself. EPID is quite a complex signature scheme and you'd also need to find out from Intel which microcode/platform versions are revoked, etc. So IAS is more of a convenience than anything else. |
|
|