[robododo]

Does this all hinge on EPID? So will cloud workloads have to phone home to Intel for assertions to be satisfied?

My question is built on the presumption that SGX is the only real TEE available right now.

Also, how is Google dealing with PRM/EPC memory limitations of SGX?

[bluegate010]

Asylo is not tied to EPID; the framework aims to abstract away any unique behavior specific to TEE implementations, and provide a common backend interface that developers can code against. The goal is to allow developers to easily migrate their apps between backends with little to no source-code changes.

Specifically for attestation purposes, Asylo defines the EnclaveAssertionGenerator[1] and EnclaveAssertionVerifier[2] interfaces; these will need technology-specific implementations.

In this initial release we only support a simulated backend, for experimental development. We'll continue looking into specific TEE technologies going forward.

[1] https://github.com/google/asylo/blob/master/asylo/identity/e...

[2] https://github.com/google/asylo/blob/master/asylo/identity/e...