Can I launch a SGX enclave without Internet?

Question

I'm currently trying to use intel's privacy computing technology in the medical field. I want to build some enclaves in our data center. But the data center is not connected to the internet, that makes the remote attestation process seemingly unfeasible. If I need to build Enclave inside the data center, what is the feasible solution to get my enclave attested. Or is it possible to generate reports and quotes without internet access?

Another question I have is whether it is possible to have an enclave pre-attested and get a proof (or certificate). After that all user requests can be made directly based on the previous proof without having to do a remote attestation every time before interacting with the enclave.

Answer 1

1. Yes, you can generate and verify SGX quotes without internet access

In a datacenter that is not connected to the internet, you can still perform remote attestation using Intel's Data Center Attestation Primitives (DCAP).

Essentially, rather than reaching out to the internet for the Intel Attestation Service (IAS), the enclave can be configured to use a caching service, which is located in the same data center. Intel provides a reference caching service called Provisioning Certification Caching Service (PCCS) and various libraries.

See https://www.intel.com/content/www/us/en/developer/articles/guide/intel-software-guard-extensions-data-center-attestation-primitives-quick-install-guide.html for an intro and quick install guide for DCAP. In your case, since there is no internet access, you will need to use OFFLINE caching fill mode:

In this method of filling the cache, the caching service will not have access to the Intel hosted PCS service on the internet. It will create a platform database entry to save platform registration information sent by PCK Cert ID retrieval tool. It will provide an interface to allow an administration tool to retrieve the contents of the registration queue. The administrator tool will run on a platform that does have access to the internet. It can fetch platform collaterals from Intel PCS and send them to the caching service. The tool can be found at SGXDataCenterAttestationPrimitives/tools/PccsAdminTool

(from https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/main/QuoteGeneration/pccs/README.md#caching-fill-mode)

2. Yes, you can do "pre-attestation", if your users trust the "proof"

In RFC 9334: Remote ATtestation procedureS (RATS) Architecture, this is called a "passport" model.

For example, a verifier service could check the SGX attestation. After successful verification, it issues a token or certificate to the enclave. The enclave presents the token or certificate to the user ("Relying Party" in RATS), so the user checks the token/certificate and not the SGX attestation quote itself. This requires that the user trusts the verifier service that issues the token/certificate, since a malicious verifier could issue a token/certificate even if the application is not running in an enclave.

Some examples of passport-style verification services are Intel Trust Authority and Microsoft Azure Attestation. Since these are SaaS offerings, you would need an internet connection to use them.

The Anjuna Policy Manager could also be used in a datacenter environment without internet access, if combined with DCAP.