The Intel® SGX Architectural Enclave Service Manager (AESM) is a system component of Intel® SGX that enclave applications depend on for remote attestation, key provisioning, and launch support. In ACK Trusted Execution Environment (TEE), AESM runs as a DaemonSet.
Introduction
AESM provides the following services:
-
Launch support: authorizes enclave launch on the node
-
Key provisioning: retrieves platform-specific cryptographic keys
-
Remote attestation: generates quotes that verifying parties can use to confirm enclave integrity
Usage notes
AESM is installed by default. No additional configuration is required.
Release notes
April 2021
| Version | Image address | Modification Time | Changes | Impact |
|---|---|---|---|---|
2.13.100.4-bionic1-d83e54d-aliyun |
registry.cn-hangzhou.aliyuncs.com/acs/aesm:2.13.100.4-bionic1-d83e54d-aliyun |
2021-04-30 | Added the Intel® SGX AESM component, enabling launch support, key provisioning, and remote attestation for SGX enclaves on ACK nodes. | This upgrade will not disrupt your services. |