Skip to content

README.md

Latest commit

 

History

History
40 lines (26 loc) · 2.65 KB

README.md

File metadata and controls

40 lines (26 loc) · 2.65 KB

Intel® Trust Authority Java Client for Intel TDX

com.intel.trustauthority.tdx

The Intel Trust Authority adapter for Intel TDX clients allows a confidential computing client (the attester) written in Java to collect a quote from an Intel TDX trust domain (TD), which is forwarded to Intel Trust Authority for verification/attestation. This adapter allows applications written in Java to leverage Intel SGX DCAP. The Intel TDX adapter imports the Intel Trust Authority Java Connector (com.intel.trustauthority.connector).

The Intel TDX adapter takes care of calling the Intel DCAP functions, generating a TDREPORT, and formatting a quote for attestation (verification) by Intel Trust Authority. Optionally, an attester can include userData with the evidence collected from Intel SGX DCAP, and then a SHA512 hash of the nonce + original user data (if any) is output in the attestation token. The original userData output to the attestation token is limited to 64 bytes, and it's commonly used to pass an encryption key or a hash to the relying party.

For more information, see Java Client Integration in the Intel Trust Authority documentation.

System Requirements

Usage

The Intel TDX adapter has two main functions:

  • TdxAdapter() — Instantiates a new TDX adapter.
  • collectEvidence() — Invokes Intel SGX DCAP and event log parser to collect evidence for a quote from the TD.

The following code fragments are from the Intel TDX example application.

import com.intel.trustauthority.tdx.TdxAdapter;
import com.intel.trustauthority.connector.Evidence;

// Create the TdxAdapter object
TdxAdapter tdxAdapter = new TdxAdapter(userData);

// Collect the Tdx quote
Evidence evidence = tdxAdapter.collectEvidence(nonce);

License

This source is distributed under the BSD-style license found in the LICENSE file.