https://twitter.com/qrs/status/710210452953894912
Intel has a new document available on SGX, discussing EPID Provisioning and Attestation Services:
Intel SGX: EPID Provisioning and Attestation Services
One of the critical features of Intel SGX is the ability to attest that an enclave was successfully established on an SGX enabled platform. Our Attestation and Sealing Whitepaper from 2013 on the subject gives a high level overview of the attestation process, however it did not cover how the attestation key was delivered to the platform. In order to explain this process and the services that Intel has developed to support EPID provisioning, and the subsequent verification of EPID attestations, for SGX we have written a companion whitepaper. EPID provisioning takes place through enclaves that are provided as part of the SGX SDK and distributed along with SGX applications. The attestation service is available to all SGX developers. For developers that have built their enclaves and are ready to access the Intel Attestation Verification Service referenced in the paper, please contact intel.developer.services@intel.com for additional information.
Click to access 2016%20WW10%20sgx%20provisioning%20and%20attesatation%20final.pdf
Firmware Security 