Intel Attestation Service Version 4 Advisory

Intel Attestation Service Version 4 (IAS V4)

Intel has announced that the attestation service will soon use the new version of the API (IAS V4). For uninterrupted service, all customers who use Fortanix DSM on SGX must upgrade their DSM clusters to the latest version. The older version of Fortanix DSM that uses the IAS V3 API will be discontinued by the end of July 2023. With Fortanix DSM version 4.16, support for the new version of the Intel Attestation Service API was added. This support has also been added to the Fortanix DSM version 4.13 patch.

Affected Customers

All customers who are using an older version of Fortanix DSM on SGX (less than version 4.8) with attestation enabled.

Impact

After July 31^st, 2023, an upgrade will not be possible for all versions of Fortanix DSM lower than 4.8 with attestation enabled.

Upgrade Matrix

Frequently Asked Questions

1. What will happen if I do not upgrade the DSM cluster version above 4.8?

Your cluster will continue to run fine. However, you will find the issues listed below.

• After the cut-off date of July 31st, 2023, you will not be able to upgrade it to the latest version.
• You cannot add any new nodes to the cluster.
• In case of any failures related to attestation, Fortanix will not be able to support it.

2. I have a cluster running with Fortanix DSM version above 4.8 but not 4.16. Will there be any impact on the cluster?

There will not be any impact on the cluster. The upgrade will be possible to the latest version that supports IAS V4. However, you will not be able to add any new nodes to the cluster because your existing cluster is using IAS proxy v3, which will fail after the cutover date. If you have any cold standby nodes that were already added to the cluster, you will be able to add those nodes to the cluster.

Fortanix strongly recommends upgrading all older versions of Fortanix DSM to the latest version to operate smoothly.